lls wrote:I have recently updated to to xampp 5.6.30 which has in it PHP 7.1.1
No.
XAMPP 5.6.30 contains PHP 5.6.30
XAMPP 7.1.1 contains PHP 7.1.1
lls wrote:however my security folk tell me that we should be using PHP 7.1.2 because of security vulnerabilities.
Vulnerability in which context? Ask your security folk if these security vulnerabilities are exploitable on local only test and development environments.
That is the environment XAMPP is designed for.
A local test and development environment can have multiple software security vulnerabilities without ever being attackable or insecure.
lls wrote:The first is can I simply update the PHP component with 7.1.2
technically yes. But we don't provide any support for that. So you are on your own with that.
If you does have the knowledge and skill to update this core single component on your own i cannot guess.
lls wrote:will there be a release of xampp soon which incorporated PHP 7.1.2
We don't have any release schedule. It's done when it's done.
To get a clue you can take a look at past release dates.
If you want to always get best scores in so named vulnerability scanners than xampp is the wrong product for you. XAMPP does not provide single component upgrases.