I've noticed some closed issues regarding the project's status, with responses stating that the project isn't abandoned, despite the fact that the latest release was over two years ago.
In the latest release, 10 of the composer dependencies have open vulnerabilities (8 of which are present even on the master branch). Additionally, the Docker image for the latest release is still based on PHP 7.4, which reached end-of-life at the end of 2023. Trivy also reports 150 open CVEs for this image, which raises concerns—especially for anyone using it in a production environment.
I also noticed that the Dockerfile disables StrictHostKeyChecking, which is generally considered a poor security practice. Could you provide some insight into the rationale behind this decision?
Additionally, it would be helpful to get some clarity on the current status of the project and any plans for future updates.
I've noticed some closed issues regarding the project's status, with responses stating that the project isn't abandoned, despite the fact that the latest release was over two years ago.
In the latest release, 10 of the composer dependencies have open vulnerabilities (8 of which are present even on the master branch). Additionally, the Docker image for the latest release is still based on PHP 7.4, which reached end-of-life at the end of 2023. Trivy also reports 150 open CVEs for this image, which raises concerns—especially for anyone using it in a production environment.
I also noticed that the Dockerfile disables StrictHostKeyChecking, which is generally considered a poor security practice. Could you provide some insight into the rationale behind this decision?
Additionally, it would be helpful to get some clarity on the current status of the project and any plans for future updates.