2026.27

Released 2026-05-14

Changes

Mitigate CVE-2026-42945

This release includes an update to nginx 1.24.0-2ubuntu7.8 for relevant images to prevent the attack described in CVE-2026-42945.

Artifacts matrix

Image TypeFamily / VariantOSPackagesArchitecturesURI
Containerphp-fpm:8.1-arm64Debian 13.28.1.34, composer-2.9.8arm64public.ecr.aws/webscale/php-fpm:8.1-arm64-2026.27
Containerphp-fpm:8.2-arm64Debian 13.48.2.31, composer-2.9.8arm64public.ecr.aws/webscale/php-fpm:8.2-arm64-2026.27
Containerphp-fpm:8.3-arm64Debian 13.48.3.31, composer-2.9.8arm64public.ecr.aws/webscale/php-fpm:8.3-arm64-2026.27
Containerphp-fpm:8.4-arm64Debian 13.48.4.21, composer-2.9.8arm64public.ecr.aws/webscale/php-fpm:8.4-arm64-2026.27
Containerphp-fpm:8.5-arm64Debian 13.48.5.6, composer-2.9.8arm64public.ecr.aws/webscale/php-fpm:8.5-arm64-2026.27
Containerphp-fpm:8.1-debDebian 13.28.1.34, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.1-deb-2026.27
Containerphp-fpm:8.2-debDebian 13.48.2.31, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.2-deb-2026.27
Containerphp-fpm:8.3-debDebian 13.48.3.31, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.3-deb-2026.27
Containerphp-fpm:8.4-debDebian 13.48.4.21, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.4-deb-2026.27
Containerphp-fpm:8.1Alpine 3.21.78.1.34, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.1-2026.27
Containerphp-fpm:8.2Alpine 3.23.48.2.31, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.2-2026.27
Containerphp-fpm:8.3Alpine 3.23.48.3.31, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.3-2026.27
Containerphp-fpm:8.4Alpine 3.23.48.4.21, composer-2.9.8amd64public.ecr.aws/webscale/php-fpm:8.4-2026.27
ContainerrabbitmqUbuntu 24.04.4 LTS4.3.0arm64public.ecr.aws/webscale/rabbitmq:2026.27
ContainervarnishDebian 12.136.0.17arm64public.ecr.aws/webscale/varnish:2026.27
Have questions not answered here? Contact Support to get more help.

Last modified on June 3, 2026