What happened:
Very old versions of Open Match are compiled against older libraries and versions of Golang with vulnerabilities that have been documented in the intervening years. We are slowly finding those that are still being actively pulled and adding a 'deprecated-public-image-' tag to them. They are still available to pull but hopefully this helps new users see that those containers aren't a recommended version.
We recently flagged the frontend and backend public containers for the 0.8.0 release from 2019 with the tag detailed above.
Anything else we need to know?:
We don't expect dependency vulnerabilities to impact the security posture of most users if they follow the recommended deployment strategies. Our recommendation is always that Open Match be deployed as a private service that is only accessible to your platform services and never exposed to the public internet, with IAM and network access control in place to only allow OM containers to be contacted by other applications in the user's control. If you have open match deployed on the public internet and game client connecting directly to it, we strongly urge you to reconsider that pattern.
Open Match Release Version:
We always recommend using the latest version of Open Match, and as detailed in the license, the project contributors assume no liability. We recommend that users perform evaluate the security of all open source projects they use and apply their own security posture to open match deployments.
Install Method(yaml/helm):
Please be sure to use the latest version of Open Match when going to production, and we recommend upgrading your OM version as the opportunity arrives.
What happened: Very old versions of Open Match are compiled against older libraries and versions of Golang with vulnerabilities that have been documented in the intervening years. We are slowly finding those that are still being actively pulled and adding a 'deprecated-public-image-' tag to them. They are still available to pull but hopefully this helps new users see that those containers aren't a recommended version.
We recently flagged the
frontend
andbackend
public containers for the 0.8.0 release from 2019 with the tag detailed above.Anything else we need to know?: We don't expect dependency vulnerabilities to impact the security posture of most users if they follow the recommended deployment strategies. Our recommendation is always that Open Match be deployed as a private service that is only accessible to your platform services and never exposed to the public internet, with IAM and network access control in place to only allow OM containers to be contacted by other applications in the user's control. If you have open match deployed on the public internet and game client connecting directly to it, we strongly urge you to reconsider that pattern.
Open Match Release Version: We always recommend using the latest version of Open Match, and as detailed in the license, the project contributors assume no liability. We recommend that users perform evaluate the security of all open source projects they use and apply their own security posture to open match deployments.
Install Method(yaml/helm): Please be sure to use the latest version of Open Match when going to production, and we recommend upgrading your OM version as the opportunity arrives.