lagoon-images 23.10.0

Security Releases addressed in this release

libwebp (CVE-2023-4863)

Released fix 1.3.2 for all impacted images

Other versions have:

• (php-8.0-x): secfix 1.2.3-r2 - (fixes CVE-2023-4863) - reference

curl/libcurl (CVE-2023-38545, CVE-2023-38546)

Released fix 8.4.0 for all impacted images

Other versions have:

• (opensearch-2) secfix 8.3.0-1.amzn2023.0.2 (fixes CVE-2023-38545, CVE-2023-38546) - reference
• (solr-7, varnish-6) secfix 7.74.0-1.3+deb11u10 (fixes CVE-2023-38545, CVE-2023-38546) - reference
• (solr-8) secfix 7.68.0-1ubuntu2.20 (fixes CVE-2023-38546 only) - reference

Two versions unpatched:

• (mariadb-10.4, mariadb-10.5) - both are used in local development only, are built from unsupported base images. You should consider updating any references to mariadb-10.6 or mariadb-10.11

Other changes in this release

• modify main builds to purge docker cache @tobybellwood (#850)
• force update php-based images curl to 8.4.0 @tobybellwood (#847)
• add New Relic Application Logging variables @tobybellwood (#846)
• use 6.0-lts version for Varnish-6 @tobybellwood (#848)

Package Updates

• Update php Docker tag to v8.2.11 (main) @renovate (#841)
• Update php Docker tag to v8.1.24 (main) @renovate (#840)
• Update dependency composer/composer to v2.6.5 (main) @renovate (#844)
• Update dependency composer/composer to v2.6.4 (main) @renovate (#838)
• Update dependency newrelic/newrelic-php-agent to v10.13.0.2 (main) @renovate (#843)
• Update dependency blackfireio/docker to v2.22.0 (main) @renovate (#836)
• Update alpine Docker tag to v3.18.4 (main) @renovate (#837)
• Update Node.js to v20.8 (main) @renovate (#839)
• Update openresty/openresty Docker tag to v1.21.4.2-1-alpine (main) @renovate (#835)
• Update opensearchproject/opensearch Docker tag to v2.10.0 (main) @renovate (#834)
• Update python Docker tag to v3.11.6 (main) @renovate (#842)
• Update rabbitmq Docker tag to v3.10.25 (main) @renovate (#661)

Full Changelog: 23.9.0...23.10.0