React, Flux, GraphQL, Hack, HHVM...? All of this and more!
The Facebook team does rapid development cycles for HHVM. If you are running in HHVM production, you need to keep your code and environments up-to-date for security just as you would for PHP. In addition to Facebook itself - Wikipedia and many WordPress hosting platforms use HHVM. So it is definitely common enough to be a target for malicious activities.
A vast majority of HHVM releases are supported only for 8 weeks. After this support is transferred to the next stable version. As an example if you use 3.7.x and it is the current stable release, it will be replaced with 3.8. and no longer receive ANY updates.
Like many other projects, like Ubuntu and Symfony the team provide LTS releases for stability. These Long Term Support Releases of HHVM are supported for a year. The easiest way to keep your installation up-to-date is by installing using the official Prebuilt Packages for HHVM.
To find out your version, run the following command in your shell:
At the time of writing versions and release dates are these:
Read more on the HHVM WikiTweet