We are working on including the latest version of PHP on every stack and we expect to release that version in the next week. Regarding the security issue, according to:
This version only includes a CVE which is a security catalogued as Medium in severity. It's a security issue in the Perl Compatible Regular Expressions (PCRE) library (https://www.pcre.org/). In the link below you can find how to exploit this issue:
This is something extremely difficult to be exploitable remotely through your WordPress site. Therefore, it's extremely unlikely you can suffer a DOS attack for this reason. We prioritise to release every stack when the severity of the issue is much higher.