diff --git a/bitnami/common/CHANGELOG.md b/bitnami/common/CHANGELOG.md
index 0370678023af17..07144e7be07aae 100644
--- a/bitnami/common/CHANGELOG.md
+++ b/bitnami/common/CHANGELOG.md
@@ -1,8 +1,13 @@
# Changelog
-## 2.27.2 (2024-11-27)
+## 2.28.0 (2024-12-10)
-* [bitnami/common]: bump patch version ([#30639](https://github.com/bitnami/charts/pull/30639))
+* [bitnami/common] New helper to detect non-standard images ([#30851](https://github.com/bitnami/charts/pull/30851))
+
+## 2.27.2 (2024-11-27)
+
+* [bitnami/common] Fix appVersion (#30628) ([b87d39e](https://github.com/bitnami/charts/commit/b87d39e27a0889c74b20c3d2fe5ae0c4a2417bfd)), closes [#30628](https://github.com/bitnami/charts/issues/30628)
+* [bitnami/common]: bump patch version (#30639) ([623e584](https://github.com/bitnami/charts/commit/623e5846ff827b7ecbcffa2dc51e2e94b14ef8fd)), closes [#30639](https://github.com/bitnami/charts/issues/30639)
## 2.27.1 (2024-11-26)
diff --git a/bitnami/common/Chart.yaml b/bitnami/common/Chart.yaml
index 320b12cea90165..0aec83e0b3ecf6 100644
--- a/bitnami/common/Chart.yaml
+++ b/bitnami/common/Chart.yaml
@@ -6,7 +6,7 @@ annotations:
licenses: Apache-2.0
apiVersion: v2
# Please make sure that version and appVersion are always the same.
-appVersion: 2.27.2
+appVersion: 2.28.0
description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself.
home: https://bitnami.com
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
@@ -23,4 +23,4 @@ name: common
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/common
type: library
-version: 2.27.2
+version: 2.28.0
diff --git a/bitnami/common/templates/_errors.tpl b/bitnami/common/templates/_errors.tpl
index e9653651936c2e..93f3ffc9bed242 100644
--- a/bitnami/common/templates/_errors.tpl
+++ b/bitnami/common/templates/_errors.tpl
@@ -5,7 +5,7 @@ SPDX-License-Identifier: APACHE-2.0
{{/* vim: set filetype=mustache: */}}
{{/*
-Through error when upgrading using empty passwords values that must not be empty.
+Throw error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
@@ -26,3 +26,60 @@ Required password params:
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}
+
+{{/*
+Throw error when original container images are replaced.
+The error can be bypassed by setting the "global.security.allowInsecureImages" to true. In this case,
+a warning message will be shown instead.
+
+Usage:
+{{ include "common.errors.insecureImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }}
+*/}}
+{{- define "common.errors.insecureImages" -}}
+{{- $relocatedImages := list -}}
+{{- $replacedImages := list -}}
+{{- $retaggedImages := list -}}
+{{- $globalRegistry := ((.context.Values.global).imageRegistry) -}}
+{{- $originalImages := .context.Chart.Annotations.images -}}
+{{- range .images -}}
+ {{- $registryName := default .registry $globalRegistry -}}
+ {{- $fullImageNameNoTag := printf "%s/%s" $registryName .repository -}}
+ {{- $fullImageName := printf "%s:%s" $fullImageNameNoTag .tag -}}
+ {{- if not (contains $fullImageNameNoTag $originalImages) -}}
+ {{- if not (contains $registryName $originalImages) -}}
+ {{- $relocatedImages = append $relocatedImages $fullImageName -}}
+ {{- else if not (contains .repository $originalImages) -}}
+ {{- $replacedImages = append $replacedImages $fullImageName -}}
+ {{- end -}}
+ {{- end -}}
+ {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}}
+ {{- $retaggedImages = append $retaggedImages $fullImageName -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}}
+ {{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}}
+{{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}}
+ {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}}
+ {{- $errorString = print $errorString "\n\nUnrecognized images:" -}}
+ {{- range (concat $relocatedImages $replacedImages) -}}
+ {{- $errorString = print $errorString "\n - " . -}}
+ {{- end -}}
+ {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}}
+ {{- $errorString = print "\n\n⚠ ERROR: " $errorString -}}
+ {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}}
+ {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}}
+ {{- print $errorString | fail -}}
+ {{- else if gt (len $replacedImages) 0 -}}
+ {{- $errorString = print "\n\n⚠ WARNING: " $errorString -}}
+ {{- print $errorString -}}
+ {{- end -}}
+{{- else if gt (len $retaggedImages) 0 -}}
+ {{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}}
+ {{- $warnString = print $warnString "\n\nRetagged images:" -}}
+ {{- range $retaggedImages -}}
+ {{- $warnString = print $warnString "\n - " . -}}
+ {{- end -}}
+ {{- print $warnString -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file