PHP
PHP R16.3 (2024-07-15)
Fixed ImageMagick HEIC/HEIF support in PHP 8.1/8.2/8.3 bases
PHP R16 (2024-04-26)
Bumped PHP versions to 8.1.28 / 8.2.18 / 8.3.6
Added full support for mysql 8 pending database upgrades for Craft 5
PHP R15
PHP 8.3 support
PHP R14.3 (2023-12-03)
Bumped PHP versions to 8.2.13 / 8.1.26
Asked PHP not to advertise its version in response headers when using non-Craft php scripts
PHP R14.2 (2023-10-03)
Updated libwebp to mitigate against webp CVE-2023-4863. Note that the only way this would be potentially exploitable within a Craft project is if end users were able to upload specially crafted webp images and these were fed into ImageMagick or GD as part of the upload process. But best to get it patched anyway!
PHP R14.1 (2023-09-28)
Added avif support to GD in 8.1 and 8.2
Bumped PHP versions to 8.2.10 / 8.1.23 / 8.0.30
PHP R14.0 (2023-05-18)
PHP 8.2.6 release
Updated other PHP versions to 8.1.19 / 8.0.28 / 7.4.33
Update PHP 8.1 to latest official PHP Alpine 3.18 bases
PHP R13.4 (2023-03-28)
Updated our PHP 8.1 version from 8.1.12 to 8.1.17
PHP R13.2 (2022-11-03)
Fix for missing language info in R13
PHP R13 (2022-11-02)
Allows for modular bundle builds for additional software including profiling tools, node etc
Updated PHP to 7.4.32 / 8.0.25 / 8.1.12
PHP R12 (2022-05-25)
Updated PHP to 7.3.33 / 7.4.29 / 8.0.19 / 8.1.6
Updated iconv config to use new configuration provided by official PHP releases
Latest New Relic agent
PHP 8.1 R11.1 (2022-03-08)
Added New Relic agent to PHP 8.1 base images
PHP 8.1 R11 (2022-02-17)
Initial PHP 8.1 release, currently in Beta
This 8.1 release does not contain New Relic monitoring which is not yet compatible with PHP 8.1
PHP R11 (2022-01-31)
Switched Imagick on PHP 8.0 to use PECL packages rather than compiling from a specific commit
Added initial support for New Relic performance profiling
Added initial support for Blackfire performance profiling
These new base images contain a newer version of Imagick which is incompatible with old versions of the package `pixelandtonic/Imagine` composer package.
Please ensure your `pixelandtonic/Imagine` package has been updated to at least version `1.2.4.2`.
Alternatively you can tell Craft to use the GD library by adding `'imageDriver' => 'gd'` to your `config/general.php` file.
More details here: https://github.com/craftcms/cm...
PHP R10.5 (2021-12-20)
Fixes a bug introduced by the changes to permissions which could cause the background task runner to not execute correctly.
PHP R10.4 (2021-12-16)
Updated PHP to 7.3.33 / 7.4.26 / 8.0.13
Adjusted the configuration of the www-data user in preparation for an upcoming change to container filesystem and access permissions
PHP R10.3 (2021-09-07)
Updated PHP to 7.3.30 / 7.4.23 / 8.0.10
Added `nano` so that it can be used for runtime debugging within shells
PHP R10.2 (2021-04-25)
Updated Composer 2 to version 2.0.12 to support new GitHub access token formats
PHP R10.1 (2021-03-09)
Bug fix for Shell sessions
PHP R10 (2021-03-07)
Updated PHP to 7.3.27 / 7.4.16 / 8.0.3
Support for upcoming SSH access functionality
PHP R9.2 (2021-01-07)
Removed default no cache headers which could interfere with static caching when also using origin cache control headers
Initial beta release of PHP 8 base images
PHP 7.x R9.1 (2021-01-31)
Rolled back the iconv library to an earlier version as the latest was causing issues in some circumstances
PHP 7.x R9 (2021-01-28)
Allowed switching between Composer 1 and 2 during the bundling process
PHP 7.x R8 (2020-11-25)
Updated to PHP 7.3.24 and 7.4.12
Added binaries for webp image conversions
Added various image optimisation binaries
Removed disabled function set_time_limit - the platform will kill anything that locks up completely for 2 mins so it shouldn't be needed
PHP 7.x R7 (2020-08-02)
Updated imagemagick binaries and tweaked resource limits to prevent image conversions being killed due to over-allocating
PHP 7.x R6
Increase number of requests served by each PHP worker before recycling
Bump PHP versions to 7.4.8 / 7.3.20
PHP 7.x R5
Increased default `max_input_vars` to 10000
PHP 7.x R4
Increased default max upload size to 128MB
PHP 7.x R3
Added postgres support and bumped PHP to version 7.4.1 / 7.3.13.
PHP 7.x R2
Added additional dependencies required for Composer to install external packages using Git.
PHP 7.4 R1
Initial PHP 7.4 release. Contains PHP 7.4.0 along with other updated dependencies.
PHP 7.3 R1
Updated PHP to 7.3.11 which addresses CVE-2019-11043.
We advise that you update all of your projects to this base version immediately.
Nginx
R19 (2024-11-29)
Bumped nginx version to 1.27
R18 (2024-03-12)
Switched static cache software to a forked version with some added bug fixes, including ordering of Vary key params to avoid unnecessary duplicate caches of the same URL.
R17 (2024-02-21)
Upgrade to nginx 1.25
Added an explicit block on the X-Redirect-Url request header
R16 (2023-09-10)
Upgraded to nginx 1.21.
Added a potential fix for a caching edge case in which cache results would get mixed up when specific server errors occurred
R15.2 (2022-11-03)
Added BunnyCDN to the list of 'trusted' proxies
R15.1 (2022-10-27)
Tweaked the way URIs are passed from nginx to PHP to appease a Blitz expectation.
R15 (2022-10-18)
Added the ability to restrict path redirects to specific domains.
R14.6 (2022-09-09)
Added some documentation to the robots.txt file which is returned when using a servd.dev domain.
R14.5 (2022-06-30)
Added the ability to apply headers at the nginx level, as opposed to in twig templates.
R14.4 (2022-06-14)
Added the ability to configure static file cache headers and blocking of common vulnerability scan URLs (/wp-admin etc)
R14.3 (2022-05-03)
A fix for CORS headers on static files
R14.2 (2022-03-07)
Fixed a bug which could prevent users who were logged into the Craft CP from being able to request static files if static caching was enabled
R14.1 (2022-01-06)
Added support for handling webmanifest files with appropriate mime type.
R14.0 (2021-12-19)
Refactored how users and groups are used to enable fully-rootless execution.
R13.13 (2021-12-09)
Fixed a bug which prevented CORS headers from being returned for static files, including font files which benefit from CORS when working over multiple origins.
R13.12 (2021-11-16)
Fixed a bug in which the SCRIPT_FILENAME environment variable passed from nginx could contain double slashes for some requests which upset Craft's action urls.
R13.11 (2021-06-22)
Allows the behaviour of trailing slashes to be configured from the Servd dashboard
R13.10 (2021-06-08)
Removed some malware prevention rules which were getting in the way of real traffic.
R13.9 (2021-04-27)
Updated Cloudflare IP ranges for the proxy whitelist and real-end-user IP detection functionality.
R13.8 (2021-03-24)
Added additional rules for handling standalone php files and subfolder index.php files.
R13.7 (2021-03-02)
Increases the nginx max body size to 512MB, allowing PHP to make the call on how large the max body should be up to this limit.
R13.6 (2021-02-23)
Changed a redirect which applied to common Wordpress attack paths from a 301 to a 404.
R13.5 (2021-01-30)
Improved memory usage of nginx when static caching is enabled
R13.4 (2021-01-21)
Fixed a bug which would break URLs which had the word 'php' in the path, as long as it was in the first segment of the path and wasn't at the very start or very end. I kid you not...
R13.3 (2021-01-12)
Tweaks to response header configuration to default the following:
`X-Content-Type-Options nosniff`
`X-XSS-Protection "1; mode=block"`
Also prelim work to allow customisation of `X-Frame-Options`
R13.1 (2021-01-07)
Bugfix to prevent users who are logged into the Craft control panel receiving HTML cached by non-admin users.
R13 (2021-01-06)
Complete rewrite of the nginx configuration to support:
Complex static cache invalidation strategies, including wildcard patterns
Thundering herd protection during cache expiry
Configurable CORS headers
Arbitrary path level redirects
Ability to use server-side cache control headers to determine static cache validity
Functionality to maintain a full static copy of a website, stored in S3 which can act as a failover if the Servd platform encounters any issues
Plugin and dashboard updates will be arriving soon to allow you to configure all of this great new stuff.
R12 (2020-10-15)
Improved nginx configuration for high traffic sites
R11
Added 30d cache headers to web font file types
R10
Updated to Nginx 1.17.8
Switched rate limited HTTP response code from 503 to 429 to make it more obvious what's happening in this circumstance
Disable server token output
R9
Fixed a couple of redirects which remove trailing or duplicate slashes in the URL. They previously always redirected to `http://` now they redirect to whatever protocol was used in the original request.
R8
Updated the default log format to something more akin to Nginx's standard output
Prevented requests for favicon.ico being forwarded to Craft. Browsers love them, nobody uses them, resulting in lots of 404s and wasted CPU
R7
Added support for IP blacklist and whitelist, and rate limiting
R6
A few bug fixes related to the new caching mechanism
R5
Updated static caching to use a global cache pool rather than having individual caches per app instance.
R4
Increased default max upload size to 128MB
R3
Added support for domain level redirects
R2
Improved reliability and performance of assets served from Craft's `cpresources` directory
R1
Released!