FullStackS Bitnami Impact Assessment

What’s Changing?

Bitnami is reorganizing the way its container images are published and consumed: instead of maintaining dozens of immutable, version‐specific Docker tags in the public Bitnami registry, all of these tags will be moved into a read-only “legacy” namespace and frozen in place. From August 28, 2025 onward, only a single latest tag for each application will remain in it, which will be continuously updated rather than tied to a fixed release. This shift means that any Kubernetes deployment or Helm chart which explicitly references a versioned Bitnami image tag (default in most helm charts) will be unable to pull that image once it’s relocated, unless you take action to mirror or rename those assets ahead of the cutoff.

• Versioned tags frozen: As of August 28, 2025, Bitnami will remove all version-specific Docker tags (e.g. 24.0.5-debian-12-r10) from the public registry (docker.io/bitnami) and relocate them to a “legacy” namespace (docker.io/bitnamilegacy). Those images will be frozen—no further patches or security updates.

• Only “latest” remains free: A single, continuously updated latest tag will remain publicly accessible. To continue receiving versioned, security-patched images with SBOM/VEX metadata, you must either subscribe to Bitnami Secure Images or maintain your own builds/mirror.

Potential Impact

• Pod restarts will fail: Helm charts default to pinned version tags. After the cutoff date, Kubernetes cannot pull those images, leading to CrashLoopBackOff and service outages!

• Loss of reproducibility: Relying on an unpinned latest image breaks deterministic deployments, complicating audits, rollbacks, and compliance.

• Security exposure: Legacy images receive no further CVE fixes. Operating unpatched containers in production exposes you to preventable vulnerabilities.

References:

• https://github.com/bitnami/containers/issues/83267

• https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications

Immediate Recommendations

You have to do this before the 28th of August!

1. Inventory your clusters

   Check if you are using bitnami images in your clusters, these could also come from helm charts that use bitnami charts as dependencies. So check every image running in your clusters!

   
   

2. Mirror and pin critical images

   Before August 28, pull your essential versioned tags into a private registry, then update your Helm charts to use the pinned images from your registry.

How we can help you

1. Bitnami Impact Check

   We offer a compact assessment to find out whether and how this change to the Docker tag affects your environment. The objective is to obtain an overview of whether immediate action is required, where this applies, and how significant the critical impact may be.

   
   

2. Supply Chain Future-Proofing Workshop

   We’ll both outline best practices to future-proof your container supply chain and help you consume certified, versioned and secured enterprise ready images from SUSE, RedHat and others – helping you stay resilient against unexpected upstream policy changes.

   
   

   Architectural Blueprint & Best Practices

   • Let’s define a secure, reproducible CI/CD pipeline using OCI-compliant registries and CNCF-backed tooling.

   • We’ll go through recommend SBOM generation, image signing (Cosign), vulnerability scanning, image signature validation, and policy enforcement best practices.

   • Ensure version-pinning and enable rollback procedures to ensure deterministic deployments and audit-ready compliance.

   • We’ll review your container image supply chain activities and provide you with image management best-practices and implementation guidelines.

Interested in scheduling an assessment or getting a custom migration plan?

Let’s secure your container supply chain—before August 28th 2025.