Release 4.3: Bug Fixes, Security Improvements, and Depdendency Updates#639
Merged
jaydrogers merged 11 commits intomainfrom Jan 22, 2026
Merged
Release 4.3: Bug Fixes, Security Improvements, and Depdendency Updates#639jaydrogers merged 11 commits intomainfrom
jaydrogers merged 11 commits intomainfrom
Conversation
PHP repo no longer has images available for alpine3.21 for latest minor versions, this removes 3.21 if its no longer available and adds 3.23 if available
* Fix blocking .well-known path for FrankenPHP * Remove specific endpoint checks because the whole folder should be allowed * Enhance security configurations across Apache, NGINX, and Caddy by implementing best practices for HTTP headers and file access restrictions. Added protections against clickjacking, MIME type sniffing, and sensitive file exposure while allowing necessary access to well-known URIs as per RFC 8615. --------- Co-authored-by: Jay Rogers <3174134+jaydrogers@users.noreply.github.com> Co-authored-by: Jay Rogers <jaydrogers@users.noreply.serversideup.net>
…artifact handling
…d artifact handling
…n fault issues (Thanks Depot! 😅)
Deploying serversideup-php with
|
| Latest commit: |
0c7b634
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://d80de586.serversideup-php.pages.dev |
| Branch Preview URL: | https://improvement-prevent-php-exec.serversideup-php.pages.dev |
Implemented restrictions across Apache, NGINX, and FrankenPHP configurations to prevent the execution of PHP files in the /storage directory, addressing potential vulnerabilities related to arbitrary file uploads (GHSA-29cq-5w36-x7w3).
Contributor
|
@jaydrogers is there anything left from your perspective prior to merging? more than happy to help if there are outstanding items... 8.5.2 was just released... so would like to get this merged. Thanks. |
Member
Author
|
@alloylab: The beta is being released now if you'd like to test it 👍 https://github.com/serversideup/docker-php/actions/runs/21146055653 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
👨🔬 How to test
This PR is being shipped for the 4.3.0 beta. You can simlply add
beta-*in front of your image:Learn more about our beta images →
🤩 What's new
🔐 Security Improvements
.phpfiles from being executed from/storage/*for NGINX, Apache, and FrankenPHP (Add security measures to block PHP execution in storage directory #641)⏫ Dependency Upgrades