From 11ad828780a74ff882db3c811f027332fb477e01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Neves?= Date: Mon, 29 Jun 2026 22:06:32 +0000 Subject: [PATCH] docs(deployment): pin nginx image version in SSL docker-compose example The SSL/TLS production docker-compose example used image: nginx:alpine, a floating tag that follows the latest stable nginx release. This means: - A new nginx major version could ship and break the setup without any code changes - Two developers building on different days could get different nginx versions - The Security Considerations section already recommends using specific image tags (nginx:1.25-alpine), but the example itself didn't follow this recommendation Pinning to nginx:1.25-alpine is consistent with: - PR #220 which pins FROM nginx:alpine to nginx:1.25-alpine in the Dockerfile - The 'Use specific image tags' guidance in the Security Considerations section of this same file It tracks patch releases within a stable series while preventing unexpected major version jumps. --- DEPLOYMENT_DOCKER.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPLOYMENT_DOCKER.md b/DEPLOYMENT_DOCKER.md index 45802f9..375e0d7 100644 --- a/DEPLOYMENT_DOCKER.md +++ b/DEPLOYMENT_DOCKER.md @@ -67,7 +67,7 @@ services: - web nginx: - image: nginx:alpine + image: nginx:1.25-alpine ports: - "80:80" - "443:443"