Hello
Following up on my post on the archived forums, we still have outdated PHP versions on Elastic Beanstalk: https://forums.aws.amazon.com/thread.jspa?threadID=347958&tstart=0
Currently we're sitting at version 7.4.21 while version 7.4.27 is the newest as of this post. Of these 6 updates (which date back to July 1 2021; more than 6 months!), 4 of them are security related according to the php.net release log.
I cannot comprehend how it can take you guys so long to get these versions updated. With the resources you presumably have at your disposal, it makes no sense to be so far behind on updates for a platform you support.
Please take a look at this. Every security problem that's publicly documented and patched, but not applied to production instances, serves as an attack vector that can be utilized by anyone.
Note that the outdated version issue also applies to PHP 8, we just happen to use 7.4.
If you don't plan on improving this, at least explain why.
AWS 官方已更新 8 个月前