A security update has been released for all supported HHVM versions. Please update to one of the following versions to get the update:

  • 4.128.4
  • 4.148.1
  • 4.149.1
  • 4.150.1
  • 4.151.1
  • 4.153.1
  • 4.154.1

This security update addresses:

  • CVE-2022-27809, HHVM incorrect integer conversion in array_fill leads to uninitialized variable reference