The trouble CVE-2018-1002105 began to cause for Rancher, as well as the Kubernetes community, started a couple of years ago, long before it became public earlier this month.
In Rancher’s case, users were already complaining about mysterious error messages and set up failures they were experiencing in 2016 with the release of Rancher 1.6 and Amazon’s ALB. More recently, the community began to experience similar problems in August with Rancher 2.1.
“It was a pretty low risk vulnerability in the sense of it was very likely that there were other protections in place that will protect you from getting to it, but overall, the experience for us was really amazing working with the rest of the Kubernetes community to identify it, get it pushed out, get patches pushed to everyone and things worked the way they’re supposed to,” Shannon Williams, co-founder and vice president, of sales, said. We identified it. It was kind of kept quiet until the fixed that were pushed out, and then everyone had the ability to patch really quickly last week.”
Watch on YouTube: https://youtu.be/PxcCUj262go