[Rancher] How (quickly) does Rancher respond to / resolve industry-reported vulnerabilities?

This document (000020476) is provided subject to the disclaimer at the end of this document.

Resolution

For industry-reported vulnerabilities on Rancher, Kubernetes, and Docker, Rancher Labs strives to adhere to the DHS BOD 19-02 guideline as posted here. At a high level, it would be along the lines of the following:

  • Critical vulnerabilities must be remediated within 15 calendar days of initial detection.
  • High vulnerabilities must be remediated within 30 calendar days of initial detection.

In practice, for the Kubernetes and Docker scenario, Rancher Labs generally makes available relevant Rancher patch releases same day (to same week) as when the related upstream Kubernetes or Docker patch is made available. For example, the recent Rancher v2.2.9 and v2.3.1 releases were made available to address Kubernetes CVE-2019-11253 and CVE-2019-1627 same day as when upstream Kubernetes made available the patches for them.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020476
  • Creation Date: 10-Nov-2021
  • Modified Date:10-Nov-2021
    • SUSE Rancher
    • SUSE Rancher Longhorn

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center