lagoon-images 21.12.0

Security Advisories

This image release has been made to mitigate CVE-2021-44228, which covers Apache-log4j2

The mitigation included in all images that use Java (Solr, Elasticsearch and Logstash) is to add additional system properties to the JVM startup log4j2.formatMsgNoLookups=true

If you inherit these images and set additional system properties via SOLR_OPTS, LS_JAVA_OPTS, or ES_JAVA_OPTS, please make sure to either include the additional mitigation above, or via the environment variables defined in the log4j notice.

For users of the (now deprecated for a few months) Solr 5 and Solr 6 images - there are no know mitigations, and there are unlikely to be. Please update your sites to Solr 7 ASAP.

New Images

• PHP 8.1 has been added to the scheduled releases, including Composer 2 support as standard
• Solr 8 has been released as an "experimental" image - pending further testing. The upgrade path from Solr 7 to Solr 8 will require testing before rolling to production, and there are additional steps required to configure custom Solr configurations.

Deprecated Images

• PHP 7.3 is now no longer supported and the images will no longer be updated. Existing images will remain available for use on docker hub, but no updates will be made to them. You should update to PHP 8.0/8.1 ASAP (7.4 will be EOL in 2022)

Changes in this release

• Adding SOLR_OPTS, LS_JAVA_OPTS, and ES_JAVA_OPTS to patch against CVE-2021-44228 @cdchris12 (#358)
• Adds PHP 8.1, removes PHP 7.3 @tobybellwood (#352)
• change to "varnish" user as per upstream for varnish-6 @tobybellwood (#354)
• Add Experimental Solr 8 images @tobybellwood (#97)

Package Updates

• Update composer Docker tag to v2.1.14 (main) @renovate (#356 #359)
• Update dependency xdebug/xdebug to v3.1.2 (main) @renovate (#355 #360)
• Update solr Docker tag to v8.10.1 (main) @renovate (#350)

Full Changelog: 21.11.1...21.12.0