Open NatSavBS opened 1 year ago
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
Is your feature request related to a problem? Please describe.
This isnt tied to any particular problem however it would still be best to get it remidied,
PHP and Apache are out of date in the docker image.
The current version of php 7 is 7.4.32 and the current version of apache is 2.4.54
The docker image is using the latest version available inside its apt repositories however, these versions are affected by some pretty significant bugs including crtical level exploits.
Please see below: https://www.cybersecurity-help.cz/vdb/apache_foundation/apache_http_server/2.4.41/ https://www.cybersecurity-help.cz/vdb/php_group/php/7.4.3/
I know most peoples workflows with snipe wont require having it externally accessible but dispite the low chance of attack, these software versions will still pose problems for oganisations with regulatory requirements such as Cyber Essentials+ which this would fail.
Describe the solution you'd like
PHP and apache should be brought up to the most recent versions.
PHP's latest version can be found in the apt repository linked below https://launchpad.net/%7Eondrej/+archive/ubuntu/php/+index?field.series_filter=
Apache's latest version can be found in the apt repository linked below https://launchpad.net/%7Eondrej/+archive/ubuntu/apache2?field.series_filter=impish
Describe alternatives you've considered
PHP and apache could be built from source in the dockerfile but this would likley lead to unesscary bloat.