search

docker-library / wordpress

Docker Official Image packaging for WordPress
https://wordpress.org/
GNU General Public License v2.0
1.8k stars 1.07k forks source link

[wordpress:6.6.2-php8.2-apache] Upgrade PHP to 8.2.26 #935

Closed paulshryock closed 22 hours ago

paulshryock commented 22 hours ago

wordpress:6.6.2-php8.2-apache currently has known security vulnerabilities.

php:8.2-apache has PHP 8.2.26.

I think wordpress:6.6.2-php8.2-apache just needs a rebuild to pick up the upstream changes.

Edit: Originally the image mentioend was wordpress:6-php8.2-apache, but that was a typo.

yosifkit commented 22 hours ago

We rebuild all dependent Docker Official Images when their parent image(s) are updated. wordpress:php8.2-apache already has the updated PHP 8.2:

$ docker run -it --rm wordpress:php8.2-apache php --version
Unable to find image 'wordpress:php8.2-apache' locally
php8.2-apache: Pulling from library/wordpress
8e3574ead1d9: Download complete
cc509c872df2: Download complete
33ddd73cf168: Download complete
2c3cdaf28ff9: Download complete
cdd30a8da961: Download complete
147b34766441: Download complete
3ecc49d93144: Download complete
bebb38845b62: Download complete
4f4fb700ef54: Already exists
0f3c44dd6c5b: Download complete
1062c4bf27a2: Download complete
205f781f096b: Download complete
8944b2c2d493: Download complete
03e622ab6113: Download complete
3d465c9a467d: Download complete
a6ef3423d3cc: Download complete
c99b33b2d2df: Download complete
8bd2c82cab52: Download complete
b95e19029c21: Download complete
413b3a10b41e: Download complete
93e37cdea03d: Download complete
Digest: sha256:cd3ff8311e62c3a5d95feaa502f8416d547d98af339b3384647d6fc2a9f76813
Status: Downloaded newer image for wordpress:php8.2-apache
PHP 8.2.26 (cli) (built: Nov 21 2024 17:59:31) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.26, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.26, Copyright (c), by Zend Technologies
tianon commented 22 hours ago

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

paulshryock commented 2 hours ago

Thanks @yosifkit and @tianon.

I'm sorry, this issue had a typo when I first created it. I meant that wordpress:6.6.2-php8.2-apache still has PHP 8.2.25.

Docker Hub page for the wordpress:6.6.2-php8.2-apache image. "Last pushed 20 days ago" is highlighted.

Will wordpress:6.6.2-php8.2-apache ever be updated to PHP 8.2.26? Or is that tag no longer supported for security updates?