PHP is an ever evolving languages. As older versions of PHP become end of life we gradually terminate support for them. In this announcement we detail the when and the why of this.
IMPORTANT: This is NOT an April Fools joke.
This is in response to the allegations made by the JoomLeaks actor in the mass email sent out to people who had created a user account on the JoomlaDonation site. For more information about this email please take a look at http://forum.joomla.org/viewtopic.php?f=714&t=866985
Executive summary: It is possible for a remote attacker to extract a remotely hosted archive while you are extracting a backup archive / installing an update, depending on your server settings. The attack is NOT possible at any other time. Merely having our software installed DOES NOT make your site vulnerable. The vulnerability was discovered and reported by Johannes Dahse of Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany.