Security

Articles about Security by Sebastian Bergmann

A heavy steel chain breaks at its central link in a burst of red-orange sparks, with fragments of binary digits scattering outward against a deep blue, circuit-lit background. A visual metaphor for the supply-chain security failure that workflow hardening is meant to prevent.

May 17, 2026

Hardening GitHub Actions workflows

A walk through the GitHub Actions weaknesses in PHPUnit's workflows, how each one could have been exploited, and what was changed to close them.

A bouncer in a black suit, earpiece in, hand raised in a firm "stop" gesture at the door of a club. Behind him, a queue of hopeful guests waits behind a golden velvet rope. A visual metaphor for a gatekeeper deciding who gets in and who does not.

April 18, 2026

The Bouncer in the Dependency Resolver

Composer 2.9 moved security advisory enforcement from an opt-in third-party package into the resolver itself. This article walks through how the mechanism works, how it relates to the older packages it replaces, and where it can bite you.

The image shows an abstract, futuristic design with a dominant, glowing question mark as its central motif. It emerges from a chaotic, undulating landscape of geometric pixels and voxel-like structures in intense shades of pink, purple and blue. These create depth and dynamism. The chaotic background resembles a seething, digital terrain that symbolises disorder and complexity. The question mark rises stably and questioningly from it – perfect as a visual mood for fuzz testing, where random chaos reveals security.

April 8, 2026

Security through chaos

This practical deep dive into the philosophy behind "security through chaos" shows that security does not come from perfect foresight, but from surviving chaos.

The image shows a yellow diamond-shaped traffic sign with the black inscription "DEAD END". It is located in an urban environment, in front of a building with large windows and metal bars. In the background, there are other buildings with typical metal external staircases, as are often found in some neighbourhoods. The sign indicates that the road ends at this point and that it is not possible to drive through.

November 28, 2022

PHP 7: Security Support Ends. Now what?

Security support for PHP 7 has ended. What does this mean for you?

The image shows a wooden sign with the word "CLOSED" written on it. The sign is photographed at an angle and, thanks to its warm, brownish colouring, blurriness and strong grain, has a particularly atmospheric and nostalgic feel. It is reminiscent of a photograph taken in a small, cosy shop or café at closing time.

February 21, 2020

PHPUnit: A Security Risk?

The long story of a security problem that should not have been one.

Stay up to date

Receive a comprehensive analysis of new PHPUnit features, implementation details, and the strategic considerations behind each improvement via email every two months.

Subscribe now