[Rancher] How (quickly) does Rancher respond to / resolve industry-reported vulnerabilities?
This document (000020476) is provided subject to the disclaimer at the end of this document.
For industry-reported vulnerabilities on Rancher, Kubernetes, and Docker, Rancher Labs strives to adhere to the DHS BOD 19-02 guideline as posted here. At a high level, it would be along the lines of the following:
- Critical vulnerabilities must be remediated within 15 calendar days of initial detection.
- High vulnerabilities must be remediated within 30 calendar days of initial detection.
In practice, for the Kubernetes and Docker scenario, Rancher Labs generally makes available relevant Rancher patch releases same day (to same week) as when the related upstream Kubernetes or Docker patch is made available. For example, the recent Rancher v2.2.9 and v2.3.1 releases were made available to address Kubernetes CVE-2019-11253 and CVE-2019-1627 same day as when upstream Kubernetes made available the patches for them.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020476
- Creation Date: 10-Nov-2021
- Modified Date:10-Nov-2021
- SUSE Rancher
- SUSE Rancher Longhorn
For questions or concerns with the SUSE Knowledgebase please contact: email@example.com