HHVM 4.0.1, 3.30.4, and 3.27.7 are released; these issues fix CVE-2019-3552, a potential denial of service if Thrift is used to process untrusted input.