Closed j3j5 closed 1 year ago
tianon
commented
1 year ago Is there a specific problem this is causing? The underlying issue here is that Alpine has done a major version bump of curl in their stable release, but has not done a rebuild of the base image, so the layer which installs the curl package is cached but the layer which installs libcurl's dev package for linking against in PHP has been updated. :disappointed:
j3j5
commented
1 year ago Honestly, I'm not sure about a specific problem. I run into an issue with curl on one of my apps and while I was trying to debug it, I noticed the version mismatch. curl itself throws a warning saying that "functionality may be affected", but I don't know if my issue is caused by this or something else, or for that matter, what kind of issues the mismatch may cause.
MirakuSan
commented
1 year ago I think there is a specific problem, I've just opened an issue : https://github.com/docker-library/php/issues/1401 because the images have almost all a vulnerability with version of curl < 8.0.0
tianon
commented
1 year ago All supported images have since been rebuilt. :+1:
PHP images using alpine (3.16 and 3.17) have a version mismatch on their curl and libcurl version. curl is on version 7.88 while libcurl is on 8.0. This occurs both on 8.1 and 8.2 versions. Looking at Docker Hub apparently curl 8.0 is also installed but running a terminal into the image the version installed is 7.8.