WordPress/Docker Image 5.9.3 PHP Vulnerable

Good Morning,

We are using the WordPress Docker image to deploy our environments. We are currently still required to use 5.9.3 of WordPress as we work to update some custom plugins. But with the regular image PHP is at 7.4.29 and there is a vulnerability there and I can’t find an image that include 7.4.30 of PHP. I also tried using image with PHP 8.1 but it also doesn’t have the latest version of PHP and had open vulnerabilities…

Can someone help me on if it is possible to get WordPress 5.9.3 that includes the latest PHP release?

This: FROM wordpress:5.9.3-php8.1-apache contains PHP 8.1.6 with 8.1.9 being fully patched.

This: FROM wordpress:5.9.3 contains PHP 7.4.29 with 7.4.30 being fully patched.


Hi :slight_smile:

You can try and build it yourself from the same dockerfile as these images was build, but with a different php version:

Goodnight :sweat_smile:

Thanks, I was able to create my own image that included the 7.4.30 php version. I guess the images posted into Docker are not updated for PHP patches, it just uses the latest version when the WordPress is updated?

Yes, i belive its updated if they build a new version of wordpress, they dont keep an eye out for php versions, but then again, they should be able to see the docker scan results from docker hub if they have that