Update Docker images to latest stable versions#257
Merged
josecelano merged 4 commits intomainfrom Dec 29, 2025
Merged
Conversation
- Use Prometheus v3.5.0 LTS instead of v3.8.1 for 1-year support - Use Grafana 12.3.1 (latest major) instead of 11.5.0 - Update all references in table, specifications, and acceptance criteria - Maintain MySQL 8.4 LTS recommendation
- Update Trivy version from 0.65.0 to 0.68.2 - Re-run security scans on all three Docker images - Update scan results in docs/security/docker-image-security-scans.md Scan Results: - Prometheus v3.5.0: 3 HIGH (Go stdlib CVE-2025-47907, CVE-2025-58183, CVE-2025-61729) - Grafana 12.3.1: 0 vulnerabilities (clean) - MySQL 8.4: 4 HIGH (urllib3 CVE-2025-66418, CVE-2025-66471, gosu Go stdlib issues) All vulnerabilities are in dependencies (Go stdlib, urllib3, gosu), not core application code. Risk assessment: LOW - waiting for upstream vendors to release patched images.
MySQL 8.4 deprecated --default-authentication-plugin in favor of --mysql-native-password=ON. This change updates the docker-compose template to use the correct MySQL 8.4 syntax. The old parameter caused MySQL container initialization to fail with: 'unknown variable default-authentication-plugin=mysql_native_password' Verified working with MySQL 8.4.7 in manual E2E test.
Added comprehensive MySQL configuration examples and guidance to help users understand how to configure MySQL instead of SQLite. Changes: - docs/e2e-testing/manual/README.md: Added MySQL configuration example with required fields (host, port, database_name, username, password) - docs/e2e-testing/manual/mysql-verification.md: Fixed example configuration to show complete structure with all required fields The previous example was incomplete and showed an incorrect structure with a separate 'database' section. The correct configuration embeds all MySQL settings under tracker.core.database.
Member
Author
|
ACK eac6bbc |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates Docker images to their latest stable versions with long-term support, prioritizing security and maintenance windows.
Closes #253
Changes
Docker Image Updates
MySQL 8.4 Compatibility Fix
--default-authentication-plugin=mysql_native_passwordto--mysql-native-password=ONDocumentation Updates
docs/e2e-testing/manual/mysql-verification.mdTesting
Manual E2E Tests Completed
✅ SQLite Test - Full deployment workflow verified with:
✅ MySQL Test - Full deployment workflow verified with:
Security Scans
All images scanned with Trivy v0.68.2:
See
docs/security/docker-image-security-scans.mdfor detailed vulnerability information.Commits