Kubernetes has announced couple of patches to address recently discovered security vulnerabilities for both kubernetes and the kubernetes dashboard:
- [CVE-2018-18264] Accessing custom TLS certs via the kubernetes dashboard
- Kubernetes API server external IP address proxying
For more details on the announcement, see:
At Rancher, we want to make sure you are always updated with the latest security fixes and patches so the updated kubernetes versions v1.10.12, v1.11.6, and v1.12.4 that address this issue will be made available in Rancher v2.1.5 and v2.0.10. There are no new Rancher v1.6 versions for these vulnerabilities because standard v1.6.x installations are not affected.
For more details of how these vulnerabilities may apply to you, please visit this Rancher blog post: