There are rumors of a very bad PHP exploit going to be announced in mid May. If true, it may allow full RCE of any PHP application exposed to the internet. It depends on a security flaw in glibc assigned CVE-2024-2961.
The Lagoon PHP images are based on alpine linux, which uses musl, not glibc. At this time we believe our images are not vulnerable to the exploit.
We will update this issues as more information comes out.
There are rumors of a very bad PHP exploit going to be announced in mid May. If true, it may allow full RCE of any PHP application exposed to the internet. It depends on a security flaw in
glibc
assigned CVE-2024-2961.The Lagoon PHP images are based on alpine linux, which uses
musl
, notglibc
. At this time we believe our images are not vulnerable to the exploit.We will update this issues as more information comes out.