hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2026-06-15 12:50:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: update PHP to 8.5

Browse Source
This commit is contained in:
hoellen
2026-06-09 09:23:28 +02:00
parent afe748865e
commit 49df44d2ca
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+1 -2
View File
@@ -1,6 +1,6 @@
# -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=34.0.0
ARG PHP_VERSION=8.4
ARG PHP_VERSION=8.5
ARG NGINX_VERSION=1.30
ARG ALPINE_VERSION=3.23
@@ -62,7 +62,6 @@ RUN apk -U upgrade \
bz2 \
intl \
ldap \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
rootfs/usr/local/etc/php/conf.d/docker-php-ext-opcache.ini
-1
View File
@@ -1,4 +1,3 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
+7 -4
View File
@@ -15,7 +15,10 @@ sp.harden_random.enable();
# Globally activate strict mode
# https://www.php.net/manual/en/language.types.declarations.php#language.types.declarations.strict
sp.global_strict.enable();
# Disabled: PHP 8.5 expanded strict_types=1 to reject implicit object->string
# coercion via __toString(). This breaks symfony/console Helper::substr() which
# returns UnicodeString from a :string method. No per-file exclusion available.
# sp.global_strict.enable();
# Prevent unserialize-related exploits
# sp.unserialize_hmac.enable();
@@ -34,7 +37,7 @@ sp.sloppy_comparison.enable();
# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
sp.cookie.name("PHPSESSID").samesite("lax");
# Nextcloud whitelist (tested with Nextcloud 27.0.1)
# Nextcloud whitelist (tested with Nextcloud 34.0.0)
sp.disable_function.function("function_exists").param("function").value("proc_open").filename("/nextcloud/3rdparty/symfony/console/Terminal.php").allow();
sp.disable_function.function("function_exists").param("function").value("exec").filename("/nextcloud/lib/private/legacy/OC_Helper.php").allow();
sp.disable_function.function("function_exists").param("function").value("exec").filename("/nextcloud/lib/public/Util.php").allow();
@@ -48,8 +51,8 @@ sp.disable_function.function("ini_get").param("option").value("allow_url_fopen")
sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow();
sp.disable_function.function("libxml_set_external_entity_loader").drop();
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow();
sp.disable_function.function("libxml_set_external_entity_loader").drop();
# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
sp.disable_function.function("chmod").param("permissions").value("438").drop();