{question}
I’m reviewing multiple vulnerabilities in SingleStore container image releases, especially for 8.5 - what steps should I take?
{question}
{answer}
SingleStore packages database software for our on-prem customers as pre-built container images, usually accessible through DockerHub. SingleStore scans these container images internally for vulnerabilities. Any vulnerabilities discovered are addressed through SingleStore’s vulnerability management process. These processes are continuously monitored to stay current with new vulnerabilities, which are published weekly or even daily on public vulnerability databases and in software components (some not directly used by our software) that become outdated over time.
We have received reports of an increasing number of vulnerabilities in our SingleStore 8.5 releases, and we are working to patch them following our internal vulnerability management practices. However, we also want to inform our customers that since 8.5 is currently the oldest release available from SingleStore (and it is approaching EOL in January 2026), it will be the last one to receive patches, as our Engineering teams address issues in a cascading manner from the latest release to the oldest.
If you’re a SingleStore Helios customer, no action is required from you since this bulletin applies only to on-prem customers using older versions of our software.
If you’re running SingleStore self-managed, we recommend upgrading to the latest versions of 8.7, 8.9, or 9.0.
{answer}