Pantheon has deployed PHP versions 8.2.9, 8.1.22, and 8.0.30 to customer sites running on the platform.
These releases address vulnerabilities disclosed in CVE-2023-3823 and CVE-2023-3824. Although the PHP group rated these vulnerabilities “high” and “critical”, respectively, it is unlikely that either presented any significant risk to sites running on Pantheon both because of how the fundamentals of our security posture intersect with the details of these vulnerabilities.
Read the full blog post here. If you have any questions for our team, feel free to reply to this topic.