Skip to content

fix: pin postgres version to 17.6 (avoid any breaking changes) #4767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DonnieBLT merged 6 commits into from
Nov 10, 2025
Merged

fix: pin postgres version to 17.6 (avoid any breaking changes) #4767

DonnieBLT merged 6 commits into from
Nov 10, 2025

Conversation

@mdkaifansari04
Copy link
Contributor

@mdkaifansari04 mdkaifansari04 commented Nov 9, 2025
edited by coderabbitai bot
Loading

Fixes: #4765
Description
Pin Postgres Docker image to v17

Postgres 18+ changes the default data directory used by Docker, breaking compatibility with existing volumes created using Postgres 17 or earlier. The DB container fails to start if we use postgres:latest because our volume mount expects the old directory path.

Pinning the image to postgres:17 keeps our stack working and prevents unexpected crashes from automatic major upgrades. This fixes the startup issue without needing data migration.

Reference: Docker breaking change in Postgres 18

Docker compose test, runned successfully
2025-11-10_01-06-14

Summary by CodeRabbit

  • Chores
    • Updated PostgreSQL database image to version 17.6.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 9, 2025
edited
Loading

Walkthrough

The PostgreSQL Docker image tag in docker-compose.yml is updated from "postgres" to "postgres:17.6", pinning the database service to a specific version to ensure compatibility with existing data directory structures.

Changes

Cohort / File(s) Summary
PostgreSQL version pin
docker-compose.yml		 Update db service image tag from postgres (latest) to postgres:17.6

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately reflects the main change: pinning the Postgres Docker image version to 17.6 to prevent breaking changes from newer versions.
Linked Issues check ✅ Passed The PR fully addresses the requirements from issue #4765 by updating docker-compose.yml to pin Postgres to version 17.6, preventing container startup failures from incompatible data directory changes.
Out of Scope Changes check ✅ Passed All changes are directly related to the stated objectives; only the docker-compose.yml file is modified to update the Postgres image tag, with no extraneous modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8454396 and cde8d1c.

📒 Files selected for processing (1)
  • docker-compose.yml (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Run Tests
  • GitHub Check: docker-test
🔇 Additional comments (1)
docker-compose.yml (1)

3-3: Verify patch-level vs. minor-level pinning is intentional; align with PR description.

The change pins to postgres:17.6 (patch-specific), but the PR description references "postgres:17" (minor-version). This discrepancy should be clarified in the PR.

Note: PostgreSQL 17.6 (released 2025-08-14) fixes three security issues, so the version itself is security-patched. However, pinning to a specific patch means future 17.x releases (e.g., 17.7, 17.8) with new security fixes won't auto-apply on image rebuilds.

Considerations:

  • Patch-level lock (17.6): Ensures reproducibility and stability; requires manual updates if new CVEs emerge.
  • Minor-version lock (17): Allows patch-level updates within 17.x; balances security auto-updates with the goal of avoiding Postgres 18+ breaking changes.

Recommendation: Clarify whether patch-level pinning is intentional (for reproducibility) or if postgres:17 would better suit your maintenance strategy. Update the PR description to match the final choice.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-project-automation github-project-automation bot moved this from Backlog to Ready in 📌 OWASP BLT Project Board Nov 9, 2025
@DonnieBLT DonnieBLT merged commit 0668a4a into OWASP-BLT:main Nov 10, 2025
13 checks passed
@mdkaifansari04 mdkaifansari04 mentioned this pull request Nov 12, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DonnieBLT DonnieBLT DonnieBLT approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

📌 OWASP BLT Project Board
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pin Postgres Docker image to v17 to avoid breaking changes

2 participants

@mdkaifansari04 @DonnieBLT