This release upgrades containerd to version v1.3.9 to address CVE-2020-15257 found in previous versions of containerd.
This vulnerability is present in the following releases:
- v1.19.4+k3s1 and prior
- v1.18.12+k3s1 and prior
- v1.17.14+k3s2 and prior
This release is for the v1.18.x release train. Releases addressing this security issue are also available for the 1.17.x and 1.19.x release trains.
The security issue affects containerd BEFORE versions 1.3.9 and 1.4.3. In these prior versions, the containerd-shim API is improperly exposed to host network containers. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. Please see containerd's security advisory for more information.
Notice
The testing channel available as one of K3s’ release channels, now ONLY serves pre-releases such as RCs, alphas, and betas. Previously, it served both pre-releases and fully graduated ones.
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.18.12 |
| SQLite | 3.33.0 |
| Containerd | v1.3.9-k3s1 |
| Flannel | v0.11.0-k3s.2 |
| Metrics-server | v0.3.6 |
| Traefik | 1.7.19 |
| CoreDNS | v1.6.9 |
| Helm-controller | v0.7.3 |
| Local-path-provisioner | v0.0.11 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.