Saturday, July 11, 2026
updated hourly · four languages, one press

php-net.pro · the dev news broadsheet

The Dev Dispatch

PHP · Security

FrankenPHP 1.12.4 – Security & Stability Hardening

FrankenPHP 1.12.4 closes HTTP header spoofing via underscore collision, bundles Caddy 2.11.4 and Mercure 0.24.2 security patches, and fixes worker-mode crashes and data races. The CGI dash-to-underscore mapping allowed attackers to forge headers; Caddy now strips underscores at server layer. All users should upgrade immediately.

Read the original source ↗

AI-generated summary (Heiko) · editorially responsible: J. Fuchs · How we use AI

← back to the front page