We haven’t done posts for point releases since our normal release schedule is so quick, but when there is a security fix we thought you should know as soon as possible.

We have a few fastcgi fixes, a few memory leak fixes and the security vulnerability fix for CVE-2014-2208. Previously an attacker could get around escapeshellarg() using a specially crafted input. It is hard to exploit, and facebook.com wasn’t vulnerable, but you should patch your servers up just incase.

The full commit log is available for this release. Remember the branch cut is in 11 days for the next release so get your pull requests in soon!


  • HHVM 2.4.2 und die Rückkehr der F8 Developer Conference - entwickler.de: […] Knapp drei Wochen vor dem Release der HHVM 2.5.0, das vor allem wegen der Integration von MySQLi spannend werden dürfte, hat das Team der HipHop Virtual Machine Version 2.4.2 veröffentlicht. […]