Hey,
i am wondering why the docker dremio-oss images at https://hub.docker.com/r/dremio/dremio-oss/tags didn’t get updated for 3 months despite newer 25.x releases made by dremio.
Dremio had made 2 new bugfix releases, see 25.x Release Notes | Dremio Documentation, which aren’t marked as “enterprise only”. But still the oss docker images didn’t get an update.
Either the releases were enterprise only and the mark is missing or anything happend to the docker image release pipeline.
I’ve been wondering the same thing. I and others have raised the concern for earlier Dremio versions, but there doesn’t seem to much consistency. Previously, bugfix versions marked as enterprise versions were pushed, although not part of the official policy.
The same goes for the dremio-oss repo on github as well as maven artifacts. Some historical threads attached in the bottom, but the tendency seems to be that the lag from release notes to artifacts being available is increasing.
It would be nice with more clarity regarding what would be reasonable expectations from the OSS community. There can be lots of good reasons as to why things are they way they are, but it does create frustration when everything around the process seems to be inherently closed.
+1
We also would love to update to 25.0.5 to address some bugs we’re consistently running into, as well as clearer communication around expectations for OSS.
they have now marked all bugfix releases as ‘Enterprise’
I hadn’t noticed - appreciate the update. At least it is more consistent with the official policy now.
Looking at the release note history, the available versions are:
OSS:
Enterprise:
Based on the above, I think it’s rather clear that there are a lot of patch releases made for enterprise (which is great), but for those running OSS it takes quite some before those bug fixes make their way into a release (currently, major/minor releases only seem to happen roughly twice per year). That leaves my company with three options, none of which are optimal:
The way the on-prem licensing model works makes 3 a no-go for us. We currently do a mix of 1 or 2, depending on whether we discover any shopstoppers for upgrading. But that means we still have to wait up to half a year between upgrades (often even for bugs affecting the correctness of queries).
I know I sound like I’m complaining, but that’s not the intent - I am just trying to be transparent. You can’t ever complain about free software and I do think Dremio is a fantastic product. But to be frank, my company’s approaching the point where we will actively monitor and trial other open source projects like Trino/Starburst, Starrocks etc. (2-4 and ~1 montly releases respectively), that might be more in line with the way my company runs/uses software. Being heavy on Iceberg and data lake(house)s, a lot happens in six months.
The above became a longer rant than indended. In closing, I do appreciate the added clarity regarding the releases notes 
Hello can you give us some feedback about Dremio OSS , No pull request has been accepted for years.
we really want contribute to Dremio but github repo is abandoned, same for sqlalchemy repo
Hi @wundi, @wobu, and others on this thread,
Thanks for your question and for using Dremio. Dremio posts major and minor releases to OSS. Patch releases are generally not posted unless there is a security or other major issue. Dremio released 25.0 in April 2024 and plans to post 25.1 in August. I hope this helps.
Mark
Dremio
Hi @Mark_Hoerth ,
thanks for responding. That indeed cheers me up a bit.
One question: i saw that in 25.0.4 some CVEs got fixed
Updated the following libraries to address potential security issues:
org.postgresql:postgresql to version 42.4.5 [CVE-2024-1597] com.amazon.redshift,redshift-jdbc42 to version 2.1.0.28 [CVE-2024-32888]
what about this security fixes?
regards
Wolfgang
also @Mark_Hoerth as I mentioned before, we found many bugs that are not fixed, we want contribute and some bugs reported included with the solution also pull requests maded to github but we no have a response from you, I really think that this aren’t the apropiate form of OSS, I put a good example of OSS as apache superset handle repository and contribute