Important Security Update for Container Service Extension

An important new version of Container Service Extension (CSE) is now available, version 1.2.7, that includes a critical fix for a security issue in the runc component of Docker. You can read more details about the security issue in the Security Advisory:

VMware Security Advisory Container Service Extension

Upgrading CSE with New Security Fix

For upgrading follow the procedure documented in Release Notes

  • Install CSE 1.2.7
  • Update the templates using the command

Already deployed Kubernetes clusters will not be upgraded, tenants have to recreate them or update the docker version manually.

Important Notes on New RBAC Feature

This version also includes the role-based access control (RBAC) which was introduced in 1.2.6. If you upgrade to 1.2.7 from version 1.2.5 or earlier, you have to add the “enable_authorization” parameter to the config.yaml file.

More details can be found in the RBAC documentation: