Upgrading Sombra

Sombra is a semantically-versioned tool, with each release having its own Docker tag. Check out Infrastructure -> Sombras -> Changelog to see the latest Docker versions available.

The Sombra changelog page

Transcend releases new versions of our software roughly once per weekday. We keep this high velocity so that we can quickly add new features and stay on top of any vulnerabilities that ever come up in third-party code we depend on.

Given Sombra is often self-hosted by our Customers, it is a customer's responsibility to select the version of Sombra they'd like to run. We take extreme care with semantic versioning, and go to lengths to avoid breaking changes. This means that many customers are able to continuously rely on one version of Sombra for many months at a time, without needing to upgrade if they would prefer not to. See the "When to Upgrade" section below to learn more.

You can find more information on our Trust Center. In the Trust Center, you can view our policies and SOC 2 Type II report for details about our change management process, testing processes, and release philosophy.

We have a special prod tag that is always kept up to date with our latest release. While we recommend using specific version tags, you have the option of using the prod tag to always stay up to date with our latest version each time your containers restart.

There are two primary reasons to upgrade your Sombra version:

Transcend keeps track of product features that depend on a particular Sombra version. We also keep track of the customers that would benefit from upgrading Sombra based on which product features they use.

Your contact on the Transcend Customer Experience Team will proactively reach out to you when you would benefit from an upgrade.

Sombra relies on some third-party dependencies, and on the Amazon Linux 2023 Docker base image. We continuously monitor these third-party dependencies for vulnerabilities and patch them based on Transcend's vulnerability remediation SLAs.

If you self-host Sombra, you may also independently scan our container images before deploying them. This can help you meet your own policy for vulnerability remediation SLAs, if applicable.

Upgrading the Sombra image regularly keeps you up to date with the latest security patches.