Skip to content

Releases: uselagoon/lagoon-images

lagoon-images 21.12.1

16 Dec 02:23
2f7eb8b
Compare
Choose a tag to compare

Security Release

This release actions the most recent guidance on the log4j vulnerabilities at https://logging.apache.org/log4j/2.x/security.html

To comply with the advised mitigation, all instances of the log4j-core.jar files have been examined, and the JndiLookup.class removed

This applies the following images:

  • uselagoon/logstash-6
  • uselagoon/logstash-7
  • uselagoon/elasticsearch-6
  • uselagoon/elasticsearch-7
  • uselagoon/solr7.7
  • uselagoon/solr7.7-drupal
  • uselagoon/solr7
  • uselagoon/solr7-drupal
  • uselagoon/solr8
  • uselagoon/solr8-drupal

We will continue to monitor CVE-2021-45046 and CVE-2021-44228

Changes in this release

Package Updates

  • Update ELK Stack Docker tags to v6.8.21 (main) (patch) @renovate (#362)

lagoon-images 21.12.0

11 Dec 05:38
55faee0
Compare
Choose a tag to compare

Security Advisories

This image release has been made to mitigate CVE-2021-44228, which covers Apache-log4j2

The mitigation included in all images that use Java (Solr, Elasticsearch and Logstash) is to add additional system properties to the JVM startup log4j2.formatMsgNoLookups=true

If you inherit these images and set additional system properties via SOLR_OPTS, LS_JAVA_OPTS, or ES_JAVA_OPTS, please make sure to either include the additional mitigation above, or via the environment variables defined in the log4j notice.

For users of the (now deprecated for a few months) Solr 5 and Solr 6 images - there are no know mitigations, and there are unlikely to be. Please update your sites to Solr 7 ASAP.

New Images

  • PHP 8.1 has been added to the scheduled releases, including Composer 2 support as standard
  • Solr 8 has been released as an "experimental" image - pending further testing. The upgrade path from Solr 7 to Solr 8 will require testing before rolling to production, and there are additional steps required to configure custom Solr configurations.

Deprecated Images

  • PHP 7.3 is now no longer supported and the images will no longer be updated. Existing images will remain available for use on docker hub, but no updates will be made to them. You should update to PHP 8.0/8.1 ASAP (7.4 will be EOL in 2022)

Changes in this release

Package Updates

Full Changelog: 21.11.1...21.12.0

lagoon-images 21.11.1

22 Nov 05:00
b6da705
Compare
Choose a tag to compare

This release addresses the vulnerabilities addressed in https://www.alpinelinux.org/posts/Alpine-3.14.3-released.html

All images are now on Alpine 3.14.3 (with the exception of those that are unable to be pinned to a newer release of Alpine, or are Debian-based)

Changes in this release

  • Add complete scanning routine to tag builds @tobybellwood (#348)
  • Elasticsearch 6 setting Default Memory values to the same as Elasticsearch 7 @dasrecht (#342)

Package Updates

Full Changelog: 21.11.0...21.11.1

lagoon-images 21.11.0

11 Nov 22:06
f8a19f8
Compare
Choose a tag to compare

New Images

Changes in this release

Package Updates

Full Changelog: 21.10.0...21.11.0

lagoon-images 21.10.0

25 Oct 04:46
6185d27
Compare
Choose a tag to compare

New Architecture available - arm64-based images!!

This release of the Lagoon Images has introduced multi-architecture compatible docker images for the majority of services. This means that users on Apple Silicon (M1) and Raspberry Pi 4 devices can now use the same images as developers on traditional amd64-based machines. Note that all hosted Lagoon instances (currently 😉) run on amd64 architectures, so the arm64 versions of images will only be needed on your local - but they are designed to be identical to the production ones, and a drop-in replacement.

The Lagoon team will not be releasing some of the images in multi-architecture compatible. This includes the images that are currently replicated to the amazeeio dockerhub (e.g. amazeeio/php-cli-drupal:7.4-latest), and the legacy-named images that have been recently versioned (e.g. uselagoon/postgres)

We have assembled a cross-reference to show which images you should transition to (even if you don't currently need ARM-compatible builds)

Most importantly, over the next couple of months, please let us know if you come across any issues with these images - we'd love to work out any kinks that there may be

There are a couple of services that are known not to be compatible with arm64 machines natively

  • Elasticsearch-6 (there is an x64-only X-Pack extension in the images)
  • Varnish-6 (one of the vmods used in the images doesn't compile under arm64)

To achieve feature parity between the amd64 and arm64 images the following updates happened as part of this release

  • The version of go-crond in the commons image has been updated to 21.5.0
  • The version of envplate used in the commons image has been updated to v1.0.0-rc.3
  • The versions of Elasticsearch/Logstash/Kibana have been updated to 6.8.20 and 7.8.1
  • The entrypoints in php-based images are now all installed together, ensuring that none get missed.
  • The versions of the PECL libraries used in the PHP images have now been pinned for all libraries for all PHP versions (adding apcu, yaml, imagick pins)
  • The PECL imagick library is now installed via PECL instead of from the source
  • The version of tini used in the debian-based images has been updated to v0.19.0

Normal service will resume in the 21.11.0 images, with a large number of version updates - but we chose to prioritise the release of these images as close to the existing versions as possible to minimise complications.

What's Changed

Full Changelog: 21.9.0...21.10.0

lagoon-images 21.9.0

08 Sep 10:41
b779d60
Compare
Choose a tag to compare

Deprecated Images

This release has removed NodeJS 10, Python 2.7, PHP 7.1, Solr 5.5, Solr 6.6 and their child images from the monthly updates. The last release 21.8.0 will always be the latest available for them.

Changes in this release - Alpine 3.14

The major update to this release (other than deprecations) is the update of all possible base images to Alpine 3.14. The only remaining non-Alpine 3.14 images are all pinned to previous versions for compatibility (solr-7.7, varnish-5 and MongoDB), and the debian-based ones (solr-7 and varnish-6).

UPDATED 23 Sep - Please note that this version of Alpine requires Docker 20.10 to build packages via docker-php-ext-install - as per https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0

**UPDATED 7 Oct - npm is no longer a subpackage of nodejs (i.e. nodejs-npm should be replaced with npm) - anyone modifying their npm versions in the php-X-cli images will need to account for this.

In addition, we've automated the update of PECL-based packages (once again thanks to @renovate-bot!). We've also had to make minor modifications to the varnish-6 images to better accommodate variance between the debian packages and the varnish dev releases, but it should be more streamlined now.

Package Updates

lagoon-images 21.8.0

19 Aug 22:29
c4cd44b
Compare
Choose a tag to compare

New Images

There are no new images in this release. Next release - 21.9.0 - we will be deprecating the images that are no longer supported upstream. These are PHP 7.2, Python 2.7, NodeJS 10, Solr 5.5, and Solr 6.6. These images will continue to be available under the :latest tag, but that tag will always point to this 21.8.0 release. You should plan to migrate from these images as soon as possible.

Changes in this release

Package Updates

lagoon-images 21.7.0

13 Jul 03:56
fb8ce42
Compare
Choose a tag to compare

Changes in this release

New Images

  • No new images in this release - maybe next month 😉

Package Updates

v21.6.0

07 Jun 02:39
32da830
Compare
Choose a tag to compare

Changes in this release

21.5.0

26 May 07:21
21f9f18
Compare
Choose a tag to compare

Changes in this release