Question: Error in post installation: eramba | PHP Deprecated

Did anyone faced this issue? Right after a new community installation, I am getting many of these errors tried steps suggested in Question - Post install PHP Errors - Forum - Installation - eramba, but not worked. Tried to delete all containers and images from docker and starting from scratch, but also not worked.

Hello,

Please write us to support@eramba.org with the complete logs from docker so we can review them.

Not sure if this is a similar issue but our vulnerability software detects that our docker installation of eramba is running on php 8.2.1, released over a year ago. The latest 8.2.x version is 8.2.15. I’ve checked the installed version in the container and it is 8.2.1 so its not a false positive. I tried apt update and apt list --upgradable within the container to see what updates are available but it doesn’t list any php ones. Strangely apt list --installed | grep php also returns no entries so it appears php was not installed in the container through apt. That, unfortunately is as far as my docker skills go.

Now for the irony…

This would make the eramba compliance server not compliant. The docker image on github was released 11 months ago in March 2023. I’m pretty confident that there have been security updates since then and there are a lot of standards that require updates to be applied within a time range that is less than 11 months.

Any guidance on how I make my compliance server compliant would be much appreciated.

Thanks in anticipation

8.2.1 is perfectly well under support from PHP, PHP: Supported Versions
am i missing something?

I may be mistaken but here’s my thoughts so you can see how I got to the above point of view.
In my docker I see this:

root@34840c20697b:/var/www/html# cat /etc/os-release
PRETTY_NAME=“Debian GNU/Linux 11 (bullseye)”
NAME=“Debian GNU/Linux”
VERSION_ID=“11”

so its a Debian 11 based container. Doing this:

root@34840c20697b:/var/www/html# php --version
PHP 8.2.1 (cli) (built: Jan 11 2023 07:25:22) (NTS)

gives me the version of PHP.

A quick search for latest php 8.2 on Debian took me here

Debian -- Details of package php8.2 in bookworm

Which shows the latest version is

8.2.7-1~deb12u1

But as you can see in the URL this is a bookworm release not bullseye. The latest Bullseye release still appears to be 7.4 as shown here

Debian -- Software Packages in "bullseye", Subsection php

and trying to see if there is an 8.2 release using this url

Debian -- Error

results in the message : “Package not available in this suite.”
As

apt list --installed | grep php

returns nothing where as this would normally allow you to see both the subversion and backported patch versions eg

php8.2-cli/focal,now 8.2.15-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,automatic]

(I don’t have a debian install to get the debian output of apt)

I can only assume that php8.2 has been pushed into the bullseye container using a different method but either way the build date of the php8.2.1 is listed as January 2023

php 8.2.7 is a security release (source:PHP: PHP 8.2.7 Release Announcement) and was released on 8th June 2023 (source:PHP: PHP 8 ChangeLog) and there have been 8 more 8.2.x series PHP releases since then with the current one being 8.2.15 released a year after the one currently in the eramba docker container I have which was created 26th May 2023 so is presumably the lastest one released on 13th March 2023 (Release 1.4.0 · eramba/docker · GitHub)

The link you provide shows PHP 8.2.x is supported for security until December 2025 but it still needs to have the 8.2.x updates applied to be a) secure and b) compliant with any standards that require security updates to be applied within a certain timeframe after release (eg Cyber Essentials).

I don’t understand docker well enough to see how a version of PHP not listed under the available packages for the version of debian and not showing in the list of installed applications (app list --installed) was added to the container.

I don’t know whether manually copying in a later version of the php file (eg v8.2.7 from the debian repos or v8.2.15 from php) into the container will break eramba.

If I’m missing something here I’m happy to be corrected.

Chris

Hello,

What version of eramba are you using?

Don’t remember but as if yesterday the latest available community release installed via docker. I checked again yesterday in case there was an update I’d missed or in case the recently announced release that’s not yet available was now available. :crossed_fingers:
:grinning:

I will create instructions on how to do the image switch procedure. With that process, you should end up on 2.8.11 which is the latest PHP that we are using because of some code specifications. I will update the post. It is not so easy just to update PHP and expect that everything works without problem, it requires a lot of testing.

Here you go: Docker Install | Eramba learning portal