@mohant thanks for testing! I’m working on the release pipeline right now. Given no surprises it should be ready today or Tuesday.
@raff We have upgraded & tested the OpenMRS code with image based on openmrs-core:2.5.x-nightly docker base images. After deploying with latest image we verified the vulnerability report which we are generating using security tool Trivy. Happy to share the below details with you.
Old image Vuln: Critical =82 High =360
Latest upgraded image Vuln: Critical =1 High =20
This is the only Critical issue currently Trivy is reporting:
This is a great achievement. The upgrade helps us a lot with vulnerability issues getting fixed. Waiting for the final tagged image 2.5.9 to be released so that we can base our image with a specific tagged release.
Thanks so much for this update @mradul.jain! Wow that is a huge difference in the vulnerabilites between images.
Re. the Liquibase upgrade need - I’ve just filed that here: [TRUNK-6155] Upgrade 2.6 Platform to Liquibase 4.8.0 - OpenMRS Issues
Please add any additional details there
openmrs-core 2.5.9 has been released with the docker image!
I made further improvements to the image including running production image as non-root user following the bitnami images convention.
Please let me know once you get a chance to test the released image! Thanks!
Thanks for the update @raff. We will update our image tag and test.
This bug will finally be fixed in core 2.7.0 thanks to @k4pran. However, as suspected, there is a breaking change in Liquibase between 4.4 and 4.8 that may require changes to down-stream modules, including Bahmni Core.