Skip to content

v4.4.0

Choose a tag to compare

View all tags
@jaydrogers jaydrogers released this 14 May 22:01
· 1 commit to main since this release
Immutable release. Only release title and notes can be modified.
v4.4.0
b99afeb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🚨 Important security updates for all users

Note

There have been a lot of CVEs coming out in upstream dependencies recently. We encourage all users to update their versions immediately.

Review our upgrade guide for more details →

NGINX v1.30.1

We upgraded from NGINX 1.28.3 to the newest stable version of 1.30.x. This is a big feature update for NGINX users, but also includes the critical 1.30.1 patch to address a number of CVEs. See what's new in NGINX:

Composer security updates

Composer has also had a number of security vulnerabilities published over the last few weeks. We are shipping the latest version of Composer at the time of this publishing (2.9.8). This addresses an important CVE where Composer could leak GitHub tokens into CI/CD logs.

Be sure to review their security disclosures for more detail: https://github.com/composer/composer/security

Clarity on how our updates work

As we all settle into this new world of AI, we anticipate many more critical CVEs to be published in dependencies and we will be sure to keep you updated. There were also some questions regarding which images get automated updates and how to lock in your tags. Both directions have pros and cons, so we updated our upgrade guide below.

Understand how our updates work and how to upgrade →

Full Changelog: v4.3.5...v4.4.0

Assets 3
Loading