From d14d24ee80d76e1ca164e9c23efdc91c5273f3ea Mon Sep 17 00:00:00 2001
From: David Gomez <david.gomez@broadcom.com>
Date: Fri, 10 Oct 2025 13:18:09 +0200
Subject: [PATCH] [bitnami/python] Python 3.14 is the latest stable version
 (#87323)

Signed-off-by: David Gomez <david.gomez@broadcom.com>
---
 bitnami/python/3.13/README.md                 | 10 ++++
 bitnami/python/3.13/debian-12/Dockerfile      | 56 -------------------
 .../python/3.13/debian-12/docker-compose.yml  | 11 ----
 .../opt/bitnami/licenses/licenses.txt         |  2 -
 .../prebuildfs/usr/sbin/install_packages      | 27 ---------
 .../debian-12/prebuildfs/usr/sbin/run-script  | 24 --------
 .../prebuildfs/usr/sbin/uninstall_packages    | 26 ---------
 7 files changed, 10 insertions(+), 146 deletions(-)
 create mode 100644 bitnami/python/3.13/README.md
 delete mode 100644 bitnami/python/3.13/debian-12/Dockerfile
 delete mode 100644 bitnami/python/3.13/debian-12/docker-compose.yml
 delete mode 100644 bitnami/python/3.13/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
 delete mode 100755 bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/install_packages
 delete mode 100755 bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/run-script
 delete mode 100755 bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/uninstall_packages

diff --git a/bitnami/python/3.13/README.md b/bitnami/python/3.13/README.md
new file mode 100644
index 000000000000..04c96f8c1d98
--- /dev/null
+++ b/bitnami/python/3.13/README.md
@@ -0,0 +1,10 @@
+# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
+
+Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
+
+- Granting community users access for the first time to security-optimized versions of popular container images.
+- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
+- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
+- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
+
+These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).
diff --git a/bitnami/python/3.13/debian-12/Dockerfile b/bitnami/python/3.13/debian-12/Dockerfile
deleted file mode 100644
index 349b28fe5637..000000000000
--- a/bitnami/python/3.13/debian-12/Dockerfile
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright Broadcom, Inc. All Rights Reserved.
-# SPDX-License-Identifier: APACHE-2.0
-
-FROM docker.io/bitnami/minideb:bookworm
-
-ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
-ARG TARGETARCH
-
-LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2025-10-07T15:43:47Z" \
-      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
-      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/python/README.md" \
-      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/python" \
-      org.opencontainers.image.title="python" \
-      org.opencontainers.image.vendor="Broadcom, Inc." \
-      org.opencontainers.image.version="3.13.8"
-
-ENV OS_ARCH="${TARGETARCH:-amd64}" \
-    OS_FLAVOUR="debian-12" \
-    OS_NAME="linux"
-
-COPY prebuildfs /
-SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
-# Install required system packages and dependencies
-RUN install_packages build-essential ca-certificates curl git libbz2-1.0 libffi8 liblzma5 libncursesw6 libreadline8 libsqlite3-0 libsqlite3-dev libssl-dev libssl3 libtinfo6 pkg-config procps unzip wget zlib1g
-RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
-    DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
-    mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
-    COMPONENTS=( \
-      "python-3.13.8-0-linux-${OS_ARCH}-debian-12" \
-    ) ; \
-    for COMPONENT in "${COMPONENTS[@]}"; do \
-      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
-        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
-        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
-      fi ; \
-      sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
-      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
-      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
-    done
-RUN apt-get update && apt-get upgrade -y && \
-    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
-RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
-RUN sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS    90/' /etc/login.defs && \
-    sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS    0/' /etc/login.defs && \
-    sed -i 's/sha512/sha512 minlen=8/' /etc/pam.d/common-password
-
-ENV APP_VERSION="3.13.8" \
-    BITNAMI_APP_NAME="python" \
-    IMAGE_REVISION="0" \
-    PATH="/opt/bitnami/python/bin:$PATH"
-
-EXPOSE 8000
-
-WORKDIR /app
-CMD [ "python" ]
diff --git a/bitnami/python/3.13/debian-12/docker-compose.yml b/bitnami/python/3.13/debian-12/docker-compose.yml
deleted file mode 100644
index 53b8bf4821d0..000000000000
--- a/bitnami/python/3.13/debian-12/docker-compose.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-# Copyright Broadcom, Inc. All Rights Reserved.
-# SPDX-License-Identifier: APACHE-2.0
-
-services:
-  python:
-    tty: true # Enables debugging capabilities when attached to this container.
-    image: docker.io/bitnami/python:3.13
-    ports:
-      - 8000:8000
-    volumes:
-      - .:/app
diff --git a/bitnami/python/3.13/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/python/3.13/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
deleted file mode 100644
index 76956b38e82c..000000000000
--- a/bitnami/python/3.13/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bitnami containers ship with software bundles. You can find the licenses under:
-/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt
diff --git a/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/install_packages
deleted file mode 100755
index ccce248b2d14..000000000000
--- a/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/install_packages
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# Copyright Broadcom, Inc. All Rights Reserved.
-# SPDX-License-Identifier: APACHE-2.0
-set -eu
-
-n=0
-max=2
-export DEBIAN_FRONTEND=noninteractive
-
-until [ $n -gt $max ]; do
-    set +e
-    (
-      apt-get update -qq &&
-      apt-get install -y --no-install-recommends "$@"
-    )
-    CODE=$?
-    set -e
-    if [ $CODE -eq 0 ]; then
-        break
-    fi
-    if [ $n -eq $max ]; then
-        exit $CODE
-    fi
-    echo "apt failed, retrying"
-    n=$(($n + 1))
-done
-apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
diff --git a/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/run-script
deleted file mode 100755
index 0e07c9038dfd..000000000000
--- a/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/run-script
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-# Copyright Broadcom, Inc. All Rights Reserved.
-# SPDX-License-Identifier: APACHE-2.0
-set -u
-
-if [ $# -eq 0 ]; then
-    >&2 echo "No arguments provided"
-    exit 1
-fi
-
-script=$1
-exit_code="${2:-96}"
-fail_if_not_present="${3:-n}"
-
-if test -f "$script"; then
-  sh $script
-
-  if [ $? -ne 0 ]; then
-    exit $((exit_code))
-  fi
-elif [ "$fail_if_not_present" = "y" ]; then
-  >&2 echo "script not found: $script"
-  exit 127
-fi
diff --git a/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/uninstall_packages b/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/uninstall_packages
deleted file mode 100755
index 615c430e4e68..000000000000
--- a/bitnami/python/3.13/debian-12/prebuildfs/usr/sbin/uninstall_packages
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-# Copyright Broadcom, Inc. All Rights Reserved.
-# SPDX-License-Identifier: APACHE-2.0
-set -eu
-
-n=0
-max=2
-export DEBIAN_FRONTEND=noninteractive
-
-until [ $n -gt $max ]; do
-    set +e
-    (
-        apt-get autoremove --purge -y "$@"
-    )
-    CODE=$?
-    set -e
-    if [ $CODE -eq 0 ]; then
-        break
-    fi
-    if [ $n -eq $max ]; then
-        exit $CODE
-    fi
-    echo "apt failed, retrying"
-    n=$(($n + 1))
-done
-apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives