Skip to content

Upgrade Base Image of nginxinc/docker-nginx-unprivileged from stable-bullseye to stable-bookworm #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
michealch opened this issue Feb 2, 2024 · 6 comments
Closed

Upgrade Base Image of nginxinc/docker-nginx-unprivileged from stable-bullseye to stable-bookworm #183

michealch opened this issue Feb 2, 2024 · 6 comments
Labels
wontfix This will not be worked on

Comments

@michealch
Copy link

Is your feature request related to a problem? Please describe

Debian 12 has less CVS than Debian 11.
Trivy Scan results:
Screenshot 2024-02-02 at 11 31 56
Screenshot 2024-02-02 at 11 32 05

Describe the solution you'd like

The solution would be to update the base image from Debian stable-bullseye to Debian stable-bookworm.

Describe alternatives you've considered

Additional context

--
@24367dfa
Copy link

24367dfa commented Feb 2, 2024

this is already available as nginx-unprivileged:mainline/nginx-unprivileged:bookworm

@24367dfa
Copy link

24367dfa commented Feb 2, 2024

the debian project currently designates bullseye as oldstable and bookkworm as stable.

this should be reflected in the tags for the nginx-unprivileged container.

@michealch
Copy link
Author

michealch commented Feb 2, 2024
edited
Loading

It would be great if the image tag naming convention could align with the server versioning format, specifically using the structure: MAJOR.MINOR.PATCH-$(stable/mainline)-$(os-version).

@michealch
Copy link
Author

this is already available as nginx-unprivileged:mainline/nginx-unprivileged:bookworm

Correct me please, if I am wrong. As far as I know, the mainline version is 1.25.3, which, according to the official NGINX website, is not stable. According to the NGINX Inc. website, 1.24.x is stable and received its latest update on April 11, 2023.

@alessfg
Copy link
Member

alessfg commented Feb 2, 2024

There are three things to comment on here:

  1. This is an unprivileged port of the Docker NGINX images/repo. The naming convention here is not going to change unless the Docker NGINX images change their naming convention too. If you want to propose any changes (such as adding additional tags -- we are not going to remove the tag system already in use), I'd suggest you bring it up here https://github.com/nginxinc/docker-nginx.
  2. Following up from 1., the Docker NGINX image only bumps base os images when there's a new NGINX release. There has not been a stable NGINX release since Debian bookworm was released, and thus the stable image has not been bumped to it yet. See this issue for some of the reasoning from the maintainer of the core project Stable images are still based on alpine 3.17 docker-nginx#847.
  3. While the stable branch is obviously more stable, that does not mean that the mainline branch is not stable. All new development and features is made on the mainline branch, and then once a year those changes get back-ported to the stable branch. In fact, NGINX Plus, NGINX's enterprise offering, is built on the latest mainline releases, which just goes to show how stable it is.

@alessfg
Copy link
Member

alessfg commented Feb 2, 2024

I've gone ahead and updated the README to hopefully make some of the points raised here a bit more clear 3ae099e

@alessfg alessfg closed this as completed Feb 2, 2024
@alessfg alessfg added the wontfix This will not be worked on label Feb 2, 2024
@alessfg alessfg assigned alessfg and unassigned alessfg Feb 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@24367dfa @alessfg @michealch