Security Updates for PHP on Elastic Beanstalk



Following up on my post on the archived forums, we still have outdated PHP versions on Elastic Beanstalk:

Currently we're sitting at version 7.4.21 while version 7.4.27 is the newest as of this post. Of these 6 updates (which date back to July 1 2021; more than 6 months!), 4 of them are security related according to the release log.

I cannot comprehend how it can take you guys so long to get these versions updated. With the resources you presumably have at your disposal, it makes no sense to be so far behind on updates for a platform you support.

Please take a look at this. Every security problem that's publicly documented and patched, but not applied to production instances, serves as an attack vector that can be utilized by anyone.

Note that the outdated version issue also applies to PHP 8, we just happen to use 7.4.

If you don't plan on improving this, at least explain why.

asked 10 months ago30 views
1 Answer

Nobody cares about this? Come on, guys.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions