Closed yanokwa closed 6 months ago
Hi yanokwa,
Thanks for noticing that I had forgot to make a release for v5.0.1, it has now been fixed :)
I have chosen to not do a "full" release every time Nginx changes, since I feel that is a bit overkill. However, if you want to always use the latest version we push to Docker hub with all the tags, and Dependabot should pick up on changes to the final Nginx part of the tag as well.
docker-nginx-certbot built is with
--with-http_v3_module
so the v5.0.0 release is vulnerable. I believe only people who have http3 enabled in their conf files are at risk, but I'm not sure.https://github.com/JonasAlfredsson/docker-nginx-certbot/compare/v5.0.0...v5.0.1-nginx1.25.4 looks like a safe upgrade (and that's what I'm now using), but please consider doing a formal release of that code as v5.0.1 so others know to upgrade.
In general, it'd be helpful if you could publish a release for each nginx release. If there is anything I can do to help you do that, please let me know. Thanks so much for your work on this container!