How (quickly) does Rancher respond to / resolve industry-reported vulnerabilities?
This document (000020476) is provided subject to the disclaimer at the end of this document.
Environment
- Rancher
- RKE
- RKE2
- K3s
- Harvester
- Longhorn
- NeuVector
Resolution
For industry-reported vulnerabilities in Rancher, RKE, RKE2, K3s, Harvester, Longhorn, NeuVector and upstream vulnerabilities in Kubernetes, Docker, and containerd, SUSE Rancher strives to adhere to industry standards and best practices. Due to the nature of upstream dependencies inherent to open-source software, the final delivery of patch releases may vary in timeline. We will prioritize our efforts and coordinate with upstream organizations and third-party entities according to the following guidelines:
- Critical: Immediate engagement to remediate the issue in code, and/or coordinate with upstream and/or third-party entities to deliver the remediation in the shortest timeline available. This includes creating an emergency release patch version when an existing one is not readily available.
- High: Prioritized engagement to align the delivery of the remediation with our next available release cycle. Emergency releases should only be needed unless the timing is such that the next available security release cycle is not in a reasonable timeline.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020476
- Creation Date: 10-Nov-2021
- Modified Date:29-Jul-2024
-
- SUSE Rancher Harvester
- SUSE Rancher
- SUSE Rancher Longhorn
- NeuVector
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com