There are major and minor versions of each supported Docker image. How Treasure Data suggests using each version in addition to our approach to releasing each one is outlined below.
Learn more about:
The latest major version of the docker image is digdag/digdag-python:3.9. This is the alias for the latest digdag/digdag-python:3.9.x (3.9.1)
We generally recommend using this the major version because of the following:
Longer Support Period
The End of Support period is set to at least 27 months. Our customer support team contacts you if migration has not been done on deprecation, because we want to make sure all of our customers have finished migrating before deprecating it.
Security Patches are Applied
Treasure Data applied security patches, using the latest minor version. These are periodically updated. Also, Docker container security scan results are monitored on a regular basis.
The latest minor version of the docker image is digdag/digdag-python:3.9.1
We only recommend using a minor version if you want to continue using particular docker images and library versions to keep API compatibilities. You should consider the following when using minor versions:
Shorter Support Period
We encourage migration to new 3.9.x(+1). We expect 1-6 months for the release cycle of minor version updates, depending on security assessments. Each time a minor version is released, customers are encouraged to migrate to the new one because it has less vulnerabilities. However, migration is not mandatory.
To ensure the security of the system and reduce maintenance burden, only three minor versions are maintained. The oldest one will be deactivated, with a 2-month migration period when the number of minor versions has reached 4 or more. Customers are notified 2 months before deprecation. We plan to notify customers with deprecation plans beforehand through the monthly release notes and/or through Customer Success channels. Customers are notified of new minor version releases through the monthly release note.
Critical Bugs Fixed
With minor versions, only critical bugs, such as bugs in pytd, are fixed. It SHOULD keep API compatibilities. Therefore, it can contain high severity vulnerabilities.
Applying security updates can break API compatibilities since security-only fixes are sometimes not available. Ensuring security and keeping API compatibility can conflict.
If you want to use the latest version of Docker image digdag/digdag-python:3.9.x, use the major version (e.g. digdag/digdag-python:3.9). If you want to continue with a particular Docker image, use the minor version (e.g. digdag/digdag-python:3.9.1).
Although, we generally recommend using the major version, you can use the minor version for a temporary workaround when you find API compatibility issues. Contact Support if you find problems during the migration process.
Docker Image Release Plan
Treasure Data plans to release a new minor Docker image, digdag-python:3.9.x(+1) when a critical vulnerability is reported. Under consideration is a 1-6 months release cycle for minor version upgrades (subject to change due to the presence of critical vulnerabilities).
If fundamental problems are found in the minor version (e.g., critical pytd bug fix), the existing minor version is replaced with minimum changes. In that case, it should not affect the customer’s workloads.
A new major version will be introduced when a new Debian Long-Term Support (LTS) version is released and/or a new Python major version is released as a stable version.