Open christian-heusel opened 5 days ago
Thanks for pointing this out. In the production dockerfile, we use image: solr:8.11
. I have digged too long in the net in order to find some information about docker versioning and found almost nothing. The way I understand it is that Docker performs no automatic minor-updates whatsoever, e.g. if we specify 8.11
it won't automatically update to a patch version 8.11.4
. The 8.11
is just a string that refers to a tag for docker.
However, for solr on docker hub the tags 8.11.4
, 8.11
and 8
all refer to the same Dockerfile here containing ARG SOLR_VERSION="8.11.4"
. For me, this means that the images 8.11.4
, 8.11
and 8
were patched in hindsight.
Note that at MaMpf, we pull the images for every update, so even without something like Watchtower we should pull the new, patched solr-image automatically the next time we push a release.
To verify that we use the patched version, we should find out the exact image number. My idea would be to get the SHA-digest inside the running container and then check on the solr GitHub repo for that hash via the docker inspect
command like described here. Or do you know by chance a simpler solution? I couldn't find the "digest ..." line in our logs.
FYI:
I'm opening this as a public issue since my understanding is that these issues were responsibly disclosed 😊