Comment 3 for bug 1798625

Upstream hasn't identified any security fixes in the 7.2.11 release. They say "This is a bugfix release." rather than their usual "This is a security release." when there is a security impact.

Once again I believe US-CERT is just sending out their usual PHP placeholder text without actually checking.

Unless someone requests a CVE for one of those fixes, this version will not get released by the security team.