[Package Request] - Update PHP8.3 => 8.3.15

[adnweedon]

What package is missing from Amazon Linux 2023? Please describe and include package name.
Please can PHP 8.3 be upgraded from 8.3.10 to 8.3.15, so we can benefit from 6 months worth of bug fixes and security patches.

Is this an update to existing package or new package request?
Update

Is this package available in Amazon Linux 2? If it is available via external sources such as EPEL, please specify.
I have no idea - I can't find a package list like I can for AL2023, sorry!

Any additional information you'd like to include. (use-cases, etc)
This brings in fixes for some CVEs, including two that have CVSS of 9.8:

• https://www.cvedetails.com/cve/CVE-2024-11236/ (fixed in 8.3.14)
• https://www.cvedetails.com/cve/CVE-2024-8932/ (fixed in 8.3.14)

[stewartsmith]

For completeness, Amazon Linux 2023 is Not Affected by CVE-2024-11236, and we have evaluated CVE-2024-8932.html in the context of Amazon Linux (details at https://explore.alas.aws.amazon.com/CVE-2024-8932.html ). Notably, https://explore.alas.aws.amazon.com/CVE-2024-8932.html affects running 32-bit, of which AL2023 does not ship 32bit packages.

I'm keeping this issue open for a general PHP update though.

[gregnetau]

PHP 8.3.16 is now available.

I had similar "long-out-of-date" issues with PHP8.1 back on Amazon Linux 2 - and we seem to be back to this situation again.

The issue now is, I can't just go using EPEL and add 3rd party repositories like I did with Remi on AL2 - as they do not work in AL2023 - which means Amazon needs to increase their cadence of application updates for the N & N-1 versions of application frameworks that their vast majority of customers use on AWS.

[Fnu-Nishant]

Thanks for reaching out to us. We have opened work to update PHP. It will be available in future release, please keep an eye on release notes.