Having buildpack: php_buildpack defined in our manifest.yml this should resolve to the latest CloudFoundry PHP Buildpack to my understanding.
But this resolves to Buildpack version 4.3.21 while Github mentions 4.3.22 as latest release. How does this happen? Do we need to trigger something/someone? Of course we don't want to specify a specific release tag in our manifest.
Additionally "PHP_VERSION": "{PHP_70_LATEST}" in options.json should resolve to the latest stable PHP 7 version but it resolves to 7.0.11 which is according to the PHP Release Announcements an insecure version which should not be used anymore.
Same applies to PHP_56_LATEST as it resolves to 5.6.7 which is a well outdated in favor of 5.6.28 (security release as well).
We didn't check for htttpd an others because we'd somehow rely on getting most recent, stable and secure versions.
php_buildpack refers to the latest version of the buildpack installed on the Cloud Foundry installation you are using (i.e. the Swisscom Application Cloud). It gets updated as soon as the version of Cloud Foundry gets updated because the buildpack is bundled with CF. If you really want to use the absolute latest buildpack, you'll have to pull it directly from GitHub. You can do so by specifying
buildpack: https://github.com/cloudfoundry/php-buildpack.git
The versions for PHP are also bundled with the buildpack. It will always install the latest version of the range you are specifying which is installed in the version of the buildpack you are using. You can find these versions here: https://github.com/cloudfoundry/php-buildpack/blob/master/manifest.yml (you can check out the file for different git tags of the buildpack to see which versions of PHP they come bundled with).