Possible culprit: Ancient code running in production. A vuln ‘would not be terribly surprising’ says maintainer

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted – blaming a user database leak rather than a problem with the server itself.…