An important new version of Container Service Extension (CSE) is now available, version 1.2.7, that includes a critical fix for a security issue in the runc component of Docker. You can read more details about the security issue in the Security Advisory: https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Upgrading CSE with New Security Fix
For upgrading follow the procedure documented in Release Notes https://vmware.github.io/container-service-extension/RELEASE_NOTES.html:
- Install CSE 1.2.7
- Update the templates using the command
cse install –c config.yaml –template template–name –update –amqp skip –ext skip
Already deployed Kubernetes clusters will not be upgraded, tenants have to recreate them or update the docker version manually.
Important Notes on New RBAC Feature
This version also includes the role-based access control (RBAC) which was introduced in 1.2.6. If you upgrade to 1.2.7 from version 1.2.5 or earlier, you have to add the “enable_authorization” parameter to the config.yaml file.
More details can be found in the RBAC documentation: https://vmware.github.io/container-service-extension/RBAC.html