Closed yosifkit closed 2 months ago
Maybe not a huge issue but the version being reported for RabbitMQ here is 3.13.0+424.g256fd8e
not 4.0.0-beta.1
That's the version detected by the syft
SBOM scanner? I would guess that is just because it is a pre-release. But I'm not familiar enough with the RabbitMQ build/release process to know where that gets injected.
Except for the case of RabbitMQ, these are the versions that are defined explicitly in the packages so it's not a detection issue.
Yeah, it should be fine. I think it is still accurate and should be correct by the stable release.
I think it could be related to the version in MODULE.bazel
, but I don't really know since there is also a version in rabbitmq.bzl
.
Maybe not a huge issue but the version being reported for RabbitMQ here is
3.13.0+424.g256fd8e
not4.0.0-beta.1
That has nothing to do with the image. Team RabbitMQ has decided to ship the first beta like so. It does not prevent anyone from testing what we actually want to see tested. What everyone in the community needs tested early and often.
@yosifkit setting PRODUCT_VERSION
(an env variable) when the node is started would override the version. However, this is something that should be addressed in RabbitMQ's own release pipelines. Right now the version of development releases comes from the most recent tag "on the main
branch" (discoverable from it using git-describe --tags
), even though we no longer produce releases straight off of main
.
For "final" releases this default does not exist.
🎉 A new RabbitMQ release series,
4.0
. Use latest OS releases (Ubuntu 24.04 LTS and Alpine 3.20); bump openssl to 3.3.x, the series used in testing upstream RabbitMQ: https://github.com/docker-library/rabbitmq/issues/712#issuecomment-2231887808closes https://github.com/docker-library/rabbitmq/issues/712