search

yiisoft / yii2-docker

Official Docker images suitable for Yii 2.0
https://www.yiiframework.com/
BSD 3-Clause "New" or "Revised" License
381 stars 202 forks source link

Security issue related to Apache 2.4.54 #158

Closed fleduc closed 1 year ago

fleduc commented 1 year ago

Hi all. We are using this docker image of Yii2 FROM yiisoftware/yii2-php:8.0-apache Our security scanner has found a security issue related to Apache 2.4.54 https://httpd.apache.org/security/vulnerabilities_24.html To resolve this issue, we need to upgrade to Apache 2.4.56 Is there a plan on your side to upgrade Apache in the main image, or is there a way for us to do so on our own? Thanks

schmunk42 commented 1 year ago

We're building the images in this repo automatically every Sunday.

Since we're building from Official Docker Images you need to wait until those are updated, for a detailed explanation see https://github.com/docker-library/php/issues/1366#issuecomment-1421714934

We could trigger a build anytime when the above issue is fixed, just let us know.

Apart from that you'd need to completely rebuild also the PHP images from scratch.

fleduc commented 1 year ago

Thanks for the update. It seems that it won't be long until this problem is resolved: https://tracker.debian.org/pkg/apache2 image

Thanks

schmunk42 commented 1 year ago

@fleduc Could you keep an eye on this and ping here for a rebuild and/or close if it's resolved via auto-build triggers.

marcovtwout commented 1 year ago

This issue is resolved by now:

root@...:/etc/apache2# apache2 -v
Server version: Apache/2.4.57 (Debian)
Server built:   2023-04-13T03:26:51