29. July | Nicht kategorisiert

FULLSTACKS Bitnami Impact Assessment

66b4d7 0d4212faac65403c927f20832e222605mv2 - FULLSTACKS

Table of Contents

What is Changing?

Bitnami is changing the way container images are published and used: Instead of managing dozens of immutable, version-specific Docker tags in the public Bitnami registry, all these tags will be moved to a read-only “Legacy” namespace and frozen there. As of August 28, 2025, only a single current tag for each application will remain, which will be continuously updated instead of being tied to a fixed version. This change means that any Kubernetes deployment or Helm chart explicitly referencing a versioned Bitnami image tag (the default in most Helm charts) will no longer be able to retrieve this image after the relocation, unless you take measures to mirror or rename these assets before the deadline.

  • Versioned Tags Frozen: As of August 28, 2025, Bitnami will remove all version-specific Docker tags (e.g., 24.0.5-debian-12-r10) from the public registry (http://docker.io/bitnami ) and move them to a “Legacy” namespace (http://docker.io/bitnamilegacy ). These images will be frozen – there will be no further patches or security updates.

  • Only “latest” remains free: A single, continuously updated “latest” tag will remain publicly accessible. To continue receiving versioned, security-patched images with SBOM/VEX metadata, you must either subscribe to Bitnami Secure Images or maintain your own builds/mirrors.

Potential Impact

  • Pod Restarts Fail: Helm charts use fixed version tags by default. After the deadline, Kubernetes will no longer be able to retrieve these images, leading to CrashLoopBackOff and service outages!

  • Loss of Reproducibility: Using an unfixed current image impairs deterministic deployments and complicates audits, rollbacks, and compliance.

  • Security Risk: Older images will receive no further CVE fixes. Operating unpatched containers in production exposes you to avoidable security risks.
References:

https://github.com/bitnami/containers/issues/83267

https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications

Immediate Recommended Actions

This must be completed by August 28!

  • 1

    Cluster Inventory

    Check if you are using Bitnami images in your clusters. These could also originate from Helm charts that use Bitnami charts as dependencies. Therefore, check every image running in your clusters!

  • 2

    Mirror and Pin Critical Images

    Before August 28, pull your essential versioned tags into a private registry and then update your Helm charts to use the pinned images from your registry.

How We Can Help You

  • 1

    Bitnami Impact Check

    We offer a concise assessment to determine if and how this Docker tag change affects your environment. The goal is to provide an overview of whether immediate action is required, where it applies, and how severe the critical impacts might be.

  • 2

    Supply Chain Future-Proofing Workshop

    We will introduce best practices to future-proof your container supply chain and enable you to use certified, versioned, and secured enterprise-grade images from SUSE, RedHat, and other providers – ensuring you remain resilient even in the face of unexpected changes to upstream policies.

    Architectural Blueprint & Best Practices

    • Let us define a secure, reproducible CI/CD pipeline using OCI-compliant registries and CNCF-supported tools.
    • We will review the recommended best practices for SBOM generation, image signing (Cosign), vulnerability scanning, image signature validation, and policy enforcement.
    • Ensure version pinning and enable rollback procedures to guarantee deterministic deployments and auditable compliance.
    • We will review your activities in the container image supply chain and provide you with best practices for image management and implementation guidelines.

Interested in an individual assessment or a Custom Migration Plan?

Interested?

We secure your container supply chain – before August 28, 2025!

More Blog Posts

FULLSTACKS team 02 - FULLSTACKS
30. September | Nicht kategorisiert
FullStackS Announces New Brand Design – a Visible Sign of Aspiration, Excellence, and Results

Vienna, October 1, 2025 – FULLSTACKS, the leading provider of DevOps, Observability, Cloud-Native, and Security in the DACH region, is presenting its new brand image as of October 2025. [...]

clipboard image 1756115722 - FULLSTACKS
12. August | Nicht kategorisiert
End-to-End Visibility: Full Overview of IT Services with the Observability Solution Splunk

In modern IT landscapes, transparency is the key to stable, reliable, and efficient services. Lack of visibility often leads to critical incidents being noticed only when they are already [...]

66b4d7 0d4212faac65403c927f20832e222605mv2 - FULLSTACKS
29. July | Nicht kategorisiert
FULLSTACKS Bitnami Impact Assessment

What is Changing? Bitnami is changing the way container images are published and used: Instead of managing dozens of immutable, version-specific Docker tags in the public Bitnami registry, [...]

clipboard image 1756200914 - FULLSTACKS
25. July | Events
FULLSTACKS Achieves Splunk Elite Sell & Manage Partner Status in DACH

Vienna, July 25, 2025 – FullStackS has reached an important milestone in its corporate development: As the only partner in the German-speaking region, FullStackS now holds the Splunk [...]

clipboard image 1756196587 - FULLSTACKS
22. July | Nicht kategorisiert
Why FULLSTACKS with Cisco/Splunk is the Ideal FSI Partner

The financial industry is under immense pressure to change. Regulatory requirements such as DORA, the constant demand for digitalization, and the increasing need for cybersecurity and compliance challenge the [...]

clipboard image 1756115722 - FULLSTACKS
18. July | Nicht kategorisiert
FULLSTACKS Solution: SAP Monitoring with CSMon and Splunk

Full Transparency. Real-time Overview. Proactive SAP Monitoring. Our SAP monitoring solution combines Splunk ITSI with the SAP-specific monitoring engine CSMon and customized dashboards from our partners Consult/R and [...]

clipboard image 1756196587 - FULLSTACKS
28. April | Nicht kategorisiert
Building Blocks Instead of Construction Sites – Achieving the Perfect Pipeline with GitLab CI/CD Components

Why are Standardized Pipelines a Game Changer?Maintaining CI/CD pipelines can quickly become confusing and redundant in larger organizations, especially if each project uses its own templates or manual pipeline [...]

clipboard image 1756115722 - FULLSTACKS
25. March | Nicht kategorisiert
FinOps with FULLSTACKS: FinOps implemented – now what? Strategy for scaling!

FinOps as a Long-Term Lever, not a One-Off Project Many companies have successfully implemented FinOps and realized initial savings potential. However, the real challenge begins afterwards: How can [...]

fullstacks Cloud Elevate Prtner - FULLSTACKS
24. March | Events
FULLSTACKS is “Cloud Elevate Partner of the Year”

Orlando, March 11, 2025 – FullStackS is pleased to announce that they were awarded the title of "Cloud Elevate Partner of the Year" at the SUSE Partner Summit [...]

clipboard image 1756115722 - FULLSTACKS
18. March | Nicht kategorisiert
FinOps with FULLSTACKS: from Strategy to Implementation

Intro: how FullStackS Sustainably Operationalizes the Topic of "FinOpS" in Companies. Many companies recognize the importance of FinOps, but the real challenge lies in its implementation. Theory and [...]