Received this security report. Is/did Dreamhost backport patches, or will DH be updating? What’s the time line?
See security report below.
PHP 7.0.14 has 3 known vulnerabilities
Type: Vulnerability Severity: Medium (6.8)
Below is a list of known vulnerabilities in this version of PHP. Note that the specific binary of PHP running on this server may include backported security fixes that resolve these vulnerabilities. If you aren’t sure, check with your hosting provider.
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/par... - CVE-2017-11145 - Requires upgrading to at least version 7.0.20 Remote Code Execution - CVE-2017-11362 - Requires upgrading to at least version 7.0.20 Denial of Service - CVE-2017-11142 - Requires upgrading to at least version 7.0.16
Vendor URL: https://secure.php.net/