LTS Docker Images

Hardened container images, with up to ten years guaranteed security maintenance.

Contact Us Read the announcement ›

Critical CVE fixes in 24 hours

Scanning container images for vulnerabilities is now widespread, but fixing them requires dedicated skills and infrastructure.

The LTS Docker Image Portfolio provides ready-to-use application base images, free of high and critical CVEs. Images are built on the same secure infrastructure that builds Ubuntu, and updated automatically when apps or dependencies are fixed.

Our Commitment

  • Minimum 5 years of 24/7 security updates from Canonical
  • Fixes for high and critical Common Vulnerabilities and Exposures (CVEs)
  • The Ubuntu distribution base image and application layers
  • All major architectures
  • Designed for layering - "FROM lts/nginx"

Learn more about the Ubuntu release cadence ›

FAQ on the LTS Docker Image Portfolio

Are these Official Images on Docker Hub?

Several images from the Canonical LTS Docker Image Portfolio are free Docker Official Image versions during their five year standard security maintenance period.

Is the LTS Docker Image Portfolio a free or a commercial offering?

Both. Some LTS Docker Images have a free five year maintenance period, based on the underlying Ubuntu LTS free standard security maintenance period. All LTS Images receive Extended Security Maintenance from Canonical and during that period are available to existing Canonical customers only, through Docker Hub. As with Ubuntu interim releases, ongoing development images are released regularly and receive free security updates while they are the current version.

Where are the images?

On Amazon ECR Public and Docker Hub, images are provided in three groups:

  • Ubuntu on Docker Hub and ECR Public have development releases with security updates
  • LTS ("Canonical") on ECR Public has Free LTS images with up to five years fixes
  • Customer-only content with up to ten years of fixes

All of our Docker Hub repositories are exempted from per-user rate limits.

Is there a long-term commitment? How long?

LTS Images are security-maintained for the full ten year period of their underlying Ubuntu LTS release. Some applications will have versions on multiple Ubuntu LTS versions. In each case, the image is maintained for the full life of the underlying Ubuntu LTS.

Can I use these images to build other applications?

Yes. Our hardened images are optimised for the developer experience, layering, and minimality. Each image is engineered to be clean, without layering artifacts, making it an ideal foundation for enterprise continuous integration and golden images. For ISVs, Canonical offers embedded terms for redistribution.

Secure your cloud solutions

Would you like to discuss your specific use case with us? Our team is here to help you secure your cloud solutions, starting with secure Docker images.

Get in touch