I’m curious how patching works for docker instances vs buildpack instances.
Say I release a django service on the standard python buildpack, and a django service using docker as python:3.10.1-slim as the base. In 6 months, a new heartbleed style attack comes out and both services need patching. In both cases the underlying image will need to be updated to patch the exploit.
Will I need to manually trigger a new release for both services? What, if any automatic updating is available for either service?