# AWS SDK for PHP

Endless Lifecycle Support (ELS) for AWS SDK for PHP from TuxCare provides security fixes for AWS SDK for PHP library versions that have reached their end-of-life. This allows you to continue running your applications without vulnerability concerns, even after official support has ended.

# Supported Versions

• AWS SDK for PHP 3.263.4

Other versions upon request.

# Connection to ELS for AWS SDK for PHP Repository

This guide outlines the steps needed to integrate the TuxCare ELS for AWS SDK for PHP repository into your application. The repository provides trusted AWS SDK for PHP library versions that can be easily integrated into your Composer projects.

# Step 1: Get user credentials

You need a username and password in order to use the TuxCare ELS for AWS SDK for PHP repository. Anonymous access is disabled. To receive the credentials, please contact sales@tuxcare.com.

# Step 2: Configure Composer authentication

1. Create or edit the auth.json file for the user running Composer:

   • Linux/macOS:

     ~/.composer/auth.json
     

   • Windows:

     %APPDATA%\Composer\auth.json
     

2. Use either the Composer CLI or edit auth.json directly to add your credentials for nexus.repo.tuxcare.com.

   Composer CLIauth.json

   

   composer config --global --auth http-basic.nexus.repo.tuxcare.com USERNAME PASSWORD

   Replace USERNAME and PASSWORD with the credentials you received in Step 1.

# Step 3: Register the TuxCare repository

Add the els_php Composer repository either via CLI or by editing composer.json:

Composer CLIcomposer.json

composer config repositories.tuxcare '{"type":"composer","url":"https://nexus.repo.tuxcare.com/repository/els_php/","options":{"http":{"verify":true}}}' --json

# Step 4: Install AWS SDK for PHP

Install the TuxCare-maintained AWS SDK for PHP release that matches your project:

Composer CLIcomposer.json

composer require aws/aws-sdk-php:3.263.4-p1+tuxcare

Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.

If you edited composer.json manually, run composer update to install the package:

composer update

Composer will resolve dependencies against the TuxCare repository and install the patched releases.

# Composer Repository Configuration

If you encounter dependency resolution errors like:

packages from higher priority repository do not match your constraint

it usually means your project requires a package version that is not yet available in the TuxCare repository.

Solution: Update your composer.json to set the TuxCare repository as non-canonical:

{
    "repositories": [
        {
            "type": "composer",
            "url": "https://nexus.repo.tuxcare.com/repository/els_php/",
            "canonical": false
        }
    ]
}

This allows Composer to fall back to Packagist for packages not available in the TuxCare repository, while still preferring TuxCare patches when available.

# Vulnerability Exploitability eXchange (VEX)

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks.

TuxCare provides VEX for AWS SDK for PHP ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_php/aws-sdk-php/.

# How to Upgrade to a Newer Version

If you have already installed a TuxCare AWS SDK for PHP package and want to upgrade to a newer release, update the version string in your composer.json file or run the composer require command with the new version:

composer require aws/aws-sdk-php:VERSION-pN+tuxcare

Then run composer update to apply the changes:

composer update

# Resolved CVEs in AWS SDK for PHP

Fixes for the following vulnerabilities are available in ELS for AWS SDK for PHP from TuxCare:

If you are interested in the TuxCare Endless Lifecycle Support, contact sales@tuxcare.com.