FrankenPHP has delayed propagation of security fixes in upstream base images
Vulnerability in base Docker images (PHP, Go, and Alpine) not automatically propagating to FrankenPHP images. FrankenPHP's container images were previously built only when specific version tags were updated or when manual triggers were initiated. This meant that if an upstream base image (such as Alpine Linux or official PHP/Go images) received a security patch under an existing tag, the FrankenPHP image would remain on the older, vulnerable version of those …