Upgrade Base Image of nginxinc/docker-nginx-unprivileged from stable-bullseye to stable-bookworm

Question

Upgrade Base Image of nginxinc/docker-nginx-unprivileged from stable-bullseye to stable-bookworm

Closed this issue 2 years ago · 6 comments

michealch commented 2 years ago

Is your feature request related to a problem? Please describe

Debian 12 has less CVS than Debian 11.
Trivy Scan results:

Describe the solution you'd like

The solution would be to update the base image from Debian stable-bullseye to Debian stable-bookworm.

Describe alternatives you've considered

Additional context

--

Answer 1 · 2024-02-02T13:10:16.000Z

this is already available as nginx-unprivileged:mainline/nginx-unprivileged:bookworm

Answer 2 · 2024-02-02T13:14:05.000Z

the debian project currently designates bullseye as oldstable and bookkworm as stable.

this should be reflected in the tags for the nginx-unprivileged container.

Answer 3 · 2024-02-02T13:49:50.000Z

It would be great if the image tag naming convention could align with the server versioning format, specifically using the structure: MAJOR.MINOR.PATCH-$(stable/mainline)-$(os-version).

Answer 4 · 2024-02-02T19:59:51.000Z

this is already available as nginx-unprivileged:mainline/nginx-unprivileged:bookworm

Correct me please, if I am wrong. As far as I know, the mainline version is 1.25.3, which, according to the official NGINX website, is not stable. According to the NGINX Inc. website, 1.24.x is stable and received its latest update on April 11, 2023.

Answer 5 · 2024-02-02T20:57:26.000Z

There are three things to comment on here:

This is an unprivileged port of the Docker NGINX images/repo. The naming convention here is not going to change unless the Docker NGINX images change their naming convention too. If you want to propose any changes (such as adding additional tags -- we are not going to remove the tag system already in use), I'd suggest you bring it up here https://github.com/nginxinc/docker-nginx.
Following up from 1., the Docker NGINX image only bumps base os images when there's a new NGINX release. There has not been a stable NGINX release since Debian bookworm was released, and thus the stable image has not been bumped to it yet. See this issue for some of the reasoning from the maintainer of the core project nginx/docker-nginx#847.
While the stable branch is obviously more stable, that does not mean that the mainline branch is not stable. All new development and features is made on the mainline branch, and then once a year those changes get back-ported to the stable branch. In fact, NGINX Plus, NGINX's enterprise offering, is built on the latest mainline releases, which just goes to show how stable it is.

Answer 6 · 2024-02-02T21:41:07.000Z

I've gone ahead and updated the README to hopefully make some of the points raised here a bit more clear 3ae099e