The upstream bug[1] describes that processing time increases exponentially as the POST data size increases causing a possible DoS attack. This is fixed in PHP 7.0.17 and 7.1.3 already in the tree. PHP 5.6.31 should also include this when upstream releases it [1] https://bugs.php.net/bug.php?id=73807
The fixed versions are already in tree and stable. Downgrading to ~3 because the vulnerability affects only FreeBSD servers. Gentoo Security Padawan ChrisADR