The PHP core Git repository was compromised, and a bad actor pushed two commits that introduced code injection from an HTTP header to the PHP source and impersonated Nikita Popov and Rasmus Lerdorf.
On the PHP internals mailing list, Nikita said, "We don’t yet know how
exactly this happened, but everything points towards a compromise of the
git.php.net server (rather than a compromise of an individual git account)."
#news #php