Skip to content

Releases: uselagoon/lagoon-images

lagoon-images 22.9.0

29 Sep 15:04
3828ad2
Compare
Choose a tag to compare

UPDATE: 29-Sep-2022 - we have identified an issue with the node-builder images, and have temporarily rolled these images back to the 22.8.0 versions - please use these until we remove this notice!

New Images

No new images in this release, but we will be adding (and deprecating) some in the 22.10.0 release next month that are no longer supported upstream.

Changes in this release

Package Updates

lagoon-images 22.8.0

19 Aug 01:38
b7cb369
Compare
Choose a tag to compare

New Images

  • Ruby images have now been added to lagoon-images - they are minimally configured, but suitable for a base image that could be extended bia bundler/gemfile.

Changes in this release

Package Updates

lagoon-images 22.7.0

07 Jul 23:13
6646e6c
Compare
Choose a tag to compare

This release addresses two issues with dependencies:

  • Composer 2.2 introduced a new plugin security setting. Starting July 1, 2022, composer stopped executing plugins that weren't allowed but only printed a warning. The end result was incomplete composer installations and broken websites even if a CI build completed successfully.
    Composer 2.3.9 will now throw an error if there are unallowed plugins. You will need to update allow-plugins in composer.json to resolve the error.
  • There is an OpenSSL CVE-2022-2068 that has been fixed in openresty

Package Updates

  • Update dependency openresty/openresty to v1.21.4.1-2-alpine (main) @renovate (#502)
  • Update dependency composer to v2.3.9 (main) @renovate (#503)

lagoon-images 22.6.0

27 Jun 08:30
9793072
Compare
Choose a tag to compare

New Images

The main feature of this release is the availability of updated Alpine images, at version 3.16. All alpine-based images (that aren't pinned to a previous version) have been updated to 3.16.

This release also updates the version on openresty used to v1.21.4.1

Additionally, the version of nodeJS installed with the php-cli images has been updated to the LTS version 18 (from v17). Going forwards, the php-cli images will only be installed with LTS node versions. With the release of each new Alpine release, the availability of node versions is updated to match the node release schedule. With version pinning to the most recent LTS version, we hope to give some stability to developers, and be able to match the versions alongside the other node-based images we provide.

Python2 is no longer supported by the Alpine 3.16 release. Please replicate the code in https://github.com/uselagoon/lagoon-images/blob/main/images/node-builder/14.Dockerfile#L34-L38 in your dockerfile if you are unable to upgrade to python3 😱 - the node:14 image has been provided with python2 for backwards compatibility, but the 16 and 18 images have always only had python3.

Changes in this release

Package Updates

Full Changelog: 22.5.0...22.6.0

lagoon-images 22.5.0

24 May 05:47
b81b32b
Compare
Choose a tag to compare

New Images

Deprecated Images

  • The images for Node.js v12 have been deprecated, as it exited support coverage on 2022-04-30 (as per https://nodejs.org/en/about/releases/). Previous versions of this image will continue to be available, and the :latest tag will always point to the 22.4.1 release

What's Changed

Full Changelog: 22.4.1...22.5.0

lagoon-images 22.4.1

20 Apr 06:54
ab6b9a3
Compare
Choose a tag to compare

Security release

This release addresses CVE-2022-24828 in composer - updating the versions of composer included in the base images to 1.10.26 and 2.2.12 (2.3.5 is still under consideration for inclusion, but is available to users via the --self-update flag to composer)

Notes about this release

There were some 22.5.0 images inadvertently tagged to dockerhub - these tags have now been replaced with 22.4.1 - they are the same content - the :latest tag still points to 22.4.1

Changes in this release

Package Updates

Full Changelog: 22.4.0...22.4.1

lagoon-images 22.4.0

07 Apr 08:58
e860da6
Compare
Choose a tag to compare

The upstream Alpine releases in this release cover a number of vulnerabilities:

As of this release all supported (non-EOL) Alpine-based images are at their most recent versions (3.15.4 and 3.14.6/3.12.12 for those images pinned there)

Changes in this release

Package Updates

New Contributors

Full Changelog: 22.3.0...22.4.0

lagoon-images 22.3.0

28 Mar 05:00
4a0012b
Compare
Choose a tag to compare

Changes in this release

PHP-based images

  • The XDEBUG settings for php have been updated to support XDebug 3 natively. Xdebug was always the default in PHP8.0 and PHP8.1, but owing to cross-configuration with PHP7.4, the necessary settings weren't configured properly. In this release, the PHP7.4 bundled version of the XDebug library has been updated to version 3 with the correct settings present.

  • The New Relic and Blackfire agents have been updated and added to the PHP8.1 images.

  • In addition, the build process has been optimised for the php-based images, and the resultant images are now almost 60% smaller than before.

Alpine Security fixes

This release also brings a raft of Alpine security updates:

All current Alpine-based images are running the latest version of Alpine ( 3.15.2, 3.14.4, 3.12.10).
We are considering how best to continue to support the images built on previous, unsupported versions of Alpine (solr-7.7, mongo, varnish-5)

Other changes

New Images

Package Updates

New Contributors

Full Changelog: 22.2.0...22.3.0

lagoon-images 22.2.0 (Alpine 3.15 and version updates)

21 Feb 06:03
d1bd4da
Compare
Choose a tag to compare

New Images

In this release, all images have been updated to Alpine 3.15 (release notes at https://alpinelinux.org/posts/Alpine-3.15.0-released.html)

In addition, we have also filled out the versions available for some of our images

  • Postgres is now available in versions 11,12,13,14 - with -drupal variants
  • Solr 8 is now available
  • Python is now available in versions 3.7,3.8,3.9,3.10 - mirroring officially supported versions
  • MariaDB is now available in versions 10.4,10.5,10.6 - with -drupal variants

In addition, we have broadened some of the test suites to provide better coverage, and streamlined some build steps to improve performance.

This release also includes the image updates required to address CVE-2021-21708 in PHP images.

Notes from the field

This Alpine release updated the openssh client libraries to version 8.8, which has deprecated support for RSA/SHA-1 keys (because they're bad!). If you use SSH from within your docker image, you should create a more cryptographically secure key. Details at https://www.openssh.com/releasenotes.html

Changes in this release

Package Updates

Full Changelog: 22.1.0...22.2.0

lagoon-images 22.1.0

30 Jan 23:24
c6cbe51
Compare
Choose a tag to compare

Changes in this release

  • use official openresty package image instead of source image @tobybellwood (#338)
  • update ELK log4j versions for new images @tobybellwood (#383)
  • fixup jenkinsfile tests for upstream lagoon-example repo changes @tobybellwood (#376)
  • update PHP agents and apps @tobybellwood (#378)
    • NewRelic PHP Agent to 9.18.1.303
    • Blackfire Agent to 2.5.2
    • Composer 1.x to 1.10.24
    • Drush 8.x to 8.4.10
    • Drush Launcher to 0.9.3

Package Updates

  • Update composer Docker tag to v2.2.5 (main) @renovate (#390)
  • Update composer Docker tag to v2.2.4 (main) @renovate (#372)
  • Update dependency Imagick/imagick to v3.7.0 (main) @renovate (#380)
  • Update dependency phpredis/phpredis to v5.3.6 (main) @renovate (#382)
  • Update python Docker tag to v3.9.10 (main) @renovate (#384)
  • Update ELK Stack Docker tags to v7.10.2 (main) (minor) @renovate (#180)
  • Update ELK Stack Docker tags to v6.8.23 (main) (patch) @renovate (#381)
  • Update rabbitmq Docker tag to v3.8.27 (main) @renovate (#377)

Full Changelog: 21.12.2...22.1.0