chore(master): release 2.8.3

[lotyp]

🤖 I have created a release beep boop

2.8.3 (2024-12-12)

Dependencies

• deps: update ansible/ansible-lint action to v24.12.2 (#73) (cc300d0)

---

This PR was generated with Release Please. See documentation.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:a622bf9fff25616991ba0c9a61ad9d49b09a6ad47c7cd40489c06005ef89e373
vulnerabilities
size	109 MB
packages	231

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.21 8.1-cli-alpine 8.1-cli-alpine3.21 8.1.31-alpine 8.1.31-alpine3.21 8.1.31-cli-alpine 8.1.31-cli-alpine3.21
digest	sha256:b217029b5db5f0784a5e00c57280685a4c2f009a970e6b32bb415eba6ca5ae7c
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.31-alpine3.21
Digest	sha256:b217029b5db5f0784a5e00c57280685a4c2f009a970e6b32bb415eba6ca5ae7c
Vulnerabilities
Pushed	1 day ago
Size	36 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.1.31

The base image is also available under the supported tag(s): 8.1-alpine3.21, 8.1-cli-alpine, 8.1-cli-alpine3.21, 8.1.31-alpine, 8.1.31-alpine3.21, 8.1.31-cli-alpine, 8.1.31-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.1	5 days ago
8.3-alpine Minor runtime version update Also known as: 8.3.14-cli-alpine 8.3.14-cli-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.14-alpine 8.3.14-alpine3.21 8.3-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 37 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago
8.2-alpine Minor runtime version update Also known as: 8.2.26-cli-alpine 8.2.26-cli-alpine3.21 8.2-cli-alpine 8.2-cli-alpine3.21 8.2.26-alpine 8.2.26-alpine3.21 8.2-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 36 MB Flavor: alpine OS: 3.21 Runtime: 8.2.26	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:c748106e2f45fdcf421e770f0904ec8754ae10e8f2a1af30cc9a77dbfaaae824
vulnerabilities
size	104 MB
packages	232

📦 Base Image php:8.1-fpm-alpine

also known as	8.1-fpm-alpine3.21 8.1.31-fpm-alpine 8.1.31-fpm-alpine3.21
digest	sha256:fa457eee5e53a8d4aff21bd0d78a3cbcd7f98b8def81218a8f0d98dd8cbd029b
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-fpm-alpine

Name	8.1.31-fpm-alpine3.21
Digest	sha256:fa457eee5e53a8d4aff21bd0d78a3cbcd7f98b8def81218a8f0d98dd8cbd029b
Vulnerabilities
Pushed	1 day ago
Size	32 MB
Packages	53
Flavor	alpine
OS	3.21
Runtime	8.1.31

The base image is also available under the supported tag(s): 8.1-fpm-alpine3.21, 8.1.31-fpm-alpine, 8.1.31-fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-fpm-alpine Minor runtime version update Also known as: 8.3.14-fpm-alpine 8.3.14-fpm-alpine3.21 8.3-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 33 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago
8.2-fpm-alpine Minor runtime version update Also known as: 8.2.26-fpm-alpine 8.2.26-fpm-alpine3.21 8.2-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 32 MB Flavor: alpine OS: 3.21 Runtime: 8.2.26	5 days ago
8.4-fpm-alpine Image has same number of vulnerabilities Also known as: 8.4.1-fpm-alpine 8.4.1-fpm-alpine3.21 8.4-fpm-alpine3.21 8-fpm-alpine 8-fpm-alpine3.21 fpm-alpine fpm-alpine3.21	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.21	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:ed915f6a7a38337d021e070732ef18796932f0afe7339fdb361cc5abfd2ebe44
vulnerabilities
size	109 MB
packages	231

📦 Base Image php:8.2-alpine

also known as	8.2-alpine3.21 8.2-cli-alpine 8.2-cli-alpine3.21 8.2.26-alpine 8.2.26-alpine3.21 8.2.26-cli-alpine 8.2.26-cli-alpine3.21
digest	sha256:e33a9aa217ea6f2f3891b2c01158e38f860f3ede767870953b6685cd2fa12c9e
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-alpine

Name	8.2.26-alpine3.21
Digest	sha256:e33a9aa217ea6f2f3891b2c01158e38f860f3ede767870953b6685cd2fa12c9e
Vulnerabilities
Pushed	5 days ago
Size	36 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.2.26

The base image is also available under the supported tag(s): 8.2-alpine3.21, 8.2-cli-alpine, 8.2-cli-alpine3.21, 8.2.26-alpine, 8.2.26-alpine3.21, 8.2.26-cli-alpine, 8.2.26-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.1	5 days ago
8.3-alpine Minor runtime version update Also known as: 8.3.14-cli-alpine 8.3.14-cli-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.14-alpine 8.3.14-alpine3.21 8.3-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 37 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:55d9fb15d780b99f0104bc717da264efdbcf8bb6fb59a82302b41771596accbc
vulnerabilities
size	128 MB
packages	249

📦 Base Image php:8.2-alpine

also known as	8.2-alpine3.21 8.2-cli-alpine 8.2-cli-alpine3.21 8.2.26-alpine 8.2.26-alpine3.21 8.2.26-cli-alpine 8.2.26-cli-alpine3.21
digest	sha256:e33a9aa217ea6f2f3891b2c01158e38f860f3ede767870953b6685cd2fa12c9e
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:3e315baa2c427d01e35a2525f5f9670920fd2b5520002cd4453472792b1eac20
vulnerabilities
size	105 MB
packages	232

📦 Base Image php:8.2-fpm-alpine

also known as	8.2-fpm-alpine3.21 8.2.26-fpm-alpine 8.2.26-fpm-alpine3.21
digest	sha256:c40255b7011a41c628d0120383a267bc9d7426eab0cc538ae0d58c935000ae20
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-alpine

Name	8.2.26-alpine3.21
Digest	sha256:e33a9aa217ea6f2f3891b2c01158e38f860f3ede767870953b6685cd2fa12c9e
Vulnerabilities
Pushed	5 days ago
Size	36 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.2.26

The base image is also available under the supported tag(s): 8.2-alpine3.21, 8.2-cli-alpine, 8.2-cli-alpine3.21, 8.2.26-alpine, 8.2.26-alpine3.21, 8.2.26-cli-alpine, 8.2.26-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.1	5 days ago
8.3-alpine Minor runtime version update Also known as: 8.3.14-cli-alpine 8.3.14-cli-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.14-alpine 8.3.14-alpine3.21 8.3-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 37 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:70b850cfb423b29054d4a4c76a8f63ba00c1e068ab824139d8317e7cbc10ea45
vulnerabilities
size	127 MB
packages	249

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.21 8.1-cli-alpine 8.1-cli-alpine3.21 8.1.31-alpine 8.1.31-alpine3.21 8.1.31-cli-alpine 8.1.31-cli-alpine3.21
digest	sha256:b217029b5db5f0784a5e00c57280685a4c2f009a970e6b32bb415eba6ca5ae7c
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.2-fpm-alpine

Name	8.2.26-fpm-alpine3.21
Digest	sha256:c40255b7011a41c628d0120383a267bc9d7426eab0cc538ae0d58c935000ae20
Vulnerabilities
Pushed	5 days ago
Size	32 MB
Packages	53
Flavor	alpine
OS	3.21
Runtime	8.2.26

The base image is also available under the supported tag(s): 8.2-fpm-alpine3.21, 8.2.26-fpm-alpine, 8.2.26-fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-fpm-alpine Minor runtime version update Also known as: 8.3.14-fpm-alpine 8.3.14-fpm-alpine3.21 8.3-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 33 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago
8.4-fpm-alpine Image has same number of vulnerabilities Also known as: 8.4.1-fpm-alpine 8.4.1-fpm-alpine3.21 8.4-fpm-alpine3.21 8-fpm-alpine 8-fpm-alpine3.21 fpm-alpine fpm-alpine3.21	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.21	5 days ago

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.31-alpine3.21
Digest	sha256:b217029b5db5f0784a5e00c57280685a4c2f009a970e6b32bb415eba6ca5ae7c
Vulnerabilities
Pushed	1 day ago
Size	36 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.1.31

The base image is also available under the supported tag(s): 8.1-alpine3.21, 8.1-cli-alpine, 8.1-cli-alpine3.21, 8.1.31-alpine, 8.1.31-alpine3.21, 8.1.31-cli-alpine, 8.1.31-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.1	5 days ago
8.3-alpine Minor runtime version update Also known as: 8.3.14-cli-alpine 8.3.14-cli-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.14-alpine 8.3.14-alpine3.21 8.3-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 37 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago
8.2-alpine Minor runtime version update Also known as: 8.2.26-cli-alpine 8.2.26-cli-alpine3.21 8.2-cli-alpine 8.2-cli-alpine3.21 8.2.26-alpine 8.2.26-alpine3.21 8.2-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 36 MB Flavor: alpine OS: 3.21 Runtime: 8.2.26	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:7008c018a24798c97af1375d65069dc91159e8e139077a37120b0c30018d8085
vulnerabilities
size	110 MB
packages	231

📦 Base Image php:8.3-alpine

also known as	8.3-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.14-alpine 8.3.14-alpine3.21 8.3.14-cli-alpine 8.3.14-cli-alpine3.21
digest	sha256:41ab576a7fd2702a4921f50bc69be52460414e1d3a2d6e70676180e9ae8d4b78
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.3-alpine

Name	8.3.14-alpine3.21
Digest	sha256:41ab576a7fd2702a4921f50bc69be52460414e1d3a2d6e70676180e9ae8d4b78
Vulnerabilities
Pushed	5 days ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.14

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.14-alpine, 8.3.14-alpine3.21, 8.3.14-cli-alpine, 8.3.14-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.1	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:18a15fdb3644f30dfa1eeb2866e24e3cdb50fd341f6dcbc50f74c7fb76a03bd0
vulnerabilities
size	115 MB
packages	231

📦 Base Image php:8-alpine

also known as	8-alpine3.21 8-cli-alpine 8-cli-alpine3.21 8.4-alpine 8.4-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 alpine alpine3.21 cli-alpine cli-alpine3.21
digest	sha256:6338c0bc70c8a8b1699fafac1cb0cb15d71825b2b8e7b131989d6f239daa8615
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:5dfc2142f88c01b179c69224c8931da942480389e8d10a0f0c1e6a82855f85a4
vulnerabilities
size	105 MB
packages	232

📦 Base Image php:8.3-fpm-alpine

also known as	8.3-fpm-alpine3.21 8.3.14-fpm-alpine 8.3.14-fpm-alpine3.21
digest	sha256:2195efdc39294f113863a8af61fac333817b0382b7421252fc975605260f6668
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-alpine

Name	8.4.1-alpine3.21
Digest	sha256:6338c0bc70c8a8b1699fafac1cb0cb15d71825b2b8e7b131989d6f239daa8615
Vulnerabilities
Pushed	5 days ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.1

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.1-alpine, 8.4.1-alpine3.21, 8.4.1-cli-alpine, 8.4.1-cli-alpine3.21, alpine, alpine3.21, cli-alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.3-fpm-alpine

Name	8.3.14-fpm-alpine3.21
Digest	sha256:2195efdc39294f113863a8af61fac333817b0382b7421252fc975605260f6668
Vulnerabilities
Pushed	5 days ago
Size	33 MB
Packages	53
Flavor	alpine
OS	3.21
Runtime	8.3.14

The base image is also available under the supported tag(s): 8.3-fpm-alpine3.21, 8.3.14-fpm-alpine, 8.3.14-fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-fpm-alpine Image has same number of vulnerabilities Also known as: 8.4.1-fpm-alpine 8.4.1-fpm-alpine3.21 8.4-fpm-alpine3.21 8-fpm-alpine 8-fpm-alpine3.21 fpm-alpine fpm-alpine3.21	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.21	5 days ago

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:595473e7ad9e971cb860337c5fe5a101ad41b0af403537fafffc97e819856018
vulnerabilities
size	134 MB
packages	249

📦 Base Image php:8-alpine

also known as	8-alpine3.21 8-cli-alpine 8-cli-alpine3.21 8.4-alpine 8.4-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 alpine alpine3.21 cli-alpine cli-alpine3.21
digest	sha256:6338c0bc70c8a8b1699fafac1cb0cb15d71825b2b8e7b131989d6f239daa8615
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:5824d53f47ac28f0f5aa1214ff5e5dd1a9194081530c82dd724ca0d0f116c231
vulnerabilities
size	109 MB
packages	232

📦 Base Image php:8-fpm-alpine

also known as	8-fpm-alpine3.21 8.4-fpm-alpine 8.4-fpm-alpine3.21 8.4.1-fpm-alpine 8.4.1-fpm-alpine3.21 fpm-alpine fpm-alpine3.21
digest	sha256:661709ebd2995433800a6f617072d40a0c52a4f3abfae1db4d4a3e280b3ddaea
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-alpine

Name	8.4.1-alpine3.21
Digest	sha256:6338c0bc70c8a8b1699fafac1cb0cb15d71825b2b8e7b131989d6f239daa8615
Vulnerabilities
Pushed	5 days ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.1

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.1-alpine, 8.4.1-alpine3.21, 8.4.1-cli-alpine, 8.4.1-cli-alpine3.21, alpine, alpine3.21, cli-alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8-fpm-alpine

Name	fpm-alpine3.21
Digest	sha256:661709ebd2995433800a6f617072d40a0c52a4f3abfae1db4d4a3e280b3ddaea
Vulnerabilities
Pushed	5 days ago
Size	36 MB
Packages	53
Flavor	alpine
OS	3.21

The base image is also available under the supported tag(s): 8-fpm-alpine3.21, 8.4-fpm-alpine, 8.4-fpm-alpine3.21, 8.4.1-fpm-alpine, 8.4.1-fpm-alpine3.21, fpm-alpine, fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.1-fpm-alpine Minor runtime version update Also known as: 8.1.31-fpm-alpine 8.1.31-fpm-alpine3.21 8.1-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 4.3 MB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages 8.1-fpm-alpine is the fourth most popular tag with 18K pulls per month Image details: Size: 32 MB Flavor: alpine OS: 3.21 Runtime: 8.1.31	1 day ago
8.3-fpm-alpine Minor runtime version update Also known as: 8.3.14-fpm-alpine 8.3.14-fpm-alpine3.21 8.3-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 3.3 MB Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 33 MB Flavor: alpine OS: 3.21 Runtime: 8.3.14	5 days ago
8.2-fpm-alpine Minor runtime version update Also known as: 8.2.26-fpm-alpine 8.2.26-fpm-alpine3.21 8.2-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 3.9 MB Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 32 MB Flavor: alpine OS: 3.21 Runtime: 8.2.26	5 days ago

[github-actions]

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:56a13bd47780a3cd3c9b1e438285d214243795f06f6fc595c58dcfce820b1e4d
vulnerabilities
size	128 MB
packages	249

📦 Base Image php:8.3-alpine

also known as	8.3-alpine3.21 8.3-cli-alpine 8.3-cli-alpine3.21 8.3.14-alpine 8.3.14-alpine3.21 8.3.14-cli-alpine 8.3.14-cli-alpine3.21
digest	sha256:41ab576a7fd2702a4921f50bc69be52460414e1d3a2d6e70676180e9ae8d4b78
vulnerabilities

golang.org/x/crypto 0.17.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Authorization Affected range <0.31.0 Fixed version 0.31.0 Description Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

[github-actions]

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.3-alpine

Name	8.3.14-alpine3.21
Digest	sha256:41ab576a7fd2702a4921f50bc69be52460414e1d3a2d6e70676180e9ae8d4b78
Vulnerabilities
Pushed	5 days ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.14

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.14-alpine, 8.3.14-alpine3.21, 8.3.14-cli-alpine, 8.3.14-cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.4-alpine Minor runtime version update Also known as: 8.4.1-cli-alpine 8.4.1-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.1-alpine 8.4.1-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.1	5 days ago

[lotyp]

🤖 Created releases:

• v2.8.3
  🌻