Shulou(Shulou.com)06/03 Report--

On July 16, 2019, Rancher Labs released Rancher version 2.2.5, which fixes the recently discovered security vulnerability CVE-2019-13209, officially supports Kubernetes 1.14, provides experimental support for the latest Kubernetes 1.15, and brings a series of features and optimizations.

Currently, the Latest and Stable versions of Rancher are as follows:

CVE repair: CVE-2019-13209

Rancher 2.2.5 fixes the newly discovered security vulnerability CVE-2019-13209. The problem was originally discovered and reported by Matt Belisle and Alex Stevenson of Workiva, and affected Rancher versions include v2.0.0-v2.0.15, v2.1.0-v2.1.10, and v2.2.0-v2.2.4. Rancher v1.6 is not affected.

This vulnerability is called "cross-site Websocket hijacking * *". * users can access clusters managed by Rancher through the roles / permissions of the * users. It requires the person to log in to the Rancher server and then visit a third-party site hosted by the developer. Once completed, the developer can use the rights and identity of the victim to execute commands on the Kubernetes API. More details can be found at:

Https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13209

At the same time as Rancher 2.2.5 was released, Rancher Labs officially released Rancher v2.1.11 and v2.0.16, which also provide fixes for this vulnerability for users who have not yet upgraded to Rancher 2.2.x.

Function and optimization

Kubernetes version 1.14 is officially supported

Add experimental support for Kubernetes version 1.15

CoreDNS is supported as the default dns provider in Kubernetes 1.14 and later clusters

The cluster configured in UI exposes certificate expiration information for Rancher, and alarms are issued 30 days before the certificate expires

For direct cluster configuration using Rancher, custom CA is supported in the snapshot configuration, so that the S3 snapshot service can trust internally signed certificates

Added support for Kubernetes v1.13 for EKS clusters

Bug repair

Here are the main fixes of bug for this release. You can refer to Rancher's milestone for a complete list:

Https://github.com/rancher/rancher/milestone/168

Fixed an issue where project members were not displayed in the user interface when upgrading to Rancher v2.2.4 [20825]

Fixed possible failure of node driver computer configuration due to "error running SSH command" error [20753]

Fixed Etcd snapshot timeout when Minio was configured as backup target [19496]

Fixed an issue where HTTP_PROXY and HTTPS_PROXY environment variables were set in the rancher-server container to allow access to the public network, where the Rancher node driver feature could not be used to configure nodes [20709]

Fixed an issue that might cause etcd corruption in Rancher configured clusters when deleting etcd members [19696]

Fixed helm timeout during application update [20289]

Fixed an issue where Rancher sever crashed every 5 minutes in settings with etcd snapshots configured [20964]

Fixed an issue where users could not fix Catalog applications if the program in Catalog had an incorrect response and the response was saved [21027]

Fixed a problem where multiple subscriptions could not run when Azure Cloud of Rancher configuration cluster was configured with Service Principal [21124]

Fixed an issue where ordinary users could not list revised versions of multi-clustered applications [20919]

Fixed alarm failure to comply with http_proxy parameters [20926]

If you want to know more about each of the above issue, please enter the issue number in the Rancher GitHub issue interface to query:

Https://github.com/rancher/rancher/issues

Download and upgrade

You can go to the Rancher GitHub home page to read the full Rancher 2.2.5 Release Note, download and use the latest version, or learn more about upgrade rollback.

GitHub link:

Https://github.com/rancher/rancher/releases

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.