2026.25

Released 2026-04-29

Changes

Mitigate CVE-2026-31431

This change mitigates the local privilege escalation vulnerability registered as CVE-2026-31431 and documented with an exploit at https://copy.fail/.

Artifacts matrix

Image Type Family / Variant OS Packages Architectures URI
Container php-fpm:8.1-arm64 Debian 13.2 8.1.34, composer-2.9.7 arm64 public.ecr.aws/webscale/php-fpm:8.1-arm64-2026.25
Container php-fpm:8.2-arm64 Debian 13.4 8.2.30, composer-2.9.7 arm64 public.ecr.aws/webscale/php-fpm:8.2-arm64-2026.25
Container php-fpm:8.3-arm64 Debian 13.4 8.3.30, composer-2.9.7 arm64 public.ecr.aws/webscale/php-fpm:8.3-arm64-2026.25
Container php-fpm:8.4-arm64 Debian 13.4 8.4.20, composer-2.9.7 arm64 public.ecr.aws/webscale/php-fpm:8.4-arm64-2026.25
Container php-fpm:8.5-arm64 Debian 13.4 8.5.5, composer-2.9.7 arm64 public.ecr.aws/webscale/php-fpm:8.5-arm64-2026.25
Container php-fpm:8.1-deb Debian 13.2 8.1.34, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.1-deb-2026.25
Container php-fpm:8.2-deb Debian 13.4 8.2.30, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.2-deb-2026.25
Container php-fpm:8.3-deb Debian 13.4 8.3.30, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.3-deb-2026.25
Container php-fpm:8.4-deb Debian 13.4 8.4.20, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.4-deb-2026.25
Container php-fpm:8.1 Alpine 3.21.7 8.1.34, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.1-2026.25
Container php-fpm:8.2 Alpine 3.23.4 8.2.30, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.2-2026.25
Container php-fpm:8.3 Alpine 3.23.4 8.3.30, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.3-2026.25
Container php-fpm:8.4 Alpine 3.23.4 8.4.20, composer-2.9.7 amd64 public.ecr.aws/webscale/php-fpm:8.4-2026.25
Container rabbitmq Ubuntu 24.04.4 LTS 4.3.0 arm64 public.ecr.aws/webscale/rabbitmq:2026.25
Container varnish Debian 12.13 6.0.17 arm64 public.ecr.aws/webscale/varnish:2026.25

Last modified April 29, 2026