2026.27

Released 2026-05-14

Changes

Mitigate CVE-2026-42945

This release includes an update to nginx 1.24.0-2ubuntu7.8 for relevant images to prevent the attack described in CVE-2026-42945.

Artifacts matrix

Image Type Family / Variant OS Packages Architectures URI
Container php-fpm:8.1-arm64 Debian 13.2 8.1.34, composer-2.9.8 arm64 public.ecr.aws/webscale/php-fpm:8.1-arm64-2026.27
Container php-fpm:8.2-arm64 Debian 13.4 8.2.31, composer-2.9.8 arm64 public.ecr.aws/webscale/php-fpm:8.2-arm64-2026.27
Container php-fpm:8.3-arm64 Debian 13.4 8.3.31, composer-2.9.8 arm64 public.ecr.aws/webscale/php-fpm:8.3-arm64-2026.27
Container php-fpm:8.4-arm64 Debian 13.4 8.4.21, composer-2.9.8 arm64 public.ecr.aws/webscale/php-fpm:8.4-arm64-2026.27
Container php-fpm:8.5-arm64 Debian 13.4 8.5.6, composer-2.9.8 arm64 public.ecr.aws/webscale/php-fpm:8.5-arm64-2026.27
Container php-fpm:8.1-deb Debian 13.2 8.1.34, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.1-deb-2026.27
Container php-fpm:8.2-deb Debian 13.4 8.2.31, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.2-deb-2026.27
Container php-fpm:8.3-deb Debian 13.4 8.3.31, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.3-deb-2026.27
Container php-fpm:8.4-deb Debian 13.4 8.4.21, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.4-deb-2026.27
Container php-fpm:8.1 Alpine 3.21.7 8.1.34, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.1-2026.27
Container php-fpm:8.2 Alpine 3.23.4 8.2.31, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.2-2026.27
Container php-fpm:8.3 Alpine 3.23.4 8.3.31, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.3-2026.27
Container php-fpm:8.4 Alpine 3.23.4 8.4.21, composer-2.9.8 amd64 public.ecr.aws/webscale/php-fpm:8.4-2026.27
Container rabbitmq Ubuntu 24.04.4 LTS 4.3.0 arm64 public.ecr.aws/webscale/rabbitmq:2026.27
Container varnish Debian 12.13 6.0.17 arm64 public.ecr.aws/webscale/varnish:2026.27

Last modified May 14, 2026