Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default versions should float the patch #553

Open
menehune23 opened this issue Oct 8, 2021 · 2 comments
Open

Default versions should float the patch #553

menehune23 opened this issue Oct 8, 2021 · 2 comments

Comments

@menehune23
Copy link
Contributor

This buildpack's manifest.yml contains pinned default versions, such as php 7.4.23. We should change our defaults to float patches where appropriate, to help consumers build more secure apps (for instance, 7.4.23 has a CVE but the buildpack also provides 7.4.24).
@sophiewigmore
Copy link
Member

This seems reasonable. I looked back at the history of the manifest.yml and I can't see anything that would indicate why this value needs to be hardcoded. We should do this.

@johnnyr0x
Copy link

Moving to icebox. Can pick up if it becomes an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
CF Buildpacks Workstreams
Status: Not scoped
Milestone
No milestone
Development

No branches or pull requests
3 participants
@menehune23 @johnnyr0x @sophiewigmore