Apparently our PHP package is vulnerable to CVE-2017-11144, CVE-2017-11145, and CVE-2017-11362: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145 This one looks especially bad: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11362 Can someone please take a look at this?