I'm a huge fan of the Splunk Docker container. I noticed the 'latest' tag hasn't been updated in a few months and is still Splunk Enterprise 8.2.5 even though Splunk Enterprise 8.2.6 has been released. Then I noticed that even though 'latest' hasn't updated, the image for Splunk Enterprise 8.2.6 has been added to the Docker images list. See splunk/splunk tags.
I'm no Docker expert so I'm guessing I am just missing some obvious thing....
Why is the splunk/splunk:latest not pointing to the latest release of splunk/splunk:8.2.6?
Hi! This is likely just due to an error in our build and publish pipeline when 8.2.6 was released. I'll fix that today so that the image tagged as `latest` is in fact accurate. Appreciate you calling it out and sorry for any confusion.
There's more: The email address listed in the README on the Docker hub is docker-maint@splunk.com
But that address does not exist:
docker-maint@splunk.com
[142.251.2.27]
Remote Server returned '554 5.0.0 <[142.251.2.27] #5.0.0 smtp; 5.1.0 - Unknown address error 550-"5.1.1 The email account that you tried to reach does not exist.
Hi! This is likely just due to an error in our build and publish pipeline when 8.2.6 was released. I'll fix that today so that the image tagged as `latest` is in fact accurate. Appreciate you calling it out and sorry for any confusion.
We are now more than 1 month post CVE-2022-32158 and customers running Splunk 8 on Docker are still waiting for a fix.
The latest docker images are 8.1.10 and 8.2.6 (both from 3 months ago).
No sign of 8.1.10.1 or 8.2.6.1, despite this being a critical vulnerability with a score of 9.0.
I would really appreciate if this could be addressed so we can run the latest in Docker.