PHP security issue CVE-2021-21708

Regarding the fresh reported PHP issue CVE-2021-21708

Good review:
https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/

The problem exists in PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3 in other words: check your system is using 7.4.28, 8.0.16 or 8.1.3.

PHP version is shown at - https://<nextcloud.mydomain>/settings/admin/serverinfo - if you are versions older then 7.4.28, 8.0.16 or 8.1.3 you should update ASAP.

My (original) docker container 23.0.2 pulled 5-6 days ago contains 8.0.16 already.

4 Likes