Releases · liquibase/docker

08 Dec 21:01

v5.0.3 SECURE Latest

Latest

Support for Liquibase Secure 5.0.3.

Major Improvements

Enhanced Vulnerability Detection: Improved Docker image vulnerability scanning to detect all customer-reported CVEs, including vulnerabilities in nested JAR dependencies and Python packages (#462)
- Deep dependency scanning extracts and scans nested JARs from Spring Boot fat JARs
- Scans Python packages from GraalVM virtual filesystems
- Parent JAR tracking shows which Liquibase JAR contains each vulnerable dependency
- Multi-scanner approach (Trivy + Grype) eliminates detection gaps

Fixed secure image naming duplication issue (liquibase/liquibase-secure-secure → liquibase/liquibase-secure) (#458)
Fixed artifact naming conflict causing 409 errors in vulnerability scanning workflow (#457)
Fixed Slack webhook notification failures in security scanning workflow (#457)
Resolved LPM automation conflict between workflows (#456)
Suppressed false positive CVE-2025-59250 for mssql-jdbc driver (#459)

Upgraded GitHub Actions runners from macos-13 to macos-15-intel for continued support (#460)

Full Changelog: v5.0.2-SECURE...v5.0.3-SECURE

Assets 2

19 Nov 20:08

v5.0.2 SECURE

Support for Liquibase Secure 5.0.2.

OpenShift Compatibility: Container can now run with arbitrary user IDs, enabling deployment in OpenShift environments with restrictive security context constraints (#438)
LPM Update: Updated Liquibase Package Manager to version 0.2.16 with latest features and fixes (#453)
Base Image Upgrade: Migrated to Ubuntu Noble 24.04 LTS for long-term support and security updates (#442)
Documentation: Updated README with comprehensive Liquibase 5.0 image changes and usage examples (#450, DAT-21145)

Fixed LPM automation conflict between workflows preventing simultaneous updates
Resolved search path override regression affecting changelog directory detection (DAT-21189, #451)
Fixed Trivy workflow vault secret handling and AWS credentials configuration
Corrected Slack webhook URL export from vault in security scanning workflow

Authentication Modernization: Migrated GitHub Actions workflows from liquibot to GitHub App authentication for improved security (DAT-21198, #454)
Release Process: Fixed duplicate Docker tag creation issue between SECURE and Community releases (DAT-20987, #446, #447)
Terminology Updates: Standardized naming from "OSS" to "Community" and "Pro" to "Secure" across workflows and documentation (#448)
Build Improvements: Updated S3 URL paths for Liquibase Secure builds and corrected RC build paths (#441, #455)