Mosquitto v2.0.15 instead of latest or v2.0.18

McFlyPartages · April 17, 2024, 7:58am

Hi everyone,

I just noticed that the Mosquitto version is v2.0.15 and not latest like most containers created by Gladys.

Mosquitto is currently at version 2.0.18 and that fixes several (8) vulnerabilities.

V2.0.15

v2.0.18

Is there a reason for that?
(Personally, I like to see container versions and be able to act on them, because sometimes updates are not completed, e.g. Z2MQTT which loses some devices)

Thanks in advance

Here is a PR, but since I haven’t set up the dev features I didn’t test it. The only change is the mqtt version; no code changes

github.com/GladysAssistant/Gladys

Update mqtt version

master ← McFlyPartages:update_mqtt_version

ouvert 08:07AM - 17 Apr 24 UTC

McFlyPartages

+2 -2

### Pull Request check-list To ensure your Pull Request can be accepted as fa…st as possible, make sure to review and check all of these items: - [ ] If your changes affects code, did your write the tests? - [ ] Are tests passing? (`npm test` on both front/server) - [ ] Is the linter passing? (`npm run eslint` on both front/server) - [ ] Did you run prettier? (`npm run prettier` on both front/server) - [ ] If you are adding a new features/services, did you run integration comparator? (`npm run compare-translations` on front) - [ ] Did you test this pull request in real life? With real devices? If this development is a big feature or a new service, we recommend that you provide a Docker image to the community ([french forum](https://community.gladysassistant.com/)/[english forum](https://en-community.gladysassistant.com/)) for testing before merging. - [ ] If your changes modify the API (REST or Node.js), did you modify the API documentation? (Documentation is based on comments in code) - [ ] If you are adding a new features/services which needs explanation, did you modify the user documentation? See [the GitHub repo](https://github.com/GladysAssistant/v4-website) and the [website](https://gladysassistant.com). - [ ] Did you add fake requests data for the demo mode (`front/src/config/demo.js`) so that the demo website is working without a backend? (if needed) See [https://demo.gladysassistant.com](https://demo.gladysassistant.com). NOTE: these things are not required to open a PR and can be done afterwards / while the PR is open. ### Description of change Just update version of MQTT Brocker v2.0.15 to 2.0.18. https://community.gladysassistant.com/t/mosquitto-v2-0-15-au-lieu-de-latest-ou-v2-0-18/8835

damalgos · April 17, 2024, 11:31am

I haven’t looked, but it would be good practice not to use « latest » on Docker images.

If we update blindly, it might stop working one day because of an upgrade of another container which can also mess up the system if there are « breaking changes ».

In my opinion we should therefore open a ticket each time associated with the Docker

McFlyPartages · April 17, 2024, 1:50pm

Currently, apart from Mosquitto (on my instance with only Zigbee2MQTT and Mosquitto) only Mosquitto is using a numbered version; the rest are on « latest ». I think it’s because of Watchtower but I’ll confirm that pinning the version might be the best thing to do.

cicoub13 · April 17, 2024, 4:25pm

There was a bug in version 16, so we pinned the image to version 15

cicoub13 · April 19, 2024, 6:27am

But it’s worth testing 2.0.18, yes, thanks for your PR

McFlyPartages · April 19, 2024, 7:03am

Yes, I made a PR a bit hastily, sorry. I’ll be more careful next time.

Topic		Replies	Views
[Zigbee2mqtt] Impossible de configurer le service Configuration	15	552	April 27, 2023
Piloter un device MQTT depuis Gladys Configuration	55	2223	March 10, 2022
Changement de volume Configuration	9	630	November 21, 2022
Zigbee2MQTT et Synology ds920+ en 7.2, problème suite upgrade Synology Configuration	39	1152	November 1, 2023
Gladys Assistant 4.2 est disponible avec la compatibilité Zigbee2mqtt ! 🚀 Actualités	146	5617	May 17, 2021

Mosquitto v2.0.15 instead of latest or v2.0.18

Related topics