From ba9517b8c3659f64f0dd2a2692e4e3bbd226d753 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Fri, 16 Oct 2020 17:05:02 +0200
Subject: [PATCH 1/2] Update manifest.json

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 255e31f..9c5ba09 100644
--- a/manifest.json
+++ b/manifest.json
@@ -17,7 +17,7 @@
     "multi_instance": true,
     "services": [
         "nginx",
-        "php7.3-fpm",
+        "php7.0-fpm",
         "mysql",
         "postgresql"
     ],

From 77e18fc37d4867e8544888bfa0f0a831f644be04 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Sun, 25 Oct 2020 11:08:03 +0100
Subject: [PATCH 2/2] Update nginx.conf to protect against path traversal issue

---
 conf/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 9463a33..45f487b 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,5 +1,5 @@
- location __PATH__
- {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; 
+location __PATH__/ {
     alias __FINALPATH__/;
 	# Force https
 	if ($scheme = http)