Base Software Versions
PHP R13.2 (2022-11-03)
- Fix for missing language info in R13
PHP R13 (2022-11-02)
- Allows for modular bundle builds for additional software including profiling tools, node etc
- Updated PHP to 7.4.32 / 8.0.25 / 8.1.12
PHP R12 (2022-05-25)
- Updated PHP to 7.3.33 / 7.4.29 / 8.0.19 / 8.1.6
- Updated iconv config to use new configuration provided by official PHP releases
- Latest New Relic agent
PHP 8.1 R11.1 (2022-03-08)
- Added New Relic agent to PHP 8.1 base images
PHP 8.1 R11 (2022-02-17)
- Initial PHP 8.1 release, currently in Beta
- This 8.1 release does not contain New Relic monitoring which is not yet compatible with PHP 8.1
PHP R11 (2022-01-31)
- Switched Imagick on PHP 8.0 to use PECL packages rather than compiling from a specific commit
- Added initial support for New Relic performance profiling
- Added initial support for Blackfire performance profiling
These new base images contain a newer version of Imagick which is incompatible with old versions of the package pixelandtonic/Imagine composer package.
Please ensure your pixelandtonic/Imagine package has been updated to at least version 220.127.116.11.
Alternatively you can tell Craft to use the GD library by adding 'imageDriver' => 'gd' to your config/general.php file.
More details here: https://github.com/craftcms/cm...
PHP R10.5 (2021-12-20)
- Fixes a bug introduced by the changes to permissions which could cause the background task runner to not execute correctly.
PHP R10.4 (2021-12-16)
- Updated PHP to 7.3.33 / 7.4.26 / 8.0.13
- Adjusted the configuration of the www-data user in preparation for an upcoming change to container filesystem and access permissions
PHP R10.3 (2021-09-07)
- Updated PHP to 7.3.30 / 7.4.23 / 8.0.10
- Added nano so that it can be used for runtime debugging within shells
PHP R10.2 (2021-04-25)
- Updated Composer 2 to version 2.0.12 to support new GitHub access token formats
PHP R10.1 (2021-03-09)
- Bug fix for Shell sessions
PHP R10 (2021-03-07)
- Updated PHP to 7.3.27 / 7.4.16 / 8.0.3
- Support for upcoming SSH access functionality
PHP R9.2 (2021-01-07)
- Removed default no cache headers which could interfere with static caching when also using origin cache control headers
- Initial beta release of PHP 8 base images
PHP 7.x R9.1 (2021-01-31)
- Rolled back the iconv library to an earlier version as the latest was causing issues in some circumstances
PHP 7.x R9 (2021-01-28)
- Allowed switching between Composer 1 and 2 during the bundling process
PHP 7.x R8 (2020-11-25)
- Updated to PHP 7.3.24 and 7.4.12
- Added binaries for webp image conversions
- Added various image optimisation binaries
- Removed disabled function set_time_limit - the platform will kill anything that locks up completely for 2 mins so it shouldn't be needed
PHP 7.x R7 (2020-08-02)
Updated imagemagick binaries and tweaked resource limits to prevent image conversions being killed due to over-allocating
PHP 7.x R6
Increase number of requests served by each PHP worker before recycling
Bump PHP versions to 7.4.8 / 7.3.20
PHP 7.x R5
Increased default max_input_vars to 10000
PHP 7.x R4
Increased default max upload size to 128MB
PHP 7.x R3
Added postgres support and bumped PHP to version 7.4.1 / 7.3.13.
PHP 7.x R2
Added additional dependencies required for Composer to install external packages using Git.
PHP 7.4 R1
Initial PHP 7.4 release. Contains PHP 7.4.0 along with other updated dependencies.
PHP 7.3 R1
Updated PHP to 7.3.11 which addresses CVE-2019-11043.
We advise that you update all of your projects to this base version immediately.
Added BunnyCDN to the list of 'trusted' proxies
Tweaked the way URIs are passed from nginx to PHP to appease a Blitz expectation.
Added the ability to restrict path redirects to specific domains.
Added some documentation to the robots.txt file which is returned when using a servd.dev domain.
Added the ability to apply headers at the nginx level, as opposed to in twig templates.
Added the ability to configure static file cache headers and blocking of common vulnerability scan URLs (/wp-admin etc)
A fix for CORS headers on static files
Fixed a bug which could prevent users who were logged into the Craft CP from being able to request static files if static caching was enabled
Added support for handling webmanifest files with appropriate mime type.
Refactored how users and groups are used to enable fully-rootless execution.
Fixed a bug which prevented CORS headers from being returned for static files, including font files which benefit from CORS when working over multiple origins.
Fixed a bug in which the SCRIPT_FILENAME environment variable passed from nginx could contain double slashes for some requests which upset Craft's action urls.
Allows the behaviour of trailing slashes to be configured from the Servd dashboard
Removed some malware prevention rules which were getting in the way of real traffic.
Updated Cloudflare IP ranges for the proxy whitelist and real-end-user IP detection functionality.
Added additional rules for handling standalone php files and subfolder index.php files.
Increases the nginx max body size to 512MB, allowing PHP to make the call on how large the max body should be up to this limit.
Changed a redirect which applied to common Wordpress attack paths from a 301 to a 404.
Improved memory usage of nginx when static caching is enabled
Fixed a bug which would break URLs which had the word 'php' in the path, as long as it was in the first segment of the path and wasn't at the very start or very end. I kid you not...
Tweaks to response header configuration to default the following:
X-XSS-Protection "1; mode=block"
Also prelim work to allow customisation of X-Frame-Options
Bugfix to prevent users who are logged into the Craft control panel receiving HTML cached by non-admin users.
Complete rewrite of the nginx configuration to support:
- Complex static cache invalidation strategies, including wildcard patterns
- Thundering herd protection during cache expiry
- Configurable CORS headers
- Arbitrary path level redirects
- Ability to use server-side cache control headers to determine static cache validity
- Functionality to maintain a full static copy of a website, stored in S3 which can act as a failover if the Servd platform encounters any issues
Plugin and dashboard updates will be arriving soon to allow you to configure all of this great new stuff.
Improved nginx configuration for high traffic sites
Added 30d cache headers to web font file types
Updated to Nginx 1.17.8
Switched rate limited HTTP response code from 503 to 429 to make it more obvious what's happening in this circumstance
Disable server token output
Fixed a couple of redirects which remove trailing or duplicate slashes in the URL. They previously always redirected to http:// now they redirect to whatever protocol was used in the original request.
Updated the default log format to something more akin to Nginx's standard output
Prevented requests for favicon.ico being forwarded to Craft. Browsers love them, nobody uses them, resulting in lots of 404s and wasted CPU
Added support for IP blacklist and whitelist, and rate limiting
A few bug fixes related to the new caching mechanism
Updated static caching to use a global cache pool rather than having individual caches per app instance.
Increased default max upload size to 128MB
Added support for domain level redirects
Improved reliability and performance of assets served from Craft's cpresources directory