Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stable docker image is out of date #301

Closed
houstonj1 opened this issue Mar 22, 2021 · 5 comments
Closed

Stable docker image is out of date #301

houstonj1 opened this issue Mar 22, 2021 · 5 comments

Comments

@houstonj1
Copy link

Description

Docker hub lists a stable tag for the docker cli as well as stable:dind for the docker engine, but when run, it is not a current release.

Questions I have:

  • Are stable and stable-dind image tags that are maintained?
  • What does stable mean?
  • Should anyone be using stable or stable-dind?

Steps to reproduce the issue:

  1. Pull latest stable image
docker pull docker:stable
  1. Run docker version using that image
docker run docker:stable version

Describe the results you received:
Got 19.03.14 as the version

Client: Docker Engine - Community
 Version:           19.03.14
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        5eb3275
 Built:             Tue Dec  1 19:14:24 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Describe the results you expected:
Expected to see a 20.10 version ( or the latest 19.03 release 19.03.15 )

Also, please let me know if this is not the best place for this issue. Thanks!
@yosifkit
Copy link
Member

yosifkit commented Mar 22, 2021
edited by tianon
Loading

Channel aliases were limited in: #179. The Docker Hub Page shows which are actively maintained under "Supported tags and respective Dockerfile links".

@tianon tianon transferred this issue from docker-library/official-images Mar 22, 2021
@houstonj1
Copy link
Author

That was exactly what I was looking for, thank you @yosifkit! 🎉

@bentolor bentolor mentioned this issue Oct 15, 2021
Closed
@danpalmer
Copy link

Just lost a few hours to this. Can we re-open?

If the stable image is not stable, it would be better to delete it rather than give users a false sense of security. The image has a number of security vulnerabilities.

@tianon
Copy link
Member

tianon commented Jan 7, 2025

As with all official images, the only supported tags are those listed in the README at https://hub.docker.com/_/docker.

@danpalmer
Copy link

I understand that, but the point is that there is an incorrectly named, dangerous to use tag.

I got the stable tag from somewhere, the reporter here did too. Now I don't know where I got that, but the fact is people are getting them. Saying that it's unsupported and to look at the README only works if the user has already looked at the README. I did not because I had a working stable image, no need to read about where to find one.

There are a bunch of options here: a warning when using unsupported official images, deleting them (they're unsupported after all). I'm surprised that official packages with security vulnerabilities are hosted in this way with no special treatment, maybe removing them isn't the best option, but hosting security vulnerabilities probably isn't the right option either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tianon @danpalmer @yosifkit @houstonj1