Release update | May 04, 2020:
Rancher v1.6.30 release is generally available. Refer release notes here.
Dear Rancher 1.6 User,
HAProxy recently released a new version to address the following serious vulnerability:
- CVE-2020-11100: "In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution."
For more details on the announcements, see:
This communication is to let you know of a new Rancher v1.6.x release that will be made available this week (likely, as v1.6.30). This release will include the new HAProxy image that addresses the above vulnerability.
- Rancher v1.6.x is currently in limited support mode only, as it is between its EOM (31DEC2019) and EOL(30JUN2020) product lifecycle dates.
- This communication does not impact the Rancher 2.x product line.
If there are any questions, simply submit a request via this portal referencing this article and we will track and respond to your question as a Support Ticket.
Rancher Support Team