github k3s-io/k3s v1.19.3+k3s1

latest releases: v1.26.15+k3s1, v1.27.12+k3s1, v1.28.8+k3s1...
3 years ago

This release updates Kubernetes to v1.19.3
For more details on what's new, see the Kubernetes release notes

Changes since v1.19.2+k3s1:

This release also addresses the following upstream CVEs:

  • CVE-2020-8563 - Secret leaks in kube-controller-manager when using vSphere provider (CVE-2020-8563 only affects 1.19.0-1.19.2)
  • CVE-2020-8564 - Docker config secrets leaked when file is malformed and loglevel >= 4
  • CVE-2020-8566 - Vulnerable if Ceph RBD volumes are supported and kube-controller-manager is using logLevel >= 4

You can read more about the CVEs here.

Known Issues

We've been working through issues in our experimental SELinux support in order to promote it to stable. We expect to promote it (as well as support for CentOS and RHEL 8.x) in a future v1.19 release. Currently, we've identified a few known issues in in this area:

  • Unable to run Envoy proxy with SELinux enforcing #2240
  • Upgrades of systems that have SELinux support turned on will not function correctly unless additional steps are taken:
    • Enablement of SELinux in embedded containerd is no longer automatic. Prior to the v1.19 release line, K3s would auto-detect whether SELinux MCS label support should be enabled. You must now explicitly turn it on by supplying the --selinux flag. Because of this change, the --disable-selinux flag has been deprecated (and it is an error to specify both). See the docs for details.

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Don't miss a new k3s release

NewReleases is sending notifications on new releases.