DEV Community

Yehonatan Water Man
Yehonatan Water Man

Posted on

1 1

📣Startups, Check your Database EOL before using it

A Cautionary tale 🐺👩‍🦰👵

In our startup, we develop a solution for the fin-tech section. Yesterday we realised that our clients will scan our dockers with a security radar agent every quater. It will probably be some McAfee product.

For the inexperienced me, That was quite a shock. It essentially creates another trigger for a development process other than adding features and fixing bugs.

After speaking with someone experienced, he told me that as long as a product did not reach its end of life (EOL) support, I don't need to update it. Side note: MongoDB 4.2 breaks our product, unlike mongo 4.0.

Apache, do you got me? 😎🤙

Now, because we were evaluating CouchDB (Apache project), I was looking for the EOL and I found the following [Source] : When a security-related release occurs, affected versions are immediately deprecated and no longer supported by the CouchDB team

Well, That is just unacceptable 🤢. You do realise that I can't put a DB in my production and fearing everyday that its end of support might just happen? Making me use an updated version that who knows if compatible or not?

Luckily, Both mongo [source] and elasticsearch [source] have a 1.5 year of support for each version. Giving that, I will have to use them as our production database candidates - only this way I can plan in advance when to upgrade and not be hit with it at the next security scanning.

Retry later

Top comments (0)

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up