Kévin Dunglas

🚀 FrankenPHP 1.12.3 is out with a nice performance boost!

A refreshed PGO profile delivers a 7–8% throughput bump for baseline HTTP requests right out of the box.

This release also patches a critical security flaw (CVE-2026-45062, CVSS 8.1) via unsafe Unicode handling in CGI path splitting. Upgrading from v1.11.2–v1.12.2 is highly recommended.

Ships with:
• Per-thread max_requests
• Stuck thread force-kill primitive
• SLSA build attestations

Release notes: https://github.com/php/frankenphp/releases/tag/v1.12.3

#PHP

Release v1.12.3 · php/frankenphp

This release fixes CVE-2026-45062 (high, CVSS 8.1): unsafe Unicode handling in CGI path splitting let an attacker have a non-.php file executed as PHP via a crafted URL, in any deployment where att...

GitHub
May 16 at 9:47amWeb