Releases: uselagoon/lagoon-images
lagoon-images 22.7.0
This release addresses two issues with dependencies:
- Composer 2.2 introduced a new plugin security setting. Starting July 1, 2022, composer stopped executing plugins that weren't allowed but only printed a warning. The end result was incomplete composer installations and broken websites even if a CI build completed successfully.
Composer 2.3.9 will now throw an error if there are unallowed plugins. You will need to updateallow-pluginsin composer.json to resolve the error. - There is an OpenSSL CVE-2022-2068 that has been fixed in openresty
Package Updates
Contributors
Assets 2
lagoon-images 22.6.0
New Images
The main feature of this release is the availability of updated Alpine images, at version 3.16. All alpine-based images (that aren't pinned to a previous version) have been updated to 3.16.
This release also updates the version on openresty used to v1.21.4.1
Additionally, the version of nodeJS installed with the php-cli images has been updated to the LTS version 18 (from v17). Going forwards, the php-cli images will only be installed with LTS node versions. With the release of each new Alpine release, the availability of node versions is updated to match the node release schedule. With version pinning to the most recent LTS version, we hope to give some stability to developers, and be able to match the versions alongside the other node-based images we provide.
Python2 is no longer supported by the Alpine 3.16 release. Please replicate the code in https://github.com/uselagoon/lagoon-images/blob/main/images/node-builder/14.Dockerfile#L34-L38 in your dockerfile if you are unable to upgrade to python3 😱 - the node:14 image has been provided with python2 for backwards compatibility, but the 16 and 18 images have always only had python3.
Changes in this release
- build postgres drupal images @tobybellwood (#494)
- Add FreeType 2 support to GD @seanhamlin (#492)
- update upstream images for Alpine 3.16 @tobybellwood (#483)
- Implementing MAXMEMORYPOLICY for redis images @cdchris12 (#477)
Package Updates
- Update dependency solr to v8.11.2 (main) @renovate (#499)
- Update dependency postgres to v14.4 (main) @renovate (#493)
- Update Node.js to v18.4 (main) @renovate (#489)
- Update dependency python to v3.10.5 (main) @renovate (#482)
- Update dependency php to v7.4.30 (main) @renovate (#484)
- Update dependency php to v8.0.20 (main) @renovate (#485)
- Update dependency php to v8.1.7 (main) @renovate (#486)
- Update dependency rabbitmq to v3.8.34 (main) @renovate (#478)
- Update dependency xdebug/xdebug to v3.1.5 (main) @renovate (#479)
- Update dependency composer to v2.3.7 (main) @renovate (#480)
- Update Node.js to v18.3 (main) @renovate (#481)
- Update dependency openresty/openresty to v21 (main) @renovate (#475)
Full Changelog: 22.5.0...22.6.0
Contributors
Assets 2
lagoon-images 22.5.0
New Images
- The images for Node.js v18 have been released, and has support coverage until 2025-04-30 (as per https://nodejs.org/en/about/releases/)
Deprecated Images
- The images for Node.js v12 have been deprecated, as it exited support coverage on 2022-04-30 (as per https://nodejs.org/en/about/releases/). Previous versions of this image will continue to be available, and the
:latesttag will always point to the 22.4.1 release
What's Changed
- Update Node.js to v18.2 (main) by @renovate in #473
- Update Node.js to v18.1 (main) by @renovate in #462
- Update Node.js to v16.15 (main) by @renovate in #457
- Update dependency openresty/openresty to v1.19.9.1-12-alpine-apk (main) by @renovate in #453
- Update dependency php to v8.1.6 (main) by @renovate in #465
- Update dependency php to v8.0.19 (main) by @renovate in #464
- Update dependency composer to v2.3.5 (main) by @renovate in #437
- Update dependency postgres to v14.3 (main) by @renovate in #471
- Update dependency postgres to v13.7 (main) by @renovate in #470
- Update dependency postgres to v12.11 (main) by @renovate in #469
- Update dependency postgres to v11.16 (main) by @renovate in #468
- Update dependency python to v3.9.13 (main) by @renovate in #467
- Update dependency rabbitmq to v3.8.32 (main) by @renovate in #474
- Update dependency rabbitmq to v3.8.31 (main) by @renovate in #463
- Update dependency rabbitmq to v3.8.30 (main) by @renovate in #455
- Update dependency redis to v6.2.7 (main) by @renovate in #456
Full Changelog: 22.4.1...22.5.0
Contributors
Assets 2
lagoon-images 22.4.1
Security release
This release addresses CVE-2022-24828 in composer - updating the versions of composer included in the base images to 1.10.26 and 2.2.12 (2.3.5 is still under consideration for inclusion, but is available to users via the --self-update flag to composer)
Notes about this release
There were some 22.5.0 images inadvertently tagged to dockerhub - these tags have now been replaced with 22.4.1 - they are the same content - the :latest tag still points to 22.4.1
Changes in this release
- feat: give php-fpm workers 30s to gracefully exit @smlx (#445)
- update composer 1 and New Relic versions @tobybellwood (#448)
Package Updates
- Update dependency php to v8.1.5 (main) @renovate (#451)
- Update dependency php to v8.0.18 (main) @renovate (#450)
- Update dependency php to v7.4.29 (main) @renovate (#449)
- Update dependency rabbitmq to v3.8.29 (main) @renovate (#447)
- Update dependency composer to v2.2.12 (main) @renovate (#446)
Full Changelog: 22.4.0...22.4.1
Contributors
Assets 2
lagoon-images 22.4.0
The upstream Alpine releases in this release cover a number of vulnerabilities:
- Alpine 3.15.4, 3.14.6, 3.12.12 for busybox CVE-2022-28391
- Alpine 3.15.3, 3.14.5, 3.12.11 for zlib CVE-2018-25032
As of this release all supported (non-EOL) Alpine-based images are at their most recent versions (3.15.4 and 3.14.6/3.12.12 for those images pinned there)
Changes in this release
- Invoke chmod once per directory to fix permissions @christopher-hopper (#420)
Package Updates
- Update dependency alpine to v3.15.4 (main) @renovate (#442)
- Update dependency alpine to v3.15.3 (main) @renovate (#435)
- Update dependency alpine to v3.14.6 (main) @renovate (#441)
- Update dependency alpine to v3.14.5 (main) @renovate (#434)
- Update dependency alpine to v3.12.12 (main) @renovate (#440)
- Update dependency alpine to v3.12.11 (main) @renovate (#433)
- Update dependency openresty/openresty to v1.19.9.1-10-alpine-apk (main) @renovate (#443)
- Update dependency composer to v2.2.11 (main) @renovate (#436)
- Update dependency xdebug/xdebug to v3.1.4 (main) @renovate (#439)
New Contributors
- @christopher-hopper made their first contribution in #420
Full Changelog: 22.3.0...22.4.0
Contributors
Assets 2
lagoon-images 22.3.0
Changes in this release
PHP-based images
-
The XDEBUG settings for php have been updated to support XDebug 3 natively. Xdebug was always the default in PHP8.0 and PHP8.1, but owing to cross-configuration with PHP7.4, the necessary settings weren't configured properly. In this release, the PHP7.4 bundled version of the XDebug library has been updated to version 3 with the correct settings present.
-
The New Relic and Blackfire agents have been updated and added to the PHP8.1 images.
-
In addition, the build process has been optimised for the php-based images, and the resultant images are now almost 60% smaller than before.
Alpine Security fixes
This release also brings a raft of Alpine security updates:
- 3.15.1, 3.14.4, and 3.12.10 to fix openssl for CVE-2022-0778
- 3.15.2 to fix libretls for CVE-2022-0778
All current Alpine-based images are running the latest version of Alpine ( 3.15.2, 3.14.4, 3.12.10).
We are considering how best to continue to support the images built on previous, unsupported versions of Alpine (solr-7.7, mongo, varnish-5)
Other changes
- update helper tools @tobybellwood (#432)
- Pin to versioned OpenResty package image @tobybellwood (#431)
- Lightweight images @smlx (#426)
- Add support for configurable wait_timeout @shreddedbacon (#413)
- Xdebug 3 @kasperg (#353)
New Images
Package Updates
- Update dependency alpine to v3.15.2 (main) @renovate (#428)
- Update dependency alpine to v3.15.1 (main) @renovate (#421)
- Update dependency alpine to v3.14.4 (main) @renovate (#423)
- Update dependency alpine to v3.12.10 (main) @renovate (#422)
- Update dependency php to v8.1.4 (main) @renovate (#425)
- Update dependency php to v8.0.17 (main) @renovate (#424)
- Update dependency python to v3.10.4 (main) @renovate (#429)
- Update dependency python to v3.10.3 (main) @renovate (#416)
- Update dependency python to v3.9.12 (main) @renovate (#430)
- Update dependency python to v3.9.11 (main) @renovate (#419)
- Update dependency python to v3.8.13 (main) @renovate (#418)
- Update dependency python to v3.7.13 (main) @renovate (#417)
- Update dependency composer to v2.2.9 (main) @renovate (#414)
- Update dependency composer to v2.2.7 (main) @renovate (#411)
- Update dependency rabbitmq to v3.8.28 (main) @renovate (#427)
New Contributors
- @kasperg made their first contribution in #353
- @shreddedbacon made their first contribution in #413
Full Changelog: 22.2.0...22.3.0
Contributors
Assets 2
lagoon-images 22.2.0 (Alpine 3.15 and version updates)
New Images
In this release, all images have been updated to Alpine 3.15 (release notes at https://alpinelinux.org/posts/Alpine-3.15.0-released.html)
In addition, we have also filled out the versions available for some of our images
- Postgres is now available in versions 11,12,13,14 - with -drupal variants
- Solr 8 is now available
- Python is now available in versions 3.7,3.8,3.9,3.10 - mirroring officially supported versions
- MariaDB is now available in versions 10.4,10.5,10.6 - with -drupal variants
In addition, we have broadened some of the test suites to provide better coverage, and streamlined some build steps to improve performance.
This release also includes the image updates required to address CVE-2021-21708 in PHP images.
Notes from the field
This Alpine release updated the openssh client libraries to version 8.8, which has deprecated support for RSA/SHA-1 keys (because they're bad!). If you use SSH from within your docker image, you should create a more cryptographically secure key. Details at https://www.openssh.com/releasenotes.html
Changes in this release
- update existing images to alpine 3.15 by @tobybellwood in #405
- Utilise buildkit cache-from to improve build times by @tobybellwood in #393
- re-enable quiet mode in makefile by @tobybellwood in #396
- fix upsteam yum cache for elasticsearch-7 image by @tobybellwood in #397
- add specific PHP 7.4 and PHP 8.1 tests by @tobybellwood in #398
Package Updates
- Update Node.js to v16.14 (main) by @renovate in #400
- Update Node.js to v14.19 (main) by @renovate in #395
- Update dependency postgres to v14.2 (main) by @renovate in #408
- Update dependency postgres to v13.6 (main) by @renovate in #407
- Update dependency postgres to v12.10 (main) by @renovate in #403
- Update dependency postgres to v11.15 (main) by @renovate in #402
- Update dependency php to v8.1.3 (main) by @renovate in #410
- Update php Docker tag to v8.1.2 (main) by @renovate in #392
- Update dependency php to v8.0.16 (main) by @renovate in #409
- Update php Docker tag to v8.0.15 (main) by @renovate in #391
- Update dependency php to v7.4.28 (main) by @renovate in #406
- Update composer Docker tag to v2.2.6 (main) by @renovate in #399
- Update dependency phpredis/phpredis to v5.3.7 (main) by @renovate in #404
- Update dependency xdebug/xdebug to v3.1.3 (main) by @renovate in #394
Full Changelog: 22.1.0...22.2.0
Contributors
Assets 2
lagoon-images 22.1.0
Changes in this release
- use official openresty package image instead of source image @tobybellwood (#338)
- update ELK log4j versions for new images @tobybellwood (#383)
- fixup jenkinsfile tests for upstream lagoon-example repo changes @tobybellwood (#376)
- update PHP agents and apps @tobybellwood (#378)
- NewRelic PHP Agent to 9.18.1.303
- Blackfire Agent to 2.5.2
- Composer 1.x to 1.10.24
- Drush 8.x to 8.4.10
- Drush Launcher to 0.9.3
Package Updates
- Update composer Docker tag to v2.2.5 (main) @renovate (#390)
- Update composer Docker tag to v2.2.4 (main) @renovate (#372)
- Update dependency Imagick/imagick to v3.7.0 (main) @renovate (#380)
- Update dependency phpredis/phpredis to v5.3.6 (main) @renovate (#382)
- Update python Docker tag to v3.9.10 (main) @renovate (#384)
- Update ELK Stack Docker tags to v7.10.2 (main) (minor) @renovate (#180)
- Update ELK Stack Docker tags to v6.8.23 (main) (patch) @renovate (#381)
- Update rabbitmq Docker tag to v3.8.27 (main) @renovate (#377)
Full Changelog: 21.12.2...22.1.0
Contributors
Assets 2
lagoon-images 21.12.2
Changes in this release
This release includes a couple of updates to Elasticsearch 6 and Solr 8, to implement the vendor's upstream mitigations (the upgrade of the log4j-core package in use).
What's Changed
- Update Solr Docker tag to v8.11.1 (main) by @renovate in #351
- Update ELK Stack Docker tags to v6.8.22 (main) (patch) by @renovate in #371
Package Updates
- Update php Docker tag to v7.4.27 (main) by @renovate in #367
- Update php Docker tag to v8.0.14 (main) by @renovate in #368
- Update php Docker tag to v8.1.1 (main) by @renovate in #369
- Update dependency phpredis/phpredis to v5.3.5 (main) by @renovate in #370
Full Changelog: 21.12.1...21.12.2
Contributors
Assets 2
lagoon-images 21.12.1
Security Release
This release actions the most recent guidance on the log4j vulnerabilities at https://logging.apache.org/log4j/2.x/security.html
To comply with the advised mitigation, all instances of the log4j-core.jar files have been examined, and the JndiLookup.class removed
This applies the following images:
- uselagoon/logstash-6
- uselagoon/logstash-7
- uselagoon/elasticsearch-6
- uselagoon/elasticsearch-7
- uselagoon/solr7.7
- uselagoon/solr7.7-drupal
- uselagoon/solr7
- uselagoon/solr7-drupal
- uselagoon/solr8
- uselagoon/solr8-drupal
We will continue to monitor CVE-2021-45046 and CVE-2021-44228
Changes in this release
- remove the JndiLookup class from the classpaths for CVE-2021-45046 and CVE-2021-44228 @tobybellwood (#365)