Use newer zlib than shipped in AL2

[GrahamCampbell]

Just like in bref 1.x, because Amazon have not updated their version in a long time, and it has security issues.

[mnapoli]

Do you have more details on the version difference and which security issues are present in Lambda? (it's just that adding a new extra step to the compilation is something I'd rather avoid if possible)

[GrahamCampbell]

CVE-2022-37434 is a vulnerability that's reachable using user-land curl bindings in PHP.

[GrahamCampbell]

I went through the AL2 release notes, and no new zlib versions are listed as published any time since this vulnerability to date.

[mnapoli]

Thanks, I double-checked inside Lambda (not just the Docker image), and it's indeed the same version there too, they haven't patched the runtime. I don't want to add more to the layers but since it involves security issues let's do it.