Container Images Changes 2026

Last modified 10 Jun 2026 10:56 +02:00

We consolidated our container image tagging strategy in June 2026, as described in Container Images Naming Conventions. This document describes the now obsolete strategy and the changes for each stability channel.

June 2026 Changes

The main changes in the container images and their naming are:

  • The default user for the container is changed from root to non-root user midpoint.
    This affects only midPoint 4.11.x and newer versions; older supported branches (4.8, 4.9 and 4.10) are not affected.

  • The default Base OS changes from Ubuntu 22.04 to Alpine-3.23.
    This affects only midPoint 4.11.x and newer versions; older supported branches (4.8, 4.9 and 4.10) are not affected. However, newer Ubuntu LTS versions may be used for upcoming maintenance releases.

  • Base OS versions will be continuously updated for newer releases.
    This affects all upcoming releases starting with 4.8.12, 4.9.7, 4.10.3 and 4.11.0.

  • Version-specific images will be contiously patched on the Base OS layer level (no breaking changes).
    This affects all upcoming releases starting with 4.8.12, 4.9.7, 4.10.3 and 4.11.0.

Default Container User

Previous images were built to run as root, which is not the best practice.

Images for midPoint 4.11.0 and newer (including 4.11-<os>-nightly and nightly) are created to run as a non-root user midpoint with UID 1000.

Images for already existing supported branches (4.8, 4.9 and 4.10) will still use root to avoid additional issues during updates.

If a midPoint container detects at startup that $MP_DIR is not writable by the running user, it prints out a warning and suggested steps for Kubernetes deployments.

Tag Changes

The following table summarizes the changes you should make depending on the tag you used previously.

The table abstracts from components that do not affect the stability channel, namely the <os> component. The default OS was changed from ubuntu to alpine starting with midPoint version 4.11. Just like the change of the default container user, this only affects midPoint releases in the 4.11 branch and onwards. Older supported branches (4.8, 4.9 and 4.10) will still use ubuntu as their default image, even for newer maintenance releases.

We recommend that you omit the OS component in the tag. In the future, midPoint will likely use only a single base OS image, even though it may support alternative procedures to build your own image if you insist on a different base OS.
Stability Channel Legacy tag format Current tag format Notes

Version-specific - immutable image

<major>.<minor>[.<patch>]

…​/midpoint@sha256:abcd123…​

Recommended only for the strictest types of deployments.

Version-specific - patched OS

not available

<major>.<minor>.<patch>

Recommended for production with automatic security updates for the base layer. MidPoint itself stays the same on the binary level.

Latest stable release on a supported branch

not available

<major>.<minor>-latest

Last stable release in the designated branch (initial or maintenance).

Latest stable release on the latest supported branch

latest

latest

Last stable release in the designated branch (initial or maintenance).

Support branch latest development build

<major>.<minor>-support

<major>.<minor>-nightly

We completely discontinue the use of support in the tag scheme. It is confusing to track the development release on the support branch, suggesting "support" at the same time.

Latest development build

devel

nightly

Any development build now contains nightly.

Obsolete Image Naming

This is a legacy tagging scheme used for images published on Docker Hub up to the maintenance releases 4.10.2, 4.9.6, and 4.8.11 LTS.

The next releases, 4.10.3, 4.9.7, and 4.8.12 LTS will be released in compliance with the new tagging strategy.

The full Docker image name consists of the base image name and a tag separated by a colon:

<image-name>:<tag>

The base image name is fixed (evolveum/midpoint) while the tag differs depending on the midPoint version and the base operating system (OS) used for the image.

The following base operating systems are supported:

Table 1. Used base OSs for images and their tag suffixes
Base OS Suffix for the tag Description

Alpine

-alpine

Planned to replace Ubuntu as the default.

Rocky Linux

-rockylinux

Ubuntu

-ubuntu

Default. Omitting the suffix defaults to "-ubuntu".

See examples of full image names:

Table 2. Examples of tags
Version Base OS Full image name

4.8 release

Ubuntu

evolveum/midpoint:4.8

4.8 release

Rocky Linux

evolveum/midpoint:4.8-rockylinux

4.8-support (snapshot)*

Alpine

evolveum/midpoint:4.8-support-alpine

latest dev build

Alpine

evolveum/midpoint:devel-alpine

latest dev build

Ubuntu

evolveum/midpoint:devel-ubuntu
evolveum/midpoint:devel

last released version (4.10.2)

Alpine

evolveum/midpoint:latest-alpine
evolveum/midpoint:4.10.2-alpine

last released version (4.10.2)

Ubuntu

evolveum/midpoint:latest
evolveum/midpoint:latest-ubuntu
evolveum/midpoint:4.10.2

  • Support images are built from unreleased code. They are used to aggregate bug fixes between releases. If you are looking for a bug fix, i.e. the respective ticket is closed and has a code update, the fix will be included in the first subsequent support build. The name of this tag can change in time so it is recommended to check the naming from time to time.

  • Since version 4.8.3, images are published for the AMD64 and ARM64 platforms. The images are published with a multi-platform manifest. You only need to request a tag, and the appropriate platform is selected automatically.

See Also

Was this page helpful?
YES NO
Thanks for your feedback