v12.30.0
github-actions
released this
30 Aug 15:56
·
447 commits
to master
since this release
12.30.0 (2022-08-29)
⚠ Important Change Notice
Please note that this release contains a security improvement for the Docker image. We went from running as the root
user to a non-root botpress
user by default. For more details about the Dockerfile USER
instruction, please refer to this documentation: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user.
Those changes will most likely not impact existing users but might require some to execute manual changes before being able to use the new image.
Only those who use or count on using local bind mounts for the /data
folder will need to follow these steps:
- On the host machine, create a
botpress
user withUID=999
andGID=999
.- E.g. on ubuntu the commands would look like:
groupadd -g 999 botpress && useradd -m -r -u 999 -g botpress botpress
- E.g. on ubuntu the commands would look like:
- Change the ownership of the local
/data
folder to the newly created user.- E.g.:
chown -R botpress:botpress <path to /data>
- E.g.:
- Now you can start the docker image using the
botpress
account and use the host mount with all the security improvements.
Or those that extend the botpress/server
image:
FROM botpress/server:v12_30_0
# Changes the user to root so you can run privileged commands.
+USER root
# Code that requires superuser privilege
# ...
# Switch back to the botpress user to keep the security improvement.
+USER botpress
Bug Fixes
- channel-web: dropdown should disable composer (#12102) (4c9924b)
- dockerfile: revert workaround and use proper solution (#12103) (3d2bf51)
- docker: fix passing env vars to running shell (#12051) (9e8f3a1)
- google-speech: error when detecting SSML (#12070) (c08a86e)
- security: only Super Admins can reboot the server (#12100) (39e2e0f)