Ghost has again publicized a vulnerability in their software without a published Docker image without a published Docker image which contains the fix. Ghost has published 6.19.1 with a SQL injection fix, but the most recent Docker Official Image is at 6.18.2.
After this happened last time, I started collaborating with @ngeorger on a more secure alternate image and there’s now one that he created and I’ve successfully tested with 6.19.0. Perhaps he can push a 6.19.1 release soon.
Keep an eye out here, and look for releases with a -docker suffix. This is very new, and trying it out on a dev site is recommended!
I just submitted a patch to better document the new container option here:
As I mentioned there: “If you are moving from the Docker Hub image and don’t want to change the ownership of all your files, you can continue to use the same user with this image by specifying --user 100:1000 on a docker run line or updating a compose.yml file where you set image: to also set user: 1000:1000"
I submitted a second patch to start down the path of having these alternate images automatically published when Ghost makes a new release.