Release v2.1.10

    • This release addresses two security vulnerabilities found in Rancher.The first vulnerability was found and reported by Tyler Welton from Untamed Theory, and applies to Rancher versions v2.0.0 - v2.2.3. This vulnerability allows project owners to inject an extra fluentd logging configuration that makes it possible to read files or execute arbitrary commands inside the fluentd container. You can view the official CVE here CVE-2019-12303.

    rancher/rancher:v2.1.10 image is made available in and server-chart/stable Rancher helm repos.

    • Clusters created through Rancher can sometimes get stuck in provisioning [] [#15969] []
    • The upgrade for Rancher node-agent daemonset can sometimes get stuck due to pod removal failure on a Kubernetes side [#16722]
    • Fixed vulnerability that allowed a project owners to inject an extra fluentd logging configuration that made it possible to read files or execute arbitrary commands inside the fluentd container
    • Fixed vulnerability affecting the built-in node drivers having a file path option that allowed the machine to read arbitrary files - including sensitive ones like ―from inside the Rancher server container CVE-2019-12274
    • rancher/rancher-agent:v2.1.10

    Due to the HA improvements introduced in the v2.1.0 release, the Rancher helm chart is the only supported method for installing or upgrading Rancher. Please use the Rancher helm chart to install HA Rancher. For details, see the HA Install - Installation Outline.

    If you are currently using the RKE add-on install method, see for details on how to move to using a helm chart.

    Note: When rolling back, we are expecting you to rollback to the state at the time of your upgrade. Any changes post upgrade would not be reflected. In the case of rolling back using a Rancher single-node install, you must specify the exact version you want to change the Rancher version to, rather than using the default tag.

    Note: If you had the helm stable catalog enabled in v2.0.0, we’ve updated the catalog to start pointing directly to the Kubernetes helm repo instead of an internal repo. Please delete the custom catalog that is now showing up and re-enable the helm stable. []