It was discussed in some thread long ago. With the increase in serious CVEs it makes little sense to refresh and list as “supported” Solr versions that are in fact NOT supported. Such as even 8.10 will never get patched, so if users at docket hub sees it listed as supported and last built 2 days ago, they will think that it is a current release.
That means of course that users should either update their image version for each release or use 8.11 rather than 8.11.2 to get auto updated. You also have the mail thread over at users list where some advocate for daily docker rebuild and apt update to stay safe. Jan Høydahl > 14. jun. 2022 kl. 16:40 skrev Houston Putman <hous...@apache.org>: > > > Good question. > > I dont think the old tags will ever be deleted. The “supported tags” are > continually rebuilt with newer base images, and to get debian package > updates, etc. So 7.7 and 8.10 will continue to exist and users can pull the > image, but they will not get security fixes for debian/java down the line. > > - Houston > > >> On Tue, Jun 14, 2022 at 4:25 PM Mike Drob <md...@mdrob.com> wrote: >> I noticed that with the 9.0 release we made the decision to yank all of the >> older docker images. I wanted to get some clarity on the practical >> implications. >> >> On our Official Images page I see that we list 8.11.1 and 9.0 - is the plan >> going forward to continue to list only the latest in each line? So 8.11.1 >> will be replaced by 8.11.2 (soon, hopefully), etc... >> >> Just before writing this email, I was able to verify that I can still docker >> pull solr:7.7 - do we know how long this will continue to exist? Does >> dockerhub have an age-off policy? >> https://www.docker.com/blog/expanded-support-for-open-source-software-projects/ >> suggests that we are exempt from the data pull rate throttle, but I am >> unclear regarding retention times. >> >> I'm all for encouraging our users to move on to the latest and greatest >> version, but I'd prefer that we do it via carrots of new features, not the >> stick of their downloads disappearing. >> >> Thanks, >> Mike
