Rancher Release v2.4.15

Release v2.4.15

Rancher v2.4.15 is a mirror release of v2.4.14 to address one issue:

When using a custom registry without authentication, provisioning or updating RKE clusters may fail. #31600


This release addresses a security vulnerability found in Rancher:

  • CVE-2021-25313 - XSS attack on the Rancher API - When accessing the Rancher API with a browser, the URL was not properly escaped, making it vulnerable to an XSS attack. Specially crafted URLs to these API endpoints could include JavaScript which would be embedded in the page and execute in a browser. There is no direct mitigation. Avoid clicking on untrusted links to your Rancher server. #31583

  • Please review the v2.4.0 release notes for important updates/ breaking changes.

  • Kubernetes 1.18 is now the default version [#25117] - Kubernetes 1.18 is now the default version. Whenever upgrading to any Kubernetes version, please review the Kubernetes release notes for any breaking changes.
  • Users using a single Docker container install - Etcd in the Docker container has been upgraded from 3.3 to 3.4, therefore you must take a backup before upgrading in order to be able to roll back to a v2.3.x release. You will not be able to rollback without this backup.

  • Users using node pools with RHEL/CentOS nodes [#18065]: The default storage driver for RHEL/CentOS nodes has been updated to overlay2. If your node template does not specify a storage driver, any new node will be provisioned using the new updated default (overlay) instead of the old default (devicemapper). If you need to keep using devicemapper as your storage driver option, edit your node template to explicitly set the storage driver as devicemapper.

  • Users running Windows clusters [#25582] - Windows has launched a security patch as of Feb 11. Before upgrading, please update your nodes to include this security patch, otherwise your upgrade will fail until the patch is applied.

  • Rancher launched clusters require additional 500MB space - By default, Rancher launched clusters have enabled audit logging on the cluster.

  • Rancher launched Kubernetes clusters behavior of upgrades have changed [#23897] - Worker nodes are now upgraded in batches. Please refer to the RKE documentation about how to upgrade clusters without downtime for applications.

  • Restrict Kubernetes versions in Rancher helm chart to versions less than 1.20.0 [#30746] - This restriction was added to prevent Rancher from being installed on incompatible versions of Kubernetes.


Please refer to the README for latest and stable versions.

Please review our version documentation for more details on versioning and tagging conventions.


Major Bugs Fixed Since v2.4.13

  • Fixed an issue where RKE clusters would get stuck when there were Cordoned worker nodes and starting to remove master nodes #31271
  • Fixed an issue where monitoring was not working for windows server-core nodes #31141
  • Fixed an issue where telemetry client had a socket leak and cause upgrade issues or general k8s issues #28360

Air Gap Installations and Upgrades

In v2.4.0, an air gap installation no longer requires mirroring the systems chart git repo. Please follow the directions on how to install Rancher to use the packaged systems chart.

Known Major Issues

  • When using monitoring with persistent storage for Grafana enabled, upgrading monitoring causes the pod to fail to start. Workaround steps are provided in the issue. [#27450]
  • When using monitoring, upgrading Kubernetes versions removes the “API Server Request Rate” metric [#27267]
  • When a new chart version is added to a helm 3 catalog, the upgrade process can default to helm 2, causing an api error. Workaround in issue. [27252]



  • rancher/rancher:v2.4.15
  • rancher/rancher-agent:v2.4.15



Upgrades and Rollbacks

Rancher supports both upgrade and rollback. Please note the version you would like to upgrade or rollback to change the Rancher version.

Please be aware that upon an upgrade to v2.3.0+, any edits to a Rancher launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.

Recent changes to cert-manager require an upgrade if you have an HA install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager.

Important: When rolling back, we are expecting you to rollback to the state at the time of your upgrade. Any changes post upgrade would not be reflected.