13 Releases 13 Tags

RSS Feed

• 0.2.3 21a8023bf1

  Compare

  NexaPG 0.2.3 - Security update Stable

  nessi released this 2026-02-14 22:14:54 +00:00 | 0 commits to main since this release

  Changed

  Frontend runtime image rollback (security compatibility tradeoff)

  • Rolled frontend runtime image back:
    • from nginxinc/nginx-unprivileged:stable-alpine
    • to nginx:1-alpine-slim
  • Kept frontend runtime port alignment introduced previously:
    • NGINX listens on 8080
    • Dockerfile exposes 8080
    • Compose maps ${FRONTEND_PORT}:8080

  Why This Release

  • The unprivileged image variant increased reported CVE count in our scanner output.
  • This release prioritizes lower vulnerability surface in current scan tooling while preserving functional behavior and port mapping.
  • CI security workflows were hardened in parallel to improve scan reliability and reporting confidence.

  CI / Security Scanning

  Docker Scout scan reliability fixes (development workflow)

  • Fixed Scout execution for local CI images by:
    • running Scout container with -u root
    • mounting Docker auth/config writable (removed read-only mount)
  • Resolved Scout runtime error:
    • failed create to sbom folder: mkdir /root/.docker/scout: read-only file system
  • Result: Scout can index and scan local backend/frontend images without pull/auth fallbacks.

  CI / Compatibility

  PostgreSQL matrix stability hardening (PG14–PG18)

  • Reduced matrix concurrency:
    • max-parallel: 3
  • Optimized checkout for reliability:
    • actions/checkout@v4 with fetch-depth: 1

  Notes

  • No database migration required.
  • Rebuild and republish frontend image, then redeploy to apply runtime image rollback.
  • If you use custom reverse proxies, continue targeting frontend container port 8080.

  Downloads

  • Source Code (ZIP)
  • Source Code (TAR.GZ)