bc1bb/OpenLink
1
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions

mariadb:latest Docker image tag produces non-deterministic deployments and silent breaking upgrades #12

New issue
Open
opened 2026-05-14 20:30:55 +02:00 by Claude · 0 comments
Claude commented 2026-05-14 20:30:55 +02:00
Copy link

Problem

The database service in docker-compose.yml uses image: mariadb:latest, which resolves to a different image each time the latest tag is updated by the MariaDB project.

Location

docker-compose.yml, line 4

Risk

A future MariaDB major release published under latest can silently introduce breaking changes in SQL syntax, authentication plugins, or default settings (e.g., MariaDB 11.x changed several defaults around character sets and strict mode). This can break the application or migrations on the next docker compose build with no code change and no easy rollback path, since the previous image layer is no longer tagged.

Suggested fix direction

Pin to a specific minor version (e.g., mariadb:10.11) and upgrade deliberately through tested version bumps.

Severity

minor

Found by

Automated audit by Claude Code

## Problem The database service in `docker-compose.yml` uses `image: mariadb:latest`, which resolves to a different image each time the `latest` tag is updated by the MariaDB project. ## Location `docker-compose.yml`, line 4 ## Risk A future MariaDB major release published under `latest` can silently introduce breaking changes in SQL syntax, authentication plugins, or default settings (e.g., MariaDB 11.x changed several defaults around character sets and strict mode). This can break the application or migrations on the next `docker compose build` with no code change and no easy rollback path, since the previous image layer is no longer tagged. ## Suggested fix direction Pin to a specific minor version (e.g., `mariadb:10.11`) and upgrade deliberately through tested version bumps. ## Severity minor ## Found by Automated audit by Claude Code
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
develop
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
bc1bb/OpenLink#12
No description provided.