2026.25

Released 2026-04-29

Changes

Mitigate CVE-2026-31431

This change mitigates the local privilege escalation vulnerability registered as CVE-2026-31431 and documented with an exploit at https://copy.fail/ .

Artifacts matrix

Image TypeFamily / VariantOSPackagesArchitecturesURI
Containerphp-fpm:8.1-arm64Debian 13.28.1.34, composer-2.9.7arm64public.ecr.aws/webscale/php-fpm:8.1-arm64-2026.25
Containerphp-fpm:8.2-arm64Debian 13.48.2.30, composer-2.9.7arm64public.ecr.aws/webscale/php-fpm:8.2-arm64-2026.25
Containerphp-fpm:8.3-arm64Debian 13.48.3.30, composer-2.9.7arm64public.ecr.aws/webscale/php-fpm:8.3-arm64-2026.25
Containerphp-fpm:8.4-arm64Debian 13.48.4.20, composer-2.9.7arm64public.ecr.aws/webscale/php-fpm:8.4-arm64-2026.25
Containerphp-fpm:8.5-arm64Debian 13.48.5.5, composer-2.9.7arm64public.ecr.aws/webscale/php-fpm:8.5-arm64-2026.25
Containerphp-fpm:8.1-debDebian 13.28.1.34, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.1-deb-2026.25
Containerphp-fpm:8.2-debDebian 13.48.2.30, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.2-deb-2026.25
Containerphp-fpm:8.3-debDebian 13.48.3.30, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.3-deb-2026.25
Containerphp-fpm:8.4-debDebian 13.48.4.20, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.4-deb-2026.25
Containerphp-fpm:8.1Alpine 3.21.78.1.34, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.1-2026.25
Containerphp-fpm:8.2Alpine 3.23.48.2.30, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.2-2026.25
Containerphp-fpm:8.3Alpine 3.23.48.3.30, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.3-2026.25
Containerphp-fpm:8.4Alpine 3.23.48.4.20, composer-2.9.7amd64public.ecr.aws/webscale/php-fpm:8.4-2026.25
ContainerrabbitmqUbuntu 24.04.4 LTS4.3.0arm64public.ecr.aws/webscale/rabbitmq:2026.25
ContainervarnishDebian 12.136.0.17arm64public.ecr.aws/webscale/varnish:2026.25
Have questions not answered here? Contact Support to get more help.

Last modified on June 3, 2026