lagoon-images 22.11.0

Welcome to the November 2022 release of the Lagoon images - and hello/goodbye to a few images.

New Images

• Add Varnish-7 images @tobybellwood (#466)
• Add OpenSearch 2 images @tobybellwood (#373)

Deprecated Images

Deprecated images are still available under their monthly release tags, and the :latest tag (permanently pinned to 22.10.0) - however, they are no longer being maintained upstream, and Lagoon will no longer be publishing updates to them.

• Deprecate Solr-7.7 image and derivatives @tobybellwood (#580)
• Deprecate Varnish-5 image and derivatives @tobybellwood (#580)
• Deprecate Elasticsearch-6 image @tobybellwood (#580)
• Deprecate Logstash-6 image @tobybellwood (#580)
• Deprecate Kibana-6 image @tobybellwood (#580)

Changes in this release

• add open/elastic search tests @tobybellwood (#596)
• Alphabetise and format apk/apt-get add/del/install commands @danquah (#584)
• add varnish-6 user to root group for localdev @tobybellwood (#577)

Package Updates

• Update Node.js to v18.12 (main) @renovate (#588)
• Update Node.js to v18.11 (main) @renovate (#586)
• Update Node.js to v16.18 (main) @renovate (#583)
• Update Node.js to v14.21 (main) @renovate (#593)
• Update php Docker tag to v8.1.12 (main) @renovate (#591)
• Update php Docker tag to v8.0.25 (main) @renovate (#590)
• Update php Docker tag to v7.4.33 (main) @renovate (#595)
• Update dependency xdebug/xdebug to v3.1.6 (main) @renovate (#597)
• Update dependency blackfireio/docker to v2.13.0 (main) @renovate (#587)
• Update dependency composer/composer to v2.4.4 (main) @renovate (#589)
• Update dependency composer/composer to v2.4.3 (main) @renovate (#585)
• Update python Docker tag to v3.10.8 (main) @renovate (#578)
• Update python Docker tag to v3.9.15 (main) @renovate (#582)
• Update python Docker tag to v3.8.15 (main) @renovate (#581)
• Update python Docker tag to v3.7.15 (main) @renovate (#575)
• Update RabbitMQ to 3.9.22 @tobybellwood (#598)

lagoon-images 22.10.0

New Images

Changes in this release

• pin glibc to 2.34 and stop upgrading apk packages @tobybellwood (#571)

Package Updates

• Update php Docker tag to v8.1.11 (main) @renovate (#570)
• Update php Docker tag to v8.0.24 (main) @renovate (#572)
• Update php Docker tag to v7.4.32 (main) @renovate (#569)

lagoon-images 22.9.0

UPDATE: 29-Sep-2022 - we have identified an issue with the node-builder images, and have temporarily rolled these images back to the 22.8.0 versions - please use these until we remove this notice!

New Images

No new images in this release, but we will be adding (and deprecating) some in the 22.10.0 release next month that are no longer supported upstream.

Changes in this release

• Fix copypasta debug messages @rocketeerbkw (#559)
• fix glibc build errors @tobybellwood (#562)
• Update nginx.conf to allow JSON:API standard @TomvEtten (#543)

Package Updates

• Update webdevops/go-crond Docker tag to v22.9.1 (main) @renovate (#565)
• Update webdevops/go-crond Docker tag to v22 (main) @renovate (#560)
• Update php Docker tag to v8.1.10 (main) @renovate (#549)
• Update php Docker tag to v8.0.23 (main) @renovate (#548)
• Update dependency blackfireio/docker to v2.12.0 (main) @renovate (#566)
• Update dependency blackfireio/docker to v2.11.0 (main) @renovate (#563)
• Update dependency composer/composer to v2.4.2 (main) @renovate (#558)
• Update dependency composer/composer to v2.4.1 (main) @renovate (#542)
• Update dependency krakjoe/apcu to v5.1.22 (main) @renovate (#561)
• Update Node.js to v18.10 (main) @renovate (#567)
• Update Node.js to v18.9 (main) @renovate (#557)
• Update Node.js to v18.8 (main) @renovate (#546)
• Update python Docker tag to v3.9.14 (main) @renovate (#554)
• Update python Docker tag to v3.8.14 (main) @renovate (#553)
• Update python Docker tag to v3.7.14 (main) @renovate (#552)
• Update python Docker tag to v3.10.7 (main) @renovate (#551)

lagoon-images 22.8.0

New Images

• Ruby images have now been added to lagoon-images - they are minimally configured, but suitable for a base image that could be extended bia bundler/gemfile.

Changes in this release

• Add Ruby 3.0/3.1 images @tobybellwood (#511)
• add more helper tests @tobybellwood (#526)
• Disable minor updates for Ruby @tobybellwood (#533)
• Added security.txt support. @stooit (#500)
• Use RenovateBot for more php-cli/php-cli-drupal deps @tobybellwood (#518)
• Add more PHP packages and extensions to renovate management @tobybellwood (#514)
• add testing/renovate to renovate branches @tobybellwood (#513)

Package Updates

• Update dependency alpine to v3.16.2 (main) @renovate (#535)
• Update dependency alpine to v3.16.1 (main) @renovate (#523)
• Update dependency alpine to v3.14.8 (main) @renovate (#534)
• Update dependency alpine to v3.14.7 (main) @renovate (#525)
• Update dependency php to v8.1.9 (main) @renovate (#531)
• Update dependency php to v8.1.8 (main) @renovate (#506)
• Update dependency php to v8.0.22 (main) @renovate (#530)
• Update dependency php to v8.0.21 (main) @renovate (#505)
• Update dependency composer/composer to v2.4.0 (main) @renovate (#540)
• Update dependency composer/composer to v2.3.10 (main) @renovate (#519)
• Update dependency blackfireio/docker to v2.10.0 (main) @renovate (#515)
• Update dependency drush/drush to v8.4.11 (main) @renovate (#520)
• Update dependency openresty/openresty to v1.21.4.1-3-alpine (main) @renovate (#528)
• Update dependency python to v3.10.6 (main) @renovate (#529)
• Update postgres Docker tag to v14.5 (main) @renovate (#539)
• Update postgres Docker tag to v13.8 (main) @renovate (#538)
• Update postgres Docker tag to v12.12 (main) @renovate (#537)
• Update postgres Docker tag to v11.17 (main) @renovate (#536)
• Update Node.js to v18.7 (main) @renovate (#527)
• Update Node.js to v18.6 (main) @renovate (#512)
• Update Node.js to v18.5 (main) @renovate (#509)
• Update Node.js to v16.17 (main) @renovate (#541)
• Update Node.js to v16.16 (main) @renovate (#508)
• Update Node.js to v14.20 (main) @renovate (#507)

lagoon-images 22.7.0

This release addresses two issues with dependencies:

• Composer 2.2 introduced a new plugin security setting. Starting July 1, 2022, composer stopped executing plugins that weren't allowed but only printed a warning. The end result was incomplete composer installations and broken websites even if a CI build completed successfully.
  Composer 2.3.9 will now throw an error if there are unallowed plugins. You will need to update allow-plugins in composer.json to resolve the error.
• There is an OpenSSL CVE-2022-2068 that has been fixed in openresty

Package Updates

• Update dependency openresty/openresty to v1.21.4.1-2-alpine (main) @renovate (#502)
• Update dependency composer to v2.3.9 (main) @renovate (#503)

lagoon-images 22.6.0

New Images

The main feature of this release is the availability of updated Alpine images, at version 3.16. All alpine-based images (that aren't pinned to a previous version) have been updated to 3.16.

This release also updates the version on openresty used to v1.21.4.1

Additionally, the version of nodeJS installed with the php-cli images has been updated to the LTS version 18 (from v17). Going forwards, the php-cli images will only be installed with LTS node versions. With the release of each new Alpine release, the availability of node versions is updated to match the node release schedule. With version pinning to the most recent LTS version, we hope to give some stability to developers, and be able to match the versions alongside the other node-based images we provide.

Python2 is no longer supported by the Alpine 3.16 release. Please replicate the code in https://github.com/uselagoon/lagoon-images/blob/main/images/node-builder/14.Dockerfile#L34-L38 in your dockerfile if you are unable to upgrade to python3 😱 - the node:14 image has been provided with python2 for backwards compatibility, but the 16 and 18 images have always only had python3.

Changes in this release

• build postgres drupal images @tobybellwood (#494)
• Add FreeType 2 support to GD @seanhamlin (#492)
• update upstream images for Alpine 3.16 @tobybellwood (#483)
• Implementing MAXMEMORYPOLICY for redis images @cdchris12 (#477)

Package Updates

• Update dependency solr to v8.11.2 (main) @renovate (#499)
• Update dependency postgres to v14.4 (main) @renovate (#493)
• Update Node.js to v18.4 (main) @renovate (#489)
• Update dependency python to v3.10.5 (main) @renovate (#482)
• Update dependency php to v7.4.30 (main) @renovate (#484)
• Update dependency php to v8.0.20 (main) @renovate (#485)
• Update dependency php to v8.1.7 (main) @renovate (#486)
• Update dependency rabbitmq to v3.8.34 (main) @renovate (#478)
• Update dependency xdebug/xdebug to v3.1.5 (main) @renovate (#479)
• Update dependency composer to v2.3.7 (main) @renovate (#480)
• Update Node.js to v18.3 (main) @renovate (#481)
• Update dependency openresty/openresty to v21 (main) @renovate (#475)

Full Changelog: 22.5.0...22.6.0

lagoon-images 22.5.0

New Images

• The images for Node.js v18 have been released, and has support coverage until 2025-04-30 (as per https://nodejs.org/en/about/releases/)

Deprecated Images

• The images for Node.js v12 have been deprecated, as it exited support coverage on 2022-04-30 (as per https://nodejs.org/en/about/releases/). Previous versions of this image will continue to be available, and the :latest tag will always point to the 22.4.1 release

What's Changed

• Update Node.js to v18.2 (main) by @renovate in #473
• Update Node.js to v18.1 (main) by @renovate in #462
• Update Node.js to v16.15 (main) by @renovate in #457
• Update dependency openresty/openresty to v1.19.9.1-12-alpine-apk (main) by @renovate in #453
• Update dependency php to v8.1.6 (main) by @renovate in #465
• Update dependency php to v8.0.19 (main) by @renovate in #464
• Update dependency composer to v2.3.5 (main) by @renovate in #437
• Update dependency postgres to v14.3 (main) by @renovate in #471
• Update dependency postgres to v13.7 (main) by @renovate in #470
• Update dependency postgres to v12.11 (main) by @renovate in #469
• Update dependency postgres to v11.16 (main) by @renovate in #468
• Update dependency python to v3.9.13 (main) by @renovate in #467
• Update dependency rabbitmq to v3.8.32 (main) by @renovate in #474
• Update dependency rabbitmq to v3.8.31 (main) by @renovate in #463
• Update dependency rabbitmq to v3.8.30 (main) by @renovate in #455
• Update dependency redis to v6.2.7 (main) by @renovate in #456

Full Changelog: 22.4.1...22.5.0

lagoon-images 22.4.1

Security release

This release addresses CVE-2022-24828 in composer - updating the versions of composer included in the base images to 1.10.26 and 2.2.12 (2.3.5 is still under consideration for inclusion, but is available to users via the --self-update flag to composer)

Notes about this release

There were some 22.5.0 images inadvertently tagged to dockerhub - these tags have now been replaced with 22.4.1 - they are the same content - the :latest tag still points to 22.4.1

Changes in this release

• feat: give php-fpm workers 30s to gracefully exit @smlx (#445)
• update composer 1 and New Relic versions @tobybellwood (#448)

Package Updates

• Update dependency php to v8.1.5 (main) @renovate (#451)
• Update dependency php to v8.0.18 (main) @renovate (#450)
• Update dependency php to v7.4.29 (main) @renovate (#449)
• Update dependency rabbitmq to v3.8.29 (main) @renovate (#447)
• Update dependency composer to v2.2.12 (main) @renovate (#446)

Full Changelog: 22.4.0...22.4.1

lagoon-images 22.4.0

The upstream Alpine releases in this release cover a number of vulnerabilities:

• Alpine 3.15.4, 3.14.6, 3.12.12 for busybox CVE-2022-28391
• Alpine 3.15.3, 3.14.5, 3.12.11 for zlib CVE-2018-25032

As of this release all supported (non-EOL) Alpine-based images are at their most recent versions (3.15.4 and 3.14.6/3.12.12 for those images pinned there)

Changes in this release

• Invoke chmod once per directory to fix permissions @christopher-hopper (#420)

Package Updates

• Update dependency alpine to v3.15.4 (main) @renovate (#442)
• Update dependency alpine to v3.15.3 (main) @renovate (#435)
• Update dependency alpine to v3.14.6 (main) @renovate (#441)
• Update dependency alpine to v3.14.5 (main) @renovate (#434)
• Update dependency alpine to v3.12.12 (main) @renovate (#440)
• Update dependency alpine to v3.12.11 (main) @renovate (#433)
• Update dependency openresty/openresty to v1.19.9.1-10-alpine-apk (main) @renovate (#443)
• Update dependency composer to v2.2.11 (main) @renovate (#436)
• Update dependency xdebug/xdebug to v3.1.4 (main) @renovate (#439)

New Contributors

• @christopher-hopper made their first contribution in #420

Full Changelog: 22.3.0...22.4.0

lagoon-images 22.3.0

Changes in this release

PHP-based images

• The XDEBUG settings for php have been updated to support XDebug 3 natively. Xdebug was always the default in PHP8.0 and PHP8.1, but owing to cross-configuration with PHP7.4, the necessary settings weren't configured properly. In this release, the PHP7.4 bundled version of the XDebug library has been updated to version 3 with the correct settings present.

• The New Relic and Blackfire agents have been updated and added to the PHP8.1 images.

• In addition, the build process has been optimised for the php-based images, and the resultant images are now almost 60% smaller than before.

Alpine Security fixes

This release also brings a raft of Alpine security updates:

• 3.15.1, 3.14.4, and 3.12.10 to fix openssl for CVE-2022-0778
• 3.15.2 to fix libretls for CVE-2022-0778

All current Alpine-based images are running the latest version of Alpine ( 3.15.2, 3.14.4, 3.12.10).
We are considering how best to continue to support the images built on previous, unsupported versions of Alpine (solr-7.7, mongo, varnish-5)

Other changes

• update helper tools @tobybellwood (#432)
• Pin to versioned OpenResty package image @tobybellwood (#431)
• Lightweight images @smlx (#426)
• Add support for configurable wait_timeout @shreddedbacon (#413)
• Xdebug 3 @kasperg (#353)

New Images

Package Updates

• Update dependency alpine to v3.15.2 (main) @renovate (#428)
• Update dependency alpine to v3.15.1 (main) @renovate (#421)
• Update dependency alpine to v3.14.4 (main) @renovate (#423)
• Update dependency alpine to v3.12.10 (main) @renovate (#422)
• Update dependency php to v8.1.4 (main) @renovate (#425)
• Update dependency php to v8.0.17 (main) @renovate (#424)
• Update dependency python to v3.10.4 (main) @renovate (#429)
• Update dependency python to v3.10.3 (main) @renovate (#416)
• Update dependency python to v3.9.12 (main) @renovate (#430)
• Update dependency python to v3.9.11 (main) @renovate (#419)
• Update dependency python to v3.8.13 (main) @renovate (#418)
• Update dependency python to v3.7.13 (main) @renovate (#417)
• Update dependency composer to v2.2.9 (main) @renovate (#414)
• Update dependency composer to v2.2.7 (main) @renovate (#411)
• Update dependency rabbitmq to v3.8.28 (main) @renovate (#427)

New Contributors

• @kasperg made their first contribution in #353
• @shreddedbacon made their first contribution in #413

Full Changelog: 22.2.0...22.3.0