Did anyone faced this issue? Right after a new community installation, I am getting many of these errors tried steps suggested in Question - Post install PHP Errors - Forum - Installation - eramba, but not worked. Tried to delete all containers and images from docker and starting from scratch, but also not worked.
Hello,
Please write us to support@eramba.org with the complete logs from docker so we can review them.
Not sure if this is a similar issue but our vulnerability software detects that our docker installation of eramba is running on php 8.2.1, released over a year ago. The latest 8.2.x version is 8.2.15. I’ve checked the installed version in the container and it is 8.2.1 so its not a false positive. I tried apt update and apt list --upgradable within the container to see what updates are available but it doesn’t list any php ones. Strangely apt list --installed | grep php also returns no entries so it appears php was not installed in the container through apt. That, unfortunately is as far as my docker skills go.
Now for the irony…
This would make the eramba compliance server not compliant. The docker image on github was released 11 months ago in March 2023. I’m pretty confident that there have been security updates since then and there are a lot of standards that require updates to be applied within a time range that is less than 11 months.
Any guidance on how I make my compliance server compliant would be much appreciated.
Thanks in anticipation
I may be mistaken but here’s my thoughts so you can see how I got to the above point of view.
In my docker I see this:
root@34840c20697b:/var/www/html# cat /etc/os-release
PRETTY_NAME=“Debian GNU/Linux 11 (bullseye)”
NAME=“Debian GNU/Linux”
VERSION_ID=“11”
so its a Debian 11 based container. Doing this:
root@34840c20697b:/var/www/html# php --version
PHP 8.2.1 (cli) (built: Jan 11 2023 07:25:22) (NTS)
gives me the version of PHP.
A quick search for latest php 8.2 on Debian took me here
Which shows the latest version is
8.2.7-1~deb12u1
But as you can see in the URL this is a bookworm release not bullseye. The latest Bullseye release still appears to be 7.4 as shown here
and trying to see if there is an 8.2 release using this url
results in the message : “Package not available in this suite.”
As
apt list --installed | grep php
returns nothing where as this would normally allow you to see both the subversion and backported patch versions eg
php8.2-cli/focal,now 8.2.15-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,automatic]
(I don’t have a debian install to get the debian output of apt)
I can only assume that php8.2 has been pushed into the bullseye container using a different method but either way the build date of the php8.2.1 is listed as January 2023
php 8.2.7 is a security release (source:PHP: PHP 8.2.7 Release Announcement) and was released on 8th June 2023 (source:PHP: PHP 8 ChangeLog) and there have been 8 more 8.2.x series PHP releases since then with the current one being 8.2.15 released a year after the one currently in the eramba docker container I have which was created 26th May 2023 so is presumably the lastest one released on 13th March 2023 (Release 1.4.0 · eramba/docker · GitHub)
The link you provide shows PHP 8.2.x is supported for security until December 2025 but it still needs to have the 8.2.x updates applied to be a) secure and b) compliant with any standards that require security updates to be applied within a certain timeframe after release (eg Cyber Essentials).
I don’t understand docker well enough to see how a version of PHP not listed under the available packages for the version of debian and not showing in the list of installed applications (app list --installed) was added to the container.
I don’t know whether manually copying in a later version of the php file (eg v8.2.7 from the debian repos or v8.2.15 from php) into the container will break eramba.
If I’m missing something here I’m happy to be corrected.
Chris
Hello,
What version of eramba are you using?
Don’t remember but as if yesterday the latest available community release installed via docker. I checked again yesterday in case there was an update I’d missed or in case the recently announced release that’s not yet available was now available. 
I will create instructions on how to do the image switch procedure. With that process, you should end up on 2.8.11 which is the latest PHP that we are using because of some code specifications. I will update the post. It is not so easy just to update PHP and expect that everything works without problem, it requires a lot of testing.
Thanks for that @sam For a docker newb those instructions are really clear and easy to follow. Much appreciated.
I’ve picked up the upgrade task today. I upgraded to 3.23.2 through the web interface first to make sure I was all up to date. From the bash prompt I checked and there were 100 packages with available updates in the docker container. So following the instructions…
At step 5
Pull desired image
I followed the instructions:
docker pull ghcr.io/eramba/eramba:{tag}
and ran
docker pull ghcr.io/eramba/eramba:latest
as I knew I was already on the latest version.
However now I’m back in the web interface again it says I’m on 3.23.1 and the 3.23.2 patch is available (again)
I have 2 questions
- is this going to cause an issue upgrading from 3.23.1 to 3.23.2 again?
- is there a way of find out what version the :latest points to to avoid this in future or is it a case of having to specify a number rather than use latest?
As you’ve said php is now on 8.2.11. 
I’ve run
apt update
in the container immediately after creating it and there are no longer 100 updates , but there are still 10 updates available:
base-files
libgnutls-dane0
libgnutls30
libisl23
libsystemd0
libudev1
libunbound8
linux-libc-dev
tar
tzdata
usr-is-merged
Also
3) the latest version of php8.2 (which doesn’t show in the list) is now 8.2.16. I’m guessing the same issues are present in the cron container as that appears to be based on the same image.
4) The version of Mysql listed in the docker-compose.simple-install.yml file is 8.0.28, released 2 years ago 2022-01-28 (source:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/) There have been another 8 releases since then and the latest version is 8.0.36. There are security updates in 8.0.29 from April 2022 relating to Openssl (I’ve not checked more recent releases yet).
I understand the amount of testing that can be involved in moving to a new version but our compliance rules stipulate security patches must be applied within 14 days. We have to renew every 12 months and be reassessed. Its my experience/understanding that for most apps point version (eg. the x part of 8.0.x) updates don’t usually affect functionality and 8.0.28 should functionally be the equivalent of 8.0.36. Any non backwards compatible change in functionality would have resulted in an 8.1.x variant.
Are there any plans to move to a version of mysql that is more up to date? Or is there a mitigation we can use because of the way the containers are configured?
Going forward,
- how frequently will the docker container be updated to include new versions of the included packages?
- how can i check for new releases? I thought it might be here : Releases · eramba/docker · GitHub but the latest release there is 12 months old
Thanks in anticipation
most probably it will be fine, but make backup just to be sure.
It should be always the latest. Maybe you just hit the interval where we were rebuilding the new image.
But it is safer to pull required tag and then tag it as a latest manually.
We will be pulling minor versions automatically from now on. So with every release you will have an updated image.
I will have a look at this as well. I believe that you can pull a newer version of MySQL image but it requires some docker knowledge.
Updates of docker container always come together with eramba update, for sure we don’t want to do that separately.
You are looking at a docker repository, you will have to look at eramba repository but unfortunately, that repo is not public (it might be in the future), so the only way is to follow our forum and we are also sending email to enterprise and community users when there is a new major release.