Red Hat Container Image Updates

Updated -

Red Hat recognizes that the advent of containers means that the supply chain has standardized and customers now require tighter interaction and integration between platform teams (RHEL), Middleware teams (JBoss, Software Collections) and even end developers. Red Hat provides two solutions to fill this need: an automated solution and a traditional, errata-style solution. Tools such as the OpenShift Build System (OSBS) make it possible to consume image updates automatically. Red Hat issues errata for container image updates, which supports more traditional (curated) workflows.

Below are the release schedules for Red Hat's most popular images.

Base RHEL and UBI Images

  • Built when a Critical or Important CVE is released: UBI container images are built wholly and completely from RHEL software packages. Critical and Important CVEs affecting software packages in RHEL, which are only a tiny subset of all of the changes released in RHEL, are patched and released as soon as possible, asynchronously from the standard release process, typically within hours or days. If one of these small number of Critical or Important CVEs affect an UBI container image, the image is automatically rebuilt and released, typically within hours or days.
  • Built every 6 weeks: The vast majority of features, bug fixes and lower priority CVE fixes in RHEL are developed, built, tested, documented and released on a standardized 6 week release cadence. As a final step in this RHEL release process, all UBI container images are rebuilt and released. This ensures that UBI always has the latest patches available in RHEL.

Update and maintenance lifecycle for applicable components align to the Red Hat Enterprise Linux Life Cycle.

OpenShift Container Platform (distributed in container image format)

  • Built every time RHEL base image is updated
  • Built every time there is an OpenShift/Atomic Platform CVE
  • Built every time there is a OpenShift/Atomic Platform release

Update and maintenance lifecycle for applicable components align to the Red Hat OpenShift Container Platform Life Cycle Policy.

Red Hat Software Collections

  • Built every time RHEL base image is updated
  • Built every time there is an Software Collections CVE
  • Built every time there is an Software Collection release

Update and maintenance lifecycle for applicable components align to the Red Hat Software Collections Product Life Cycle.

Red Hat JBoss Middleware for OpenShift

  • Built every time there is a JBoss Middleware Critical CVE
  • Built every time there is a Critical RHEL/JDK CVE

Update and maintenance lifecycle for applicable products align to the JBoss Middleware Product Update and Support Policy.

The complete list of JBoss Middleware OpenShift container images can be found in the Red Hat Middleware for OpenShift product documentation.

Comments