Publish 20.x recipe version #12
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi folks,
I was exploring this recipe a bit more and got me a bit concerned as the image that we're using from Docker Hub
jboss/keycloak:16.1.1
has not been updated for 10 months. I can see that the latest stable is 20.0 as per the repo from Redhat, is there anything we can do about this as it doesnt seem to be an image on dockerhub?CC @3wordchant @decentral1se
🙏 - J
We could perhaps switch it to this image? https://hub.docker.com/r/keycloak/keycloak/tags
Good call, thanks @javielico! 🙏 Images switching repo is one area where we really don't have a good solution for automated monitoring. It recently hit our radar at Autonomic that our Keycloak recipe was falling behind (because of a warning from Dashy, of all things), it's on our list to sort out an update, and
keycloak/keycloak
seems like a great move.Race you to trying it out and making a PR for the switch! Either way, much appreciate your work investigating ✊
No worries @3wordchant, I will put it on my list to test out next week; I will have a look through the changelogs first and test it out on a dev enviroment before raising the PR.
Just to add for reference, here's a list of CVE's fixed since the version we've on the docker image (16.1.1)
I will treat these tests as priority for now just to avoid having a security hole on our identity services.
Nice, appreciate that research! 💯
Yeh, excellent to raise this. We need to get on it. We've slipped behind on several major version changes as I understand it? I think the upgrade path will be pretty hairy... haven't dug into it but yeh, let's fix this and get our shit upgraded! Thanks!
No problem @decentral1se, happy to help maintain the recipes!
@javielico we just managed to wire up the changes for an upgrade directly to latest in
2ac47abfcd
and tested it on two different deployments. It seems to work! It's late now, so not doing more of the release work for the recipe but will follow up.Thank you for the merge on this topic @decentral1se
Nice, so, this upgrade seems legit, have tested it a lot.
Just leaving this open to push the release / tag now.
Image has not been updated for 10 monthsto Publish 20.x recipe versionwoohoo we're running 20.x!