alextran1502
commented
8 months ago because pgvecto.rs doesn't have a stable release yet. Pending the first stable release is in Jan 2024
Closed Majestic7979 closed 8 months ago
alextran1502
commented
8 months ago because pgvecto.rs doesn't have a stable release yet. Pending the first stable release is in Jan 2024
Majestic7979
commented
8 months ago @alextran1502 But your answer does not address my question - the security implications of using a modified image of Postgres. As a supporter of your project I take security matters seriously and really want to know if it's worth continuing monthly support based on a secure application. If you're going to ask me to use something that's not only older than postgres16 (the latest version) but also has "unstable" code, this can introduce vulnerabilities into my network so I want to be informed. I don't even understand why this project can't just use the latest version of a postgres database and handle migrations gracefully. Not only are we on version 15 we are using an unstable fork too!? Please explain.
alextran1502
commented
8 months ago When the project started, 14 was the latest version of the time. We haven't pulled the move to migrate to the latest version of Postgres at the moment yet because it is not our priority to create a stream of support help user with database dump and restore, because Postgres major version changes is not simply changing the version number
We use an extension in the Postgres database to use the vector mechanism, which powers our smart search and facial clustering, and this helps avoid using another service/container i.e. Typesense which created complexity in the codebase, which we explained in the release note
For additional information on why we chose this extension, you can read more in the discussion below
https://github.com/immich-app/immich/discussions/5830
Of course, we care about security implications, but you have your full right to be concerned. I hope this helps answer your question.
Majestic7979
commented
8 months ago When the project started, 14 was the latest version of the time. We haven't pulled the move to migrate to the latest version of Postgres at the moment yet because it is not our priority to create a stream of support help user with database dump and restore, because Postgres major version changes is not simply changing the version number
We use an extension in the Postgres database to use the vector mechanism, which powers our smart search and facial clustering, and this helps avoid using another service/container i.e. Typesense which created complexity in the codebase, which we explained in the release note
For additional information on why we chose this extension, you can read more in the discussion below
5830
Of course, we care about security implications, but you have your full right to be concerned. I hope this helps answer your question.
Thanks, that info is sufficient for now. I am running the container that you've mentioned.
The bug
ERROR [ExceptionHandler] The pgvecto.rs extension version is 0.0.0-nightly.20231220 instead of the expected version 0.1.11.If you're using the 'latest' tag, please switch to 'tensorchord/pgvecto-rs:pg15-v0.1.11'.
This is what I am using: tensorchord/pgvecto-rs:pg15-latest
I have an immich DB on an external Postgres database. I want to understand the security implications if I use your suggested image of tensorchord/pgvecto-rs:pg15-v0.1.11
The OS that Immich Server is running on
Debian 12
Version of Immich Server
Latest as of writing this
Version of Immich Mobile App
Not applicable
Platform with the issue
Your docker-compose.yml content
Your .env content
Reproduction steps
Additional information
No response