Rancher supports Docker 18.09.2
Due to CVE-2019-5736, Rancher is now officially supporting Docker 18.09.2 for Rancher v2.1.6, v2.0.11 and v1.6.26 releases. To see which Rancher version, OS version and Docker version is supported, please refer to the Rancher Support Matrix.
Please upgrade Docker to 18.09.2 for all nodes/hosts in Rancher.
- Nodes might go into an “Unavailable” state post Docker upgrade [#17916] – Workaround for each role is documented in the issue.
- Ingress might not work post Docker upgrade [#17911] – Workaround: Restart the ingress controller.
- In the UI, the Docker version of the nodes might not be updated post Docker upgrade [#17902] – Workaround: Add a label to the node to trigger a sync to nodes, which will cause the UI to update the Docker version of the nodes.
Patching runc in an older Docker version
If you are unable to upgrade Docker to 18.09.2, Rancher has provided a backport of runc binaries for older versions of Docker. Rancher has provided patches for Docker 1.12.6, 1.13.1, 17.03.2, 17.06.2, 17.09.1, 18.03.1, and 18.06.1. This repository provides the patches and directions for how to patch runc for your Docker version.
RancherOS v1.5.1 and Rancher OS v1.4.3
In RancherOS v1.4.3 and v1.5.1, Rancher has patched runc in system-docker and user-docker versions that are included to address CVE-2019-5736.
In RancherOS v1.5.1, Rancher has added support for Docker 18.09.2.
Please upgrade to one of these RancherOS versions as soon as possible to get the patched versions of Docker. The Docker versions in User Docker for these RancherOS versions will have a patched version of Docker, but the list of Docker versions will be listed the same. To check that you have the patched User Docker version, the patched images will have a tag that appends
-1 to the os-docker image. For example,
rancher/os-docker:18.03.1-1 is the patched version of 18.03.1.