Tiny Linux distro that runs the entire OS as Docker containers
v1.5.4-rc2
v1.5.4-rc1
This release contains the fix to Linux TCP remotely-triggerable kernel panic and excessive resource consumption. You can view CVE vulnerability details:
v1.5.3-rc1
RancherOS will only be distributing releases on basic x86 platform. For other distributions, please refer to the README.
This release can mitigate Microarchitectural Data Sampling (MDS). Four CVEs have been assigned to cover different variations of the data sampling flaw:
There is now a built-in service for system upgrades that requires access to the internet. By default, it can detect system updates and downloads the required files. It will not automatically apply the patch. If you want to completely disable this feature, just run ros config set rancher.upgrade.policy none
.
v1.5.2-rc2
v1.5.2-rc1
This release addresses CVE-2019-5736. Both system-docker and the default user-docker have been patched. For x86 platforms, the following user docker versions(v1.12.6/v1.13.1/v17.03.2/v17.06.2/v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched. For arm64 platforms, the following user docker versions(v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched.
There is now a built-in service for system upgrades that requires access to the internet. By default, it can detect system updates and downloads the required files. It will not automatically apply the patch. If you want to completely disable this feature, just run ros config set rancher.upgrade.policy none
RancherOS will only be distributing releases on basic x86 platform. For other distributions, please refer to the README.
This release addresses CVE-2019-5736. Both system-docker and the default user-docker have been patched. For x86 platforms, the following user docker versions(v1.12.6/v1.13.1/v17.03.2/v17.06.2/v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched. For arm64 platforms, the following user docker versions(v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched.
There is now a built-in service for system upgrades that requires access to the internet. By default, it can detect system updates and downloads the required files. It will not automatically apply the patch. If you want to completely disable this feature, just run ros config set rancher.upgrade.policy none
Known issue: the sshd_config file disappears on upgrade when using a non-default console, the workaround you can refer to [#2672]
ros config get ssh_authorized_keys
[#2579]v1.4.3-rc1