PHP Security Release – Drupal 7 sites may require action

Sep 2, 21:41 PDT
Resolved – has released version 7.0.23. This release is classified as a security release [1]. Pantheon has deployed this PHP version platform-wide. The release addresses a vulnerability that could allow for arbitrary code execution, MS-ISAC 2017-076 [2].

Drupal 7 sites on PHP 7.0 that haven’t updated core in a few months will encounter a new PHP notice dumped to the screen on non-live environments, which can be fixed by updating to Drupal 7.55 or later, or by applying this patch [3] from issue 2877243 [4]. The notice is suppressed in Live environments.

[1] –

[2] –

[3] –

[4] –