Rancher Security Advisory [CVE-2017-7297]

A recent security exposure was discovered in the Rancher server version 1.2.0 and later, that could potentially allow any authenticated users to disable authentication via an API call (CVE-2017-7297). If you have enabled auth for your Rancher instance, we recommend to immediately upgrade your rancher instances at your earliest convenience to ensure mitigation. We have provided the following versions for you to upgrade to:

· rancher/server:stable (v1.5.3)
· rancher/server:latest (v1.5.3)
· rancher/server:v1.5.3
· rancher/server:v1.4.3
· rancher/server:v1.3.5
· rancher/server:v1.2.4

Please follow the usual upgrade steps to update your rancher servers. We are taking all necessary steps to prevent a similar incident from happening in the future. We do apologize for any inconvenience this may have caused. If you have any further questions or concerns, please email us at security@rancher.com.