DEV Community

loading...

📣Startups, Check your Database EOL before using it

yonixw profile image Yehonatan Water Man ・1 min read

A Cautionary tale 🐺👩‍🦰👵

In our startup, we develop a solution for the fin-tech section. Yesterday we realised that our clients will scan our dockers with a security radar agent every quater. It will probably be some McAfee product.

For the inexperienced me, That was quite a shock. It essentially creates another trigger for a development process other than adding features and fixing bugs.

After speaking with someone experienced, he told me that as long as a product did not reach its end of life (EOL) support, I don't need to update it. Side note: MongoDB 4.2 breaks our product, unlike mongo 4.0.

Apache, do you got me? 😎🤙

Now, because we were evaluating CouchDB (Apache project), I was looking for the EOL and I found the following [Source] : When a security-related release occurs, affected versions are immediately deprecated and no longer supported by the CouchDB team

Well, That is just unacceptable 🤢. You do realise that I can't put a DB in my production and fearing everyday that its end of support might just happen? Making me use an updated version that who knows if compatible or not?

Luckily, Both mongo [source] and elasticsearch [source] have a 1.5 year of support for each version. Giving that, I will have to use them as our production database candidates - only this way I can plan in advance when to upgrade and not be hit with it at the next security scanning.

Discussion

pic
Editor guide