Your submission was sent successfully! Close

Long Term Supported
OCI Images

Hardened container images, with stable tracks from development to production. Up to ten years guaranteed security maintenance from our trusted repositories.

$ docker pull ubuntu/nginx

Get commercial support Read the press release ›

Critical CVE fixes in 24 hours

Scanning container images for vulnerabilities is now widespread, but fixing them requires dedicated skills and infrastructure. Trusted provenance is key.

The LTS Docker Image Portfolio provides ready-to-use application base images, free of high and critical CVEs. Images are built on the same secure infrastructure that builds Ubuntu, and updated automatically when apps or dependencies are fixed.

Explore our CVE-fixing track record ›

Our Commitment

  • Minimum 5 years of 24/7 security updates from Canonical
  • Fixes for high and critical Common Vulnerabilities and Exposures (CVEs)
  • The Ubuntu distribution base image and application layers
  • All major architectures
  • Designed for layering - "FROM"

Learn more about the Ubuntu release cadence ›

FAQ on the LTS Docker Image Portfolio

Are these Official Images on Docker Hub?

Several images from the Canonical LTS Docker Image Portfolio are free Docker Official Image versions during their five year standard security maintenance period.

Is the LTS Docker Image Portfolio a free or a commercial offering?

Both. Some LTS Docker Images have a free five year maintenance period, based on the underlying Ubuntu LTS free standard security maintenance period. All LTS Images receive Extended Security Maintenance from Canonical and during that period are available to existing Canonical customers only, through Docker Hub. As with Ubuntu interim releases, ongoing development images are released regularly and receive free security updates while they are the current version.

Where are the images?

On Amazon ECR Public and Docker Hub, images are provided in three groups:

All of our Docker Hub repositories are exempted from per-user rate limits.

Is there a long-term commitment? How long?

LTS Images are security-maintained for the full ten year period of their underlying Ubuntu LTS release. Some applications will have versions on multiple Ubuntu LTS versions. In each case, the image is maintained for the full life of the underlying Ubuntu LTS.

Can I use these images to build other applications?

Yes. Our hardened images are optimised for the developer experience, layering, and minimality. Each image is engineered to be clean, without layering artefacts, making it an ideal foundation for enterprise continuous integration and golden images. If you are an ISV, Canonical can offer embedded terms for redistribution and specific support. Get in touch.

Can I enable FIPS mode on Ubuntu-based container images?

Yes, with a valid UA subscription. Hosts or nodes running the hardened Ubuntu-based container images must be covered with UA subscriptions or be entitled Ubuntu Pro machines. You can read more about how to enable FIPS mode on container images in this blog post.

Secure your cloud solutions

Would you like to discuss your specific use case with us? Our team is here to help you secure your cloud solutions, starting with secure Docker images.

Get in touch