Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update docker-ipv6nat dockerhub Image #55

Closed
christianbur opened this issue Apr 17, 2020 · 7 comments
Closed

Update docker-ipv6nat dockerhub Image #55

christianbur opened this issue Apr 17, 2020 · 7 comments

Comments

@christianbur
Copy link

christianbur commented Apr 17, 2020
edited
Loading

I wanted to ask when the docker-ipv6nat will be refreshed?
The "latest" image has not been built for over 4 months (4 Dec 2019), it is still based on Alpine 3.10.3, currently 3.10.4 and golang 1.13.4. Unfortunately, docker images will only install current security updates if you rebuild the image.

Images:
current: golang:1.13.4-alpine3.10
- golang:1.13.4 -> outdated
- alpine:3.10.3(current docker-ipv6nat image) -> outdated

option 1:
- update to golang:1.13.10-alpine3.10
- golang: current dot release
- alpine: current dot release

option 2:
update to golang:1.13.10-alpine3.11
- golang: current dot release
- alpine: current version

option 3:
update to golang:1.14.2-alpine3.11
- golang: current version
- alpine: current version
@robbertkl
Copy link
Owner

Yes, I'm aware. 4 months isn't that long imho. I usually update versions when I'm doing some changes, or at random times in between (e.g. when I get notified of new major releases).

I currently have a few issues / PRs to look at, which I will do when I have some time. That's when I will also update the versions, usually to the latest golang and alpine.

In the meantime, if you require updated versions, you can quite easily build either the standalone binary or the Docker image yourself by simply changing the version numbers.

@christianbur
Copy link
Author

I find four moante without updates already alarming.
I also can't update the image myself, because it is used in project mailcow.

@SuperSandro2000
Copy link

I find four moante without updates already alarming.

If there are no changes or security issues this can be perfectly fine.

I also can't update the image myself, because it is used in project mailcow.

You can. Just change the Image Version in their compose file.

@christianbur
Copy link
Author

If there are no changes or security issues this can be perfectly fine.

If someone takes the trouble to always check the current security issues, it would be ok not to do any updates for a while. Since I haven't seen such an report yet, updates should be done regularly.

You can. Just change the Image Version in their compose file.

I am well aware of how this works, but the problem of a non-actual image does not concern me alone.

@SuperSandro2000
Copy link

This is Open Source Software no "Enterprise" so we usually don't do useless reports. If you encounter a specific issue or security issue in any dependency please open an issue about this or do a PR which mentions what you fixed.

@christianbur
Copy link
Author

You can consider this issue as security issue, I have pointed out that Alpine and golang are used in an outdated version and there is currently no regular refresh of the docker-ipv6nat image.

@christianbur
Copy link
Author

I gather from the reaction to this ticket that no importance is attached to security in this project.

@christianbur christianbur mentioned this issue May 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@robbertkl @SuperSandro2000 @christianbur