Previously, the container images both for the Universal GUI and Indicium Application Tier use port 80 to accept traffic.

Starting from the release 2025.1.10 and newer, these images will use port 8080.

Why this change?

This is the first step towards rootless container images. Currently, the containers run under the user root. This is a bad container security practice. If a threat actor manages to get access to the container file-system, it can be abused.

Luckily, the ASP.NET container image (which is the base image for Indicium) recently made it possible to run as a non-root user. Implementing this change will take a bit more time, but these changes should go unnoticed.

Due to port privileges in the Linux kernel, ports below 1024 require root permissions. This creates an issue when running an application on port 80 without privileges.

To permit future non-root users in opening a port, the published port will be moved from 80 to 8080.

How will this impact me?

If you have a running Universal or Indicium container, and you update the container tag to version 2025.1.10 or higher.

If you do not change the port after changing the tag to anything newer than 2025.1.10, the load balancer or proxy will display a 502 or 503 HTTP error.

What do I need to do?

Do you have any running containers for Universal or Indicium, and are planning on upgrading to 2025.1.10?

• If the answer is no, nothing, until you start using version 2025.1.10 or newer
• If the answer is yes, change the port from 80 to 8080

For example,

docker run -p 80:80 registry.thinkwisesoftware.com/public/indicium:2024.3.14

to

docker run -p 8080:8080 registry.thinkwisesoftware.com/public/indicium:2025.1.10