lagoon-images 21.12.0

Security Advisories

This image release has been made to mitigate CVE-2021-44228, which covers Apache-log4j2

The mitigation included in all images that use Java (Solr, Elasticsearch and Logstash) is to add additional system properties to the JVM startup log4j2.formatMsgNoLookups=true

If you inherit these images and set additional system properties via SOLR_OPTS, LS_JAVA_OPTS, or ES_JAVA_OPTS, please make sure to either include the additional mitigation above, or via the environment variables defined in the log4j notice.

For users of the (now deprecated for a few months) Solr 5 and Solr 6 images - there are no know mitigations, and there are unlikely to be. Please update your sites to Solr 7 ASAP.

New Images

• PHP 8.1 has been added to the scheduled releases, including Composer 2 support as standard
• Solr 8 has been released as an "experimental" image - pending further testing. The upgrade path from Solr 7 to Solr 8 will require testing before rolling to production, and there are additional steps required to configure custom Solr configurations.

Deprecated Images

• PHP 7.3 is now no longer supported and the images will no longer be updated. Existing images will remain available for use on docker hub, but no updates will be made to them. You should update to PHP 8.0/8.1 ASAP (7.4 will be EOL in 2022)

Changes in this release

• Adding SOLR_OPTS, LS_JAVA_OPTS, and ES_JAVA_OPTS to patch against CVE-2021-44228 @cdchris12 (#358)
• Adds PHP 8.1, removes PHP 7.3 @tobybellwood (#352)
• change to "varnish" user as per upstream for varnish-6 @tobybellwood (#354)
• Add Experimental Solr 8 images @tobybellwood (#97)

Package Updates

• Update composer Docker tag to v2.1.14 (main) @renovate (#356 #359)
• Update dependency xdebug/xdebug to v3.1.2 (main) @renovate (#355 #360)
• Update solr Docker tag to v8.10.1 (main) @renovate (#350)

Full Changelog: 21.11.1...21.12.0

lagoon-images 21.11.1

This release addresses the vulnerabilities addressed in https://www.alpinelinux.org/posts/Alpine-3.14.3-released.html

All images are now on Alpine 3.14.3 (with the exception of those that are unable to be pinned to a newer release of Alpine, or are Debian-based)

Changes in this release

• Add complete scanning routine to tag builds @tobybellwood (#348)
• Elasticsearch 6 setting Default Memory values to the same as Elasticsearch 7 @dasrecht (#342)

Package Updates

• Update alpine Docker tag to v3.14.3 (main) by @renovate in #337
• Update alpine Docker tag to v3.12.9 (main) by @renovate in #336
• Update php Docker tag to v7.3.33 (main) by @renovate in #344
• Update php Docker tag to v7.4.26 (main) by @renovate in #345
• Update php Docker tag to v8.0.13 (main) by @renovate in #347
• Update postgres Docker tag to v12.9 (main) by @renovate in #335
• Update postgres Docker tag to v11.14 (main) by @renovate in #334
• Update python Docker tag to v3.9.9 (main) by @renovate in #341
• Update rabbitmq Docker tag to v3.8.25 (main) by @renovate in #332
• Update rabbitmq Docker tag to v3.8.26 (main) by @renovate in #346

Full Changelog: 21.11.0...21.11.1

lagoon-images 21.11.0

New Images

Changes in this release

• Removing the toolbox container @dasrecht (#329)

Package Updates

• Update composer Docker tag to v2.1.12 (main) @renovate (#331)
• Update python Docker tag to v3.9.8 (main) @renovate (#330)
• Update composer Docker tag to v2.1.11 (main) @renovate (#327)
• Update php Docker tag to v7.3.32 (main) @renovate (#326)
• Update rabbitmq Docker tag to v3.8.23 (main) @renovate (#314)
• Update redis Docker tag to v6.2.6 (main) @renovate (#318)
• Update redis Docker tag to v5.0.14 (main) @renovate (#317)
• Update Node.js to v16.13 (main) @renovate (#306)
• Update Node.js to v14.18 (main) @renovate (#315)
• Update composer Docker tag to v2.1.9 (main) @renovate (#307)
• Update dependency php/pecl-file_formats-yaml to v2.2.2 (main) @renovate (#324)
• Update dependency xdebug/xdebug to v3.1.1 (main) @renovate (#316)
• Update dependency krakjoe/apcu to v5.1.21 (main) @renovate (#319)
• Update php Docker tag to v7.4.25 (main) @renovate (#313)
• Update php Docker tag to v8.0.12 (main) @renovate (#312)
• Update php Docker tag to v7.3.31 (main) @renovate (#311)

Full Changelog: 21.10.0...21.11.0

lagoon-images 21.10.0

New Architecture available - arm64-based images!!

This release of the Lagoon Images has introduced multi-architecture compatible docker images for the majority of services. This means that users on Apple Silicon (M1) and Raspberry Pi 4 devices can now use the same images as developers on traditional amd64-based machines. Note that all hosted Lagoon instances (currently 😉) run on amd64 architectures, so the arm64 versions of images will only be needed on your local - but they are designed to be identical to the production ones, and a drop-in replacement.

The Lagoon team will not be releasing some of the images in multi-architecture compatible. This includes the images that are currently replicated to the amazeeio dockerhub (e.g. amazeeio/php-cli-drupal:7.4-latest), and the legacy-named images that have been recently versioned (e.g. uselagoon/postgres)

We have assembled a cross-reference to show which images you should transition to (even if you don't currently need ARM-compatible builds)

Most importantly, over the next couple of months, please let us know if you come across any issues with these images - we'd love to work out any kinks that there may be

There are a couple of services that are known not to be compatible with arm64 machines natively

• Elasticsearch-6 (there is an x64-only X-Pack extension in the images)
• Varnish-6 (one of the vmods used in the images doesn't compile under arm64)

To achieve feature parity between the amd64 and arm64 images the following updates happened as part of this release

• The version of go-crond in the commons image has been updated to 21.5.0
• The version of envplate used in the commons image has been updated to v1.0.0-rc.3
• The versions of Elasticsearch/Logstash/Kibana have been updated to 6.8.20 and 7.8.1
• The entrypoints in php-based images are now all installed together, ensuring that none get missed.
• The versions of the PECL libraries used in the PHP images have now been pinned for all libraries for all PHP versions (adding apcu, yaml, imagick pins)
• The PECL imagick library is now installed via PECL instead of from the source
• The version of tini used in the debian-based images has been updated to v0.19.0

Normal service will resume in the 21.11.0 images, with a large number of version updates - but we chose to prioritise the release of these images as close to the existing versions as possible to minimise complications.

What's Changed

• add a set of all-images tests by @tobybellwood in #321
• Release arm64-compatible images by @tobybellwood in #323

Full Changelog: 21.9.0...21.10.0

lagoon-images 21.9.0

Deprecated Images

This release has removed NodeJS 10, Python 2.7, PHP 7.1, Solr 5.5, Solr 6.6 and their child images from the monthly updates. The last release 21.8.0 will always be the latest available for them.

Changes in this release - Alpine 3.14

The major update to this release (other than deprecations) is the update of all possible base images to Alpine 3.14. The only remaining non-Alpine 3.14 images are all pinned to previous versions for compatibility (solr-7.7, varnish-5 and MongoDB), and the debian-based ones (solr-7 and varnish-6).

UPDATED 23 Sep - Please note that this version of Alpine requires Docker 20.10 to build packages via docker-php-ext-install - as per https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0

**UPDATED 7 Oct - npm is no longer a subpackage of nodejs (i.e. nodejs-npm should be replaced with npm) - anyone modifying their npm versions in the php-X-cli images will need to account for this.

In addition, we've automated the update of PECL-based packages (once again thanks to @renovate-bot!). We've also had to make minor modifications to the varnish-6 images to better accommodate variance between the debian packages and the varnish dev releases, but it should be more streamlined now.

• Add in PECL packages to renovate.json @tobybellwood (#300)
• update to alpine 3.14 @tobybellwood (#295)
• update to varnish 6.6 @tobybellwood (#293)
• add docker_pull command to Makefile to pull fresh upstream images @tobybellwood (#294)
• Remove all EOL images @tobybellwood (#281)

Package Updates

• Update dependency phpredis/phpredis to v5.3.4 (main) @renovate (#303)
• Update dependency php/pecl-file_formats-yaml to v2.2.1 (main) @renovate (#302)
• Update dependency krakjoe/apcu to v5.1.20 (main) @renovate (#301)
• Update dependency xdebug/xdebug to v3.0.4 (main) @renovate (#304)
• Update rabbitmq Docker tag to v3.8.22 (main) @renovate (#288)
• Update redis Docker tag to v6.2.5 (main) @renovate (#296)
• Update redis Docker tag to v6.2.4 (main) @renovate (#227)
• Update alpine Docker tag to v3.13.6 (main) @renovate (#292)
• Update alpine Docker tag to v3.12.8 (main) @renovate (#291)
• Update composer Docker tag to v2.1.6 (main) @renovate (#283)
• Update Node.js to v16.8 (main) @renovate (#284)
• Update python Docker tag to v3.9.7 (main) @renovate (#290)
• Update python Docker tag to v3.8.12 (main) @renovate (#289)
• Update python Docker tag to v3.7.12 (main) @renovate (#299)
• Update php Docker tag to v8.0.10 (main) @renovate (#287)
• Update php Docker tag to v7.4.23 (main) @renovate (#286)
• Update php Docker tag to v7.3.30 (main) @renovate (#285)

lagoon-images 21.8.0

New Images

There are no new images in this release. Next release - 21.9.0 - we will be deprecating the images that are no longer supported upstream. These are PHP 7.2, Python 2.7, NodeJS 10, Solr 5.5, and Solr 6.6. These images will continue to be available under the :latest tag, but that tag will always point to this 21.8.0 release. You should plan to migrate from these images as soon as possible.

Changes in this release

• Add scan_images option @tobybellwood (#277)
• ensure correct varnish-dev version is pulled for varnish 6 @tobybellwood (#278)
• Added dns tools and ssh client to toolbox image @vincenzodnp (#269)
• update renovate and release-drafter configs @tobybellwood (#263)

Package Updates

• Update Node.js to v16.7 (main) @renovate (#280)
• Update Node.js to v16.6 (main) @renovate (#272)
• Update Node.js to v16.5 (main) @renovate (#264)
• Update openresty/openresty Docker tag to v1.19.9.1 (main) @renovate (#279)
• Update rabbitmq Docker tag to v3.8.21 (main) @renovate (#274)
• Update postgres Docker tag to v12.8 (main) @renovate (#276)
• Update postgres Docker tag to v11.13 (main) @renovate (#275)
• Update php Docker tag to v8.0.9 (main) @renovate (#271)
• Update php Docker tag to v7.4.22 (main) @renovate (#270)
• Update composer Docker tag to v2.1.5 (main) @renovate (#267)
• Update composer Docker tag to v2.1.4 (main) @renovate (#266)

lagoon-images 21.7.0

Changes in this release

• use true to activate xdebug instead of any string @tobybellwood (#251)
• Install Blackfire Agent and Probe within php containers @Schnitzel (#249)
• only accept true for $NEWRELIC_ENABLED @Schnitzel (#250)
• Fail image build if composer checksum does not match. @marji (#241)
• Adds mongodb-tools to toolbox image @bomoko (#247)
• Prevent match in between the string @grappler (#202)

New Images

• No new images in this release - maybe next month 😉

Package Updates

• Bump Logstash to 7.6.2 to match other ELK versions @tobybellwood (#261)
• Update New Relic Agent to the latest stable release @seanhamlin (#253)
• Update ELK Stack Docker tags to v6.8.17 (main) (patch) @renovate (#259)
• Update Node.js to v16.4 (main) @renovate (#257)
• Update php Docker tag to v8.0.8 (main) @renovate (#256)
• Update php Docker tag to v7.3.29 (main) @renovate (#254)
• Update php Docker tag to v7.4.21 (main) @renovate (#255)
• Update python Docker tag to v3.9.6 (main) @renovate (#246)
• Update python Docker tag to v3.8.11 (main) @renovate (#245)
• Update python Docker tag to v3.7.11 (main) @renovate (#244)
• Update rabbitmq Docker tag to v3.8.19 (main) @renovate (#258)
• Update rabbitmq Docker tag to v3.8.18 (main) @renovate (#243)
• Update rabbitmq Docker tag to v3.8.17 (main) @renovate (#234)
• Update composer Docker tag to v2.1.3 (main) @renovate (#235)
• Update composer Docker tag to v2.1.2 (main) @renovate (#233)
• Update openresty/openresty Docker tag to v1.19.3.2 (main) @renovate (#232)

v21.6.0

Changes in this release

• use better terminology for default images @tobybellwood (#230)
• Update alpine images to 3.13 @tobybellwood (#167)
• add rabbitmq images to lagoon-images @tobybellwood (#198)
• use github for mysqltuner @tobybellwood (#219)
• version mariadb images @tobybellwood (#216)
• Update php Docker tag to v8.0.7 (main) @renovate (#229)
• Update php Docker tag to v7.4.20 (main) @renovate (#222)
• Update composer Docker tag to v2.1.1 (main) @renovate (#228)
• Update composer Docker tag to v2.1.0 (main) @renovate (#220)
• Update Node.js to v16.3 (main) @renovate (#223)
• Update postgres Docker tag to v12.7 (main) @renovate (#204)
• Update postgres Docker tag to v11.12 (main) @renovate (#203)
• Update ELK Stack Docker tags (main) (patch) @renovate (#179)
• Update rabbitmq Docker tag to v3.8.16 (main) @renovate (#226)

21.5.0

Changes in this release

• delete tests folder @tobybellwood (#214)
• dual publish legacy image tags @tobybellwood (#199)
• Fix PHP Yaml warning @seanhamlin (#213)
• add Python 3.9 base images @tobybellwood (#168)
• update renovate.json to remove maj/min PRs for redis/solr/varnish @tobybellwood (#195)
• Update composer Docker tag to v2.0.14 (main) @renovate (#210)
• Update python Docker tag to v3.9.5 (main) @renovate (#209)
• Update python Docker tag to v3.8.10 (main) @renovate (#171)
• Update Node.js to v16.2 (main) @renovate (#207)
• Update node Docker tag to v16.1 (main) @renovate (#176)
• Update Node.js to v14.17 (main) @renovate (#200)
• Update php Docker tag to v8.0.6 (main) @renovate (#193)
• Update php Docker tag to v7.4.19 (main) @renovate (#175)
• Update php Docker tag to v7.4.18 (main) @renovate (#165)

21.4.0

Changes in this release

• Adding redis-cli and psql to Toolbox image @cdchris12 (#153)
• first set of namespace changes to uselagoon @tobybellwood (#148)
• Changes output stream target for New Relic logs @bomoko (#147)
• add wait-for script to commons and all base images @tobybellwood (#131)
• Use fix-permissions for /etc/passwd instead of chmod g+w @smlx (#87)
• Update Nginx to use SHA-512 to store basic auth password hashes @cdchris12 (#141)

New Images

• add solr-7 image (debian-based, v7.7.3) @tobybellwood (#128)
• Create updated Varnish 6 image, and rename existing to 5 @tobybellwood (#44)
• add Node 16 image @tobybellwood (#149)

Package Updates

• Update New Relic agent to support PHP8. Also bump drush and composer (patch release) @seanhamlin (#146)
• Updated Drush launcher version to 0.9.1. @chandanatk (#136)
• update composer 1 version to 1.10.22 (CVE-2021-29472) @tobybellwood (#154)
• Update composer Docker tag to v2.0.13 (CVE-2021-29472) @renovate (#151)
• Update composer Docker tag to v2.0.12 (main) @renovate (#138)
• Update alpine Docker tag to v3.12.7 (main) @renovate (#144)
• Update alpine Docker tag to v3.12.6 (main) @renovate (#137)
• Update node Docker tag to v12.22 (main) @renovate (#134)
• Update python Docker tag to v3.8.9 (main) @renovate (#142)
• Update php Docker tag to v7.3.28 (main) @renovate (#156)
• Update php Docker tag to v8.0.5 (main) @renovate (#157)