Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Changed

sshd: no longer accept RSA keys < 2048 bits for authentication

Fixed

protect against SSH_CLIENT_PUBLIC_KEYS containing term "MYSQLDUMP_ARGS="

2.0.1 - 2021-06-20

Fixed

entrypoint: unset no longer needed MYSQLDUMP_ARGS variable

2.0.0 - 2021-04-11

Added

openssh-server: ed25519 host key
docker-compose: cpu & memory resource limits
image labels:
- org.opencontainers.image.revision (git commit hash via build arg)
- org.opencontainers.image.source (repo url)
- org.opencontainers.image.title

Changed

authorize public keys in env var SSH_CLIENT_PUBLIC_KEYS (instead of mounting /home/dump/.ssh/authorized_keys)
fail early when env var MYSQLDUMP_ARGS is not set
openssh-server: listen on port 2200 (previously 2222)
docker-compose: read-only container root filesystem
docker-compose: require version 2.3

Fixed

Dockerfile & docker-compose: add registry to base image specifiers for podman
docker-compose: drop capabilities, disallow gaining new privileges

Removed

openssh-server: disabled message authentication code algorithms hmac-sha2-512, hmac-sha2-256 & umac-128@openssh.com (as recommended by ssh-audit.com)

1.0.0 - 2020-01-10

Added

openssh server invoking mysqldump when client connects