The hash in each changelog entry communicates the container hash in which the change was made. There will only ever be multiple hashes in a single version entry if the underlying image was rebuilt to fix a security vulnerability.
55ed4d3014e3): Improvements on search/indexing -
- Sign over the edek protobuf when we create it and verify it on deserialization.
- Add prefix/suffix substring (trigram) support.
ffbdd6f56e80): Initial release -
- Automatically select the best filter on query
- Add a check to make sure the requesting tenant matches resulting document
- Add phonetic filter to analyzer
- Allow changing analyzers in config file
- Upgrade to alpine-3.14, and rust-1.54
- Dependency updates
64dd18ac078f): Initial release -
- Initial version of CSP
The Cloaked Search Docker container follows normal Semver style versioning. A change in version of the container means that there was some code change that occurred within the image. However, in order to follow best practices and address possible security vulnerabilities within the underlying image used in the container, we will also periodically update the base image of one or more tagged versions. This will cause the container hash to change, but the tag to remain the same.
The following policy will be used. The primary goal of this policy is to communicate changes when they occur within the container, quickly address and fix vulnerabilities in current/old versions, and to avoid hosting tagged, vulnerable images within our registry.
- Docker image tags WILL change if there are code changes within the image. This means that between
1.4.2there are direct code changes between the two images.
- Docker image tags WILL change if we modify the underlying base image to move to a completely different image, i.e.
slimor something similar.
- Docker image tags WILL NOT change if all that is changing is the base image to fix a container vulnerability.
- Tagged Docker images will not be removed from our public registry until the version with which they are tagged has been deprecated and teh deprecation grace period has expired. Pre-release/beta tags (those in the form
x.y.z-betaN) do not require a deprecation period before they are removed.
- Untagged images with or without vulnerabilities will continue to be available in the public registry until the end of their retention period, which is defined in our deprecation policy.