Skip to main content
This post was originally published on the Platform.sh blog and reflects information from the time of publication.
Keeping your applications running and secure remain our main goal! This week, Httpoxy, an important security vulnerability, has just been disclosed. It affects every application running in CGI, which includes PHP. As soon as we heard about it, we deployed a new version of our router container to block the Proxy header from incoming HTTP headers. Here is what Httpoxy website says: 
If you’re running PHP or CGI, you should block the Proxy header now.
This fix has already been deployed in every Platform.sh region and we have refreshed all your projects so that you don’t even need to redeploy your applications in order to get the security in place. In other words: You are safe!.
Last modified on May 21, 2026