[Question - Redis] When will Redis 7.2.6 version docker image will be published?

bitnami / charts

Bitnami Helm Charts

https://bitnami.com

Other

9.03k stars 9.22k forks source link

[Question - Redis] When will Redis 7.2.6 version docker image will be published? #30066

Open RobinDuhan opened 3 weeks ago

RobinDuhan commented 3 weeks ago

Name and Version

bitnami/redis

What architecture are you using?

amd64

What steps will reproduce the bug?

Checked on DockerHub

What do you see instead?

Sorry to have raised this as a bug, but there wasn't an option available to raise it as a query. Redis 7.2.6 fixes some really critical vulnerabilities. https://github.com/redis/redis/releases

(CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE. (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors. (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.

Since 7.4.1 (which also fixes the same major CVEs) is unavailable across all flavors, but 7.2.6. Is it possible to understand when bitnami publishes the 7.2.6 image?

carrodher commented 3 weeks ago

According to our branch strategy, we only provide support for Redis 7.4.x since this is the minor version with active support from the upstream project, see https://endoflife.date/redis. The last version of 7.2.x was 7.2.6, released upstream a couple of weeks ago, but we won't cut a new release for new versions within this 7.2.x branch.

RobinDuhan commented 1 week ago

Redis has changed their license - https://redis.io/blog/redis-adopts-dual-source-available-licensing/ and are no longer OpenSource. Considering this, would the team be willing to push the latest 7.2.6?

carrodher commented 1 week ago

Yes, that change in the license was performed a long time ago and there are no issues in distributing Redis as we are doing until now. In the same way, if you are concerned about license issues, you can explore other Redis alternatives such as Valkey.

RobinDuhan commented 3 days ago

Thanks. https://github.com/bitnami/containers/tree/4ca84a0acfd906611dfec9b1684f6c5e83348345/bitnami/redis/7.2/debian-12 - do you think it's possible to build this myself? Are all the scripts that bundle redis open-sourced - if so, is there any ReadMe or documentation on the build process?

carrodher commented 7 hours ago

Unfortunately, 7.2.6 can't be built from the sources since that version was not even compiled on our side. The latest version of Redis 7.2.x is 7.2.5 which is present in DockerHub at https://hub.docker.com/layers/bitnami/redis/7.2.5/images/sha256-602176813bb52ff1e2b96df19a6bdc0443de9df9c18f466493959d49a6edfcbc?context=explore