v12.30.0
·
447 commits
to master
since this release
12.30.0 (2022-08-29)
⚠ Important Change Notice
Please note that this release contains a security improvement for the Docker image. We went from running as the root user to a non-root botpress user by default. For more details about the Dockerfile USER instruction, please refer to this documentation: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user.
Those changes will most likely not impact existing users but might require some to execute manual changes before being able to use the new image.
Only those who use or count on using local bind mounts for the /data folder will need to follow these steps:
- On the host machine, create a
botpressuser withUID=999andGID=999.- E.g. on ubuntu the commands would look like:
groupadd -g 999 botpress && useradd -m -r -u 999 -g botpress botpress
- E.g. on ubuntu the commands would look like:
- Change the ownership of the local
/datafolder to the newly created user.- E.g.:
chown -R botpress:botpress <path to /data>
- E.g.:
- Now you can start the docker image using the
botpressaccount and use the host mount with all the security improvements.
Or those that extend the botpress/server image:
FROM botpress/server:v12_30_0
# Changes the user to root so you can run privileged commands.
+USER root
# Code that requires superuser privilege
# ...
# Switch back to the botpress user to keep the security improvement.
+USER botpressBug Fixes
- channel-web: dropdown should disable composer (#12102) (4c9924b)
- dockerfile: revert workaround and use proper solution (#12103) (3d2bf51)
- docker: fix passing env vars to running shell (#12051) (9e8f3a1)
- google-speech: error when detecting SSML (#12070) (c08a86e)
- security: only Super Admins can reboot the server (#12100) (39e2e0f)