Remove archive php.tar.xz from final images

docker-library / php

Docker Official Image packaging for PHP

https://php.net

MIT License

3.77k stars 2k forks source link

Remove archive php.tar.xz from final images #1487

Closed vladislavzl closed 5 months ago

vladislavzl commented 5 months ago

The php.tar.xz archive contains tests that are detected as malware. Like this: layer.tar//usr/src/php.tar.xz//xz//php-8.1.22/ext/phar/tests/bug81726.gz - a hacktool program Tool.Zipbomb.3 I believe that the archive isn't needed in final php images.

yosifkit commented 5 months ago

Duplicate of https://github.com/docker-library/php/issues/488. The PHP source is kept so that users can install extensions that are not included by default (like via the docker-php-ext-* scripts).