I haven't seen this mentioned here, but it could be of interest to some. As noted, the claim is that the malicious code never made it to production and that procedures are changing to try to mitigate what is thought to be the underlying issue that let this happen. Attacker Updates PHP Source Code to Include Backdoor <https://www.bankinfosecurity.com/attacker-updates-php-source-code-to-include-backdoor-a-16286> Changes to Git commit workflow <https://news-web.php.net/php.internals/113838> [use the "next>>" link at the bottom-right of that page to see further "internals" discussion.]
