Issue #12
19 May 2026
"Generics are back on PHP’s agenda, not as an abstract type system debate but as a practical question about how much intent the language itself should express. And, as expected, security remains a hot topic."
— Stefan & Sebastian
garfieldtech.com
This article frames the latest RFC for generics in PHP as perhaps the language’s best shot yet, while raising an important unresolved question: would such a feature make static analysis an implicit part of writing modern PHP?
Picked by Stefan Priebsch – "A balanced analysis of PHP’s latest attempt at generics, one of PHP’s hardest language design questions: technically possible, widely desired, but full of trade-offs."
wiki.php.net
This RFC proposes moving even more of PHP’s informal “promises about what kind of data code expects” out of comments and into the language itself, while keeping adoption gradual so existing code does not have to change all at once.
Picked by Sebastian Bergmann – "This might become another example of PHP core adopting ideas explored in userland, in this case shaped in large part by the maintainers of static analysis tools."
phpreads.com
Damien Retzinger documents a serious PHP supply-chain issue. For a short window, vulnerable Composer versions could expose GitHub Actions tokens in public build logs after GitHub changed its token format.
Picked by Stefan Priebsch and Sebastian Bergmann – "Perfect example of a blame-free post-mortem providing useful guidance for the PHP community. Thank you, Damien, for your exceptional work.