Rancher Desktop 1.22.3

This is the 1.22.3 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.22.3

Rancher Desktop 1.22.3 is a security-focused patch release. We strongly recommend upgrading.

Security Fixes

Important

macOS and Linux: additional steps required after upgrading.
A bug in the ISO version comparison means an in-place upgrade from any earlier 1.22.x release will keep booting the previous kernel, leaving the modules listed below in place. Choose one of these to apply the container-escape mitigation:

• Manual kernel upgrade (preserves your data): follow the steps in #10288.
• Factory reset: run Troubleshooting → Factory Reset after upgrading. This removes all containers, images, and Kubernetes state — back up anything you need to keep first.

Windows is not affected: the mitigation ships in the application binary and applies on the next start.

Container escape mitigation (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)

Three recent Linux kernel exploits — copy.fail (CVE-2026-31431) and the two dirtyfrag variants (CVE-2026-43284, CVE-2026-43500) — let unprivileged processes gain a page-cache write primitive and tamper with files outside their normal reach. Inside Rancher Desktop, that means an attacker with code execution in any container could escape that scope and modify the rest of the VM.

Each exploit needs a specific Linux kernel module loaded. Rancher Desktop now removes those modules, so the exploits have nothing to hook into.

Modules removed:

Module	Used for	CVE it enables
esp4 / esp6	IPsec ESP (site-to-site VPN gateways, e.g. strongSwan, libreswan)	CVE-2026-43284 (dirtyfrag, XFRM ESP)
rxrpc	RxRPC protocol, used almost exclusively by AFS / kAFS (Andrew File System)	CVE-2026-43500 (dirtyfrag, AF_RXRPC)
algif_aead	Kernel AEAD crypto via AF_ALG sockets (offload to hardware accelerators)	CVE-2026-31431 (copy.fail)

What this means for you: unless you run an IPsec VPN endpoint or an AFS client, the removal is invisible to you.

On macOS and Linux, the rebuilt Alpine VM image omits the modules. (#10220, #10248)

On Windows, WSL2 provides kernel modules through a single overlay shared by every WSL distro running on the host, which means:

• When Rancher Desktop starts, it removes these modules for all running WSL distros, not just its own. Other distros will lose IPsec ESP, AFS, and AF_ALG until WSL itself restarts.
• When WSL restarts (e.g. wsl --shutdown followed by launching any distro), the upstream WSL kernel restores the modules.
• The next time Rancher Desktop starts, it removes them again.

This is an "apply-on-start" / "forget-on-stop" lifecycle: Rancher Desktop never persists changes to your WSL installation. (#10247)

The bundled Alpine VM image also picks up a newer kernel containing additional upstream security patches.

Bug Fixes

Bind mounts via the Docker --mount flag on Windows

In Rancher Desktop 1.22.2, docker run --mount type=bind,... on Windows could mount the wrong directory or fail to start the container. This release restores correct bind-mount behavior; the -v /path:/path shorthand stayed correct throughout. (#10252)

Release Notes for 1.22.2

Rancher Desktop 1.22.2 is a patch release fixing a critical bug on macOS (and maybe on Linux). It contains no further changes beyond the following 2 items:

Fixed data volume mount on macOS

Under certain conditions, the data volume failed to mount on macOS. In that case, all data was stored in a RAM disk, which is limited to the amount of memory allocated to the VM (usually 6GB). This resulted in early out-of-memory errors when building or pulling images.

When Rancher Desktop was restarted, all data from the current session was lost because it was never written to disk. Theoretically, this could also have happened on Linux, but it has only been reported in macOS (#9754 and #10133)

Upgrade trivy 0.68.2 → 0.70.0

This upgrade also includes an upgrade to trivy 0.70.0 because the 0.68.2 version is no longer available for download. There are no known issues with 0.68.2; it just is no longer accessible.

Release Notes for 1.22.1

The 1.22.1 release did not fix the bug it was supposed to fix and was replaced with Rancher Desktop 1.22.2.

Release Notes for 1.22.0

What's New

Select moby storage driver

Version 1.21.0 switched to the containerd-snapshotter storage driver by default. On Windows, this happened unconditionally (even on upgrades), which made existing images inaccessible.

Users can now choose between the classic and containerd-snapshotter storage drivers via rdctl:

rdctl set --container-engine.moby-storage-driver classic
rdctl set --container-engine.moby-storage-driver snapshotter

Rancher Desktop automatically selects the driver based on where your existing images are stored. See Migrating Images for instructions on moving images between storage drivers. Windows users affected by the 1.21.0 issue can switch back to the classic driver to regain access to their images. (#9732)

Docker 29 in the VM

Alpine Linux has been updated to version 3.23, which includes Docker 29. This fixes issues with docker inspect returning incomplete image metadata. (#9671, #9739)

Kubernetes Dashboard improvements

Pod log streaming now works in the Dashboard. This was broken since version 1.6.0. (#3212)

The Dashboard button now waits until the Steve API server accepts connections before becoming active. Previously, clicking the button too quickly after Kubernetes started would show a spinner that never resolved. (#8217)

The non-functional "Download KubeConfig" and "Kubectl Shell" buttons have been removed from the cluster dashboard. (#2208, #8151, #8757)

Docker Compose 5.0

Docker Compose has been updated to version 5.0. Key changes include:

• Compose can now be used as an SDK for third-party integrations
• The internal builder has been removed; builds are delegated to Docker Bake
• Hooks now run on restart
• New --wait option for the start command

Helm 4.0

Helm has been updated to version 4.0. See the Helm 4.0 release notes for details on the changes.

Diagnostics

Moby image store check

A new diagnostic reports when images exist in the inactive image store (classic vs. containerd-snapshotter), helping identify which images need migration. (#9733)

Windows: wsl-vpnkit detection

A new diagnostic warns when the wsl-vpnkit distribution is present, as it can cause networking issues with Rancher Desktop. (#9623)

Bug Fixes

macOS CA management with multiple keychains

Fixed a bug where certificates from multiple keychains were being written to the same file path, causing only the last keychain's certificates to be processed. (#9755)

K3s version channel labels not updating

Fixed an issue where version channel labels (e.g, stable, latest, v1.xx) were not removed from old versions when they moved to newer versions, causing multiple patch versions to appear in the recommended list. (#9709)

K3s image loading for older versions

Made the --all-platforms flag optional when loading K3s images, so older K3s versions (before 1.31) load images correctly. (#9708, #9710)

rdctl info works after upgrade

Fixed an issue where rdctl info failed with a BusyBox error for users who upgraded from version 1.19.3 or earlier, or restored an old snapshot. The 1.21.0 release notes mentioned a manual workaround; this is no longer needed. (#9546, #9554)

Containers page error handling

Fixed an "[object ...

Rancher Desktop 1.22.2

This is the 1.22.2 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.22.2

Rancher Desktop 1.22.2 is a patch release fixing a critical bug on macOS (and maybe on Linux). It contains no further changes beyond the following 2 items:

Fixed data volume mount on macOS

Under certain conditions, the data volume failed to mount on macOS. In that case, all data was stored in a RAM disk, which is limited to the amount of memory allocated to the VM (usually 6GB). This resulted in early out-of-memory errors when building or pulling images.

When Rancher Desktop was restarted, all data from the current session was lost because it was never written to disk. Theoretically, this could also have happened on Linux, but it has only been reported in macOS (#9754 and #10133)

Upgrade trivy 0.68.2 → 0.70.0

This upgrade also includes an upgrade to trivy 0.70.0 because the 0.68.2 version is no longer available for download. There are no known issues with 0.68.2; it just is no longer accessible.

Release Notes for 1.22.1

The 1.22.1 release did not fix the bug it was supposed to fix and was replaced with Rancher Desktop 1.22.2.

Release Notes for 1.22.0

What's New

Select moby storage driver

Version 1.21.0 switched to the containerd-snapshotter storage driver by default. On Windows, this happened unconditionally (even on upgrades), which made existing images inaccessible.

Users can now choose between the classic and containerd-snapshotter storage drivers via rdctl:

rdctl set --container-engine.moby-storage-driver classic
rdctl set --container-engine.moby-storage-driver snapshotter

Rancher Desktop automatically selects the driver based on where your existing images are stored. See Migrating Images for instructions on moving images between storage drivers. Windows users affected by the 1.21.0 issue can switch back to the classic driver to regain access to their images. (#9732)

Docker 29 in the VM

Alpine Linux has been updated to version 3.23, which includes Docker 29. This fixes issues with docker inspect returning incomplete image metadata. (#9671, #9739)

Kubernetes Dashboard improvements

Pod log streaming now works in the Dashboard. This was broken since version 1.6.0. (#3212)

The Dashboard button now waits until the Steve API server accepts connections before becoming active. Previously, clicking the button too quickly after Kubernetes started would show a spinner that never resolved. (#8217)

The non-functional "Download KubeConfig" and "Kubectl Shell" buttons have been removed from the cluster dashboard. (#2208, #8151, #8757)

Docker Compose 5.0

Docker Compose has been updated to version 5.0. Key changes include:

• Compose can now be used as an SDK for third-party integrations
• The internal builder has been removed; builds are delegated to Docker Bake
• Hooks now run on restart
• New --wait option for the start command

Helm 4.0

Helm has been updated to version 4.0. See the Helm 4.0 release notes for details on the changes.

Diagnostics

Moby image store check

A new diagnostic reports when images exist in the inactive image store (classic vs. containerd-snapshotter), helping identify which images need migration. (#9733)

Windows: wsl-vpnkit detection

A new diagnostic warns when the wsl-vpnkit distribution is present, as it can cause networking issues with Rancher Desktop. (#9623)

Bug Fixes

macOS CA management with multiple keychains

Fixed a bug where certificates from multiple keychains were being written to the same file path, causing only the last keychain's certificates to be processed. (#9755)

K3s version channel labels not updating

Fixed an issue where version channel labels (e.g, stable, latest, v1.xx) were not removed from old versions when they moved to newer versions, causing multiple patch versions to appear in the recommended list. (#9709)

K3s image loading for older versions

Made the --all-platforms flag optional when loading K3s images, so older K3s versions (before 1.31) load images correctly. (#9708, #9710)

rdctl info works after upgrade

Fixed an issue where rdctl info failed with a BusyBox error for users who upgraded from version 1.19.3 or earlier, or restored an old snapshot. The 1.21.0 release notes mentioned a manual workaround; this is no longer needed. (#9546, #9554)

Containers page error handling

Fixed an "[object Object]" error that appeared on the Containers page when the backend became temporarily unavailable. (#9545, #9661)

Connectivity check uses HTTPS

The network connectivity diagnostic now uses an HTTPS HEAD request instead of HTTP GET, improving privacy by encrypting the request. (#9711)

Linux packaging fixes

Fixed an issue where the Debian package did not set the suid bit on chrome-sandbox, causing the application to fail to start on Debian and Ubuntu systems.

The virtualization support check now works correctly on Linux arm64 systems.

Extension fixes

Fixed several issues with Docker Desktop extensions:

• Uninstall and upgrade buttons on the Installed tab now work correctly
• Extension metadata and icons refresh properly after reinstalling an extension
• Extensions without containers no longer cause errors during uninstall
• The ddClient.extension object now includes the id and version fields as specified by the Docker Desktop Extension API

Updates to Bundled Utilities (from Rancher Desktop 1.21.0)

• docker 29.0.2 → 29.1.4
• docker-compose 2.40.3 → 5.0.1
• docker-credential-helpers 0.9.4 → 0.9.5
• helm 3.19.1 → 4.0.5
• nerdctl 2.2.0 → 2.2.1
• trivy 0.67.2 → 0.70.0

Unchanged:

• amazon-ecr-credential-helper 0.11.0
• docker-buildx 0.30.1
• kuberlr 0.6.1
• spin 3.5.1
• spin-shim 0.22.0
• spin-operator 0.6.1

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.21.0, can be found using GitHub compare and the details of the release can be found in the v1.22.0 milestone.

Rancher Desktop 1.22.1

This is the 1.22.1 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

⚠️ This release was broken and has been withdrawn. If you already installed it (on Linux or macOS), please revert back to 1.22.0 and reboot the computer. ⚠️

Rancher Desktop 1.22

This is the 1.22.0 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.22.0

What's New

Select moby storage driver

Version 1.21.0 switched to the containerd-snapshotter storage driver by default. On Windows, this happened unconditionally (even on upgrades), which made existing images inaccessible.

Users can now choose between the classic and containerd-snapshotter storage drivers via rdctl:

rdctl set --container-engine.moby-storage-driver classic
rdctl set --container-engine.moby-storage-driver snapshotter

Rancher Desktop automatically selects the driver based on where your existing images are stored. See Migrating Images for instructions on moving images between storage drivers. Windows users affected by the 1.21.0 issue can switch back to the classic driver to regain access to their images. (#9732)

Docker 29 in the VM

Alpine Linux has been updated to version 3.23, which includes Docker 29. This fixes issues with docker inspect returning incomplete image metadata. (#9671, #9739)

Kubernetes Dashboard improvements

Pod log streaming now works in the Dashboard. This was broken since version 1.6.0. (#3212)

The Dashboard button now waits until the Steve API server accepts connections before becoming active. Previously, clicking the button too quickly after Kubernetes started would show a spinner that never resolved. (#8217)

The non-functional "Download KubeConfig" and "Kubectl Shell" buttons have been removed from the cluster dashboard. (#2208, #8151, #8757)

Docker Compose 5.0

Docker Compose has been updated to version 5.0. Key changes include:

• Compose can now be used as an SDK for third-party integrations
• The internal builder has been removed; builds are delegated to Docker Bake
• Hooks now run on restart
• New --wait option for the start command

Helm 4.0

Helm has been updated to version 4.0. See the Helm 4.0 release notes for details on the changes.

Diagnostics

Moby image store check

A new diagnostic reports when images exist in the inactive image store (classic vs. containerd-snapshotter), helping identify which images need migration. (#9733)

Windows: wsl-vpnkit detection

A new diagnostic warns when the wsl-vpnkit distribution is present, as it can cause networking issues with Rancher Desktop. (#9623)

Bug Fixes

macOS CA management with multiple keychains

Fixed a bug where certificates from multiple keychains were being written to the same file path, causing only the last keychain's certificates to be processed. (#9755)

K3s version channel labels not updating

Fixed an issue where version channel labels (e.g, stable, latest, v1.xx) were not removed from old versions when they moved to newer versions, causing multiple patch versions to appear in the recommended list. (#9709)

K3s image loading for older versions

Made the --all-platforms flag optional when loading K3s images, so older K3s versions (before 1.31) load images correctly. (#9708, #9710)

rdctl info works after upgrade

Fixed an issue where rdctl info failed with a BusyBox error for users who upgraded from version 1.19.3 or earlier, or restored an old snapshot. The 1.21.0 release notes mentioned a manual workaround; this is no longer needed. (#9546, #9554)

Containers page error handling

Fixed an "[object Object]" error that appeared on the Containers page when the backend became temporarily unavailable. (#9545, #9661)

Connectivity check uses HTTPS

The network connectivity diagnostic now uses an HTTPS HEAD request instead of HTTP GET, improving privacy by encrypting the request. (#9711)

Linux packaging fixes

Fixed an issue where the Debian package did not set the suid bit on chrome-sandbox, causing the application to fail to start on Debian and Ubuntu systems.

The virtualization support check now works correctly on Linux arm64 systems.

Extension fixes

Fixed several issues with Docker Desktop extensions:

• Uninstall and upgrade buttons on the Installed tab now work correctly
• Extension metadata and icons refresh properly after reinstalling an extension
• Extensions without containers no longer cause errors during uninstall
• The ddClient.extension object now includes the id and version fields as specified by the Docker Desktop Extension API

Updates to Bundled Utilities (from Rancher Desktop 1.21.0)

• docker 29.0.2 → 29.1.4
• docker-compose 2.40.3 → 5.0.1
• docker-credential-helpers 0.9.4 → 0.9.5
• helm 3.19.1 → 4.0.5
• nerdctl 2.2.0 → 2.2.1
• trivy 0.67.2 → 0.68.2

Unchanged:

• amazon-ecr-credential-helper 0.11.0
• docker-buildx 0.30.1
• kuberlr 0.6.1
• spin 3.5.1
• spin-shim 0.22.0
• spin-operator 0.6.1

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.21.0, can be found using GitHub compare and the details of the release can be found in the v1.22.0 milestone.

Rancher Desktop 1.21

This is the 1.21.0 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

⚠️ WARNING for Windows users using the Moby container engine ⚠️

This 1.21.0 release is going to change the docker storage driver from the "classic" setting to the containerd-snapshotter (see below). This is supposed to only happen on new installs or after factory resets.

On Windows however, this is happening unconditionally. Any existing images will become inaccessible by the new driver. They are not deleted (and will continue to take up disk space in the VM). They will get deleted by a factory-reset.

In the 1.22.0 release, we will provide a mechanism to switch back and forth between the classic and the snapshotter driver. This will give users the capability to either clean out the old images or to export them, and then re-import them under the other driver.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.21.0

What's New

rdctl info command

rdctl has a new info command that lists the Rancher Desktop version and the IP address of the VM:

❯ rdctl info
Version:   v1.21.0
IPAddress: 192.168.205.2

You can query individual fields for use in scripts:

❯ rdctl info --field ip-address
192.168.205.2

Note: this command is failing for users who have been upgrading Rancher Desktop from version 1.19.3 or earlier, or then restored a snapshot that was based on an earlier installation. If this is happening, you can fix your setup by running:

rdctl shell sudo apk add iproute2

This fix will remain in place until you perform a factory reset or restore from an older snapshot again.

Increasing disk size (Linux and macOS)

Rancher Desktop by default reserves 100GB of disk space for the VM (it is a sparse file, so only the portion in use actually takes up disk space on the host).

It is now possible to increase the maximum size of the VM disk using rdctl:

❯ rdctl set --experimental.virtual-machine.disk-size 120G
Status: reconfiguring Rancher Desktop to apply changes (this may take a while).

This will restart Rancher Desktop, at which time the volume will expand to the larger size. Please note that it is not possible to reduce the maximum size. Unused space in the VM disk will be returned for host usage every time Rancher Desktop is restarted (via fstrim).

There is no GUI mechanism to change the maximum disk size.

Update checker only checks once a day

Rancher Desktop will only check for updates once per day now instead of every hour. This interval is not configurable but the update checks can be disabled completely via both rdctl and the GUI.

Online checker frequency is configurable

By default, Rancher Desktop checks every 5 seconds to update the "online" indicator. It does this by checking for the right redirect response from http://docs.rancherdesktop.io (to https). This also detects when the computer is caught inside a captive portal, like airport or hotel wifi.

You can now change the frequency of this check to a longer value (in milliseconds) or disable it completely by setting it to 0:

❯ rdctl set --diagnostics.connectivity.interval 0
Status: settings updated; no restart required.

Electron will still perform its own online checks (which will also update the Rancher Desktop indicators) but those checks are somewhat unreliable.

There is no mechanism in the GUI to change this setting.

Container Info page with logs

@tylercritchlow has moved the container logs to a container info page. You get to the info page either by clicking the container name or through the menu at the end of the line.

moby now uses containerd snapshotter by default

On new installations, or after a factory reset, Rancher Desktop will now use the containerd snapshotter for storing container images by default. This snapshotter provides additional functionality, such as storing/pushing/pulling multi-platform images. It is also needed for using Wasm containers with docker. This means Rancher Desktop will no longer switch between snapshotters when turning Wasm support on or off, so local images will remain visible to both configuration options.

Updated extensions

The "SUSE Application Collection" extension can now display the collection without having to log in first.

Bug fixes

UDP port forwarding fixed on Linux and macOS

It was already working on Windows. Thanks to @toshs for finding and fixing the issue.

Shadows on macOS 26 Tahoe

Window shadows had a performance issue on macOS 26. This has been fixed by upgrading the Electron version.

Updates to Bundled Utilities (from Rancher Desktop 1.20.1, as of 1.21.0)

• amazon-ecr-credential-helper 0.10.1 → 0.11.0
• docker 28.3.3 → 29.0.2
• docker-buildx 0.26.1 → 0.30.1
• docker-compose 2.39.2 → 2.40.3
• docker-credential-helpers 0.9.3 → 0.9.4
• helm 3.18.6 → 3.19.1
• kuberlr unchanged 0.6.1
• moby/buildkit 0.21.1 → 0.25.2
• nerdctl 2.1.3 → 2.2.0
• spin 3.3.1 → 3.5.1
• spin-shim 0.20.0 → 0.22.0
• spin-operator unchanged 0.6.1
• trivy 0.65.0 → 0.67.2

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.20.1, can be found using GitHub compare and the details of the release can be found in the v1.20.0 milestone.

Rancher Desktop 1.20.1

This is the 1.20.1 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.20.1

This release updates the bundled docker-compose from version 2.39.2 to 2.40.3 to address CVE-2025-62725.

There are no other changes in this patch release.

New Contributors

Thank you to our new contributors: @proski, @lavigneer, and @tylercritchlow!

Release Notes for 1.20.0

What's New

Container Logs

Thanks to @tylercritchlow, the Containers dashboard can now display the container logs. The Logs command is accessible under the ⋮ menu on the right hand side, so it's a bit hidden. This will automatically scroll to the end of the log and it updates automatically as more logs come in.

Container Dashboard Improvements

@tylercritchlow has also made changes to the Containers dashboard itself: it will now automatically update as containers are created, started, stopped or deleted. You no longer need to refresh manually.

As well, containers are now grouped together, either by Kubernetes pod, by docker-compose deployment or in the "Standalone Containers" group for everything else. Groups can individually be collapsed and expanded.

New Volumes page

Another new feature thanks to @tylercritchlow: On the Volumes page, you can see a list of all volumes managed by the container runtime and, if required, delete volumes.

New rdctl reset command

@lavigneer has contributed the new rdctl reset command. It is a refinement of the rdctl factory-reset command, which is still supported, but now deprecated and hidden. It adds the ability to delete the Kubernetes version cache, which was previously only possible from within the GUI.

Command	Function
rdctl reset --vm	deletes VM and creates a new with the same settings
rdctl reset --k8s	deletes deployed Kubernetes workloads
rdctl reset --cache	deletes cached Kubernetes images
rdctl reset --factory	deletes VM and shows first-start dialog again

All options can be combined but some combinations are redundant:

• --factory includes --vm and k8s (but not --cache)
• --vm includes --k8s

VZ emulation mode is now the default on macOS

On a fresh install, or after a factory reset, the default emulation mode on macOS is now VZ instead of QEMU.

The default mount type with VZ is now virtiofs, which is no longer considered "experimental".

Additional locations for system deployment profiles

On macOS, Rancher Desktop will check for system deployment profiles first in /Library/Managed Preferences. If no profile is found there, then it looks in the previous default location at /Library/Preferences. This allows deploying system profiles using MDM solutions.

On Linux, Rancher Desktop continues to look in /etc/rancher-desktop first. But if no profile is found there, it will now also check /usr/etc/rancher-desktop for a system profile before looking in the user profile location.

Additional Diagnostics

When using the moby container engine, Rancher Desktop will now run diagnostics checks to verify that the current docker context is rancher-desktop and that DOCKER_HOST is not set.

On Windows, there is also a new diagnostic that will trigger when the WSL2 version is too old.

Updated extensions

The extension catalog now lists the latest releases of "Epinio", "Open WebUI" and the "SUSE Application Collection".

The "Open WebUI" extension no longer binds to a specific version, but will always attempt to fetch the latest release when it is being restarted.

Vue.JS has been upgraded from Vue2 → Vue3

The Vue JavaScript framework has been updated to the latest version, which required a rather large amount of internal changes. Ideally, this should not be user-visible. Please report any regressions to the GitHub issue tracker.

Bug fixes

Code signing for spin has been fixed

In the previous releases, a bug in the code signed prevented spin from executing applications locally.

Updates to Bundled Utilities (from Rancher Desktop 1.19.3, as of 1.20.0)

• amazon-ecr-credential-helper 0.9.1 → 0.10.1
• docker 28.1.1 → 28.3.3
• docker-buildx 0.25.0 → 0.26.1
• docker-compose 2.37.1 → 2.39.2
• docker-credential-helpers unchanged 0.9.3
• helm 3.18.3 → 3.18.6
• kuberlr 0.6.0 → 0.6.1
• moby/buildkit unchanged 0.21.1
• nerdctl 2.1.1 → 2.1.3
• spin unchanged 3.3.1
• spin-shim 0.19.0 → 0.20.0
• spin-operator 0.5.0 → 0.6.1
• trivy 0.62.1 → 0.65.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.19.3, can be found using GitHub compare and the details of the release can be found in the v1.20.0 milestone.

Rancher Desktop 1.20.0

This is the 1.20.0 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

New Contributors

Thank you to our new contributors: @proski, @lavigneer, and @tylercritchlow!

Release Notes for 1.20.0

What's New

Container Logs

Thanks to @tylercritchlow, the Containers dashboard can now display the container logs. The Logs command is accessible under the ⋮ menu on the right hand side, so it's a bit hidden. This will automatically scroll to the end of the log and it updates automatically as more logs come in.

Container Dashboard Improvements

@tylercritchlow has also made changes to the Containers dashboard itself: it will now automatically update as containers are created, started, stopped or deleted. You no longer need to refresh manually.

As well, containers are now grouped together, either by Kubernetes pod, by docker-compose deployment or in the "Standalone Containers" group for everything else. Groups can individually be collapsed and expanded.

New Volumes page

Another new feature thanks to @tylercritchlow: On the Volumes page, you can see a list of all volumes managed by the container runtime and, if required, delete volumes.

New rdctl reset command

@lavigneer has contributed the new rdctl reset command. It is a refinement of the rdctl factory-reset command, which is still supported, but now deprecated and hidden. It adds the ability to delete the Kubernetes version cache, which was previously only possible from within the GUI.

Command	Function
rdctl reset --vm	deletes VM and creates a new with the same settings
rdctl reset --k8s	deletes deployed Kubernetes workloads
rdctl reset --cache	deletes cached Kubernetes images
rdctl reset --factory	deletes VM and shows first-start dialog again

All options can be combined but some combinations are redundant:

• --factory includes --vm and k8s (but not --cache)
• --vm includes --k8s

VZ emulation mode is now the default on macOS

On a fresh install, or after a factory reset, the default emulation mode on macOS is now VZ instead of QEMU.

The default mount type with VZ is now virtiofs, which is no longer considered "experimental".

Additional locations for system deployment profiles

On macOS, Rancher Desktop will check for system deployment profiles first in /Library/Managed Preferences. If no profile is found there, then it looks in the previous default location at /Library/Preferences. This allows deploying system profiles using MDM solutions.

On Linux, Rancher Desktop continues to look in /etc/rancher-desktop first. But if no profile is found there, it will now also check /usr/etc/rancher-desktop for a system profile before looking in the user profile location.

Additional Diagnostics

When using the moby container engine, Rancher Desktop will now run diagnostics checks to verify that the current docker context is rancher-desktop and that DOCKER_HOST is not set.

On Windows, there is also a new diagnostic that will trigger when the WSL2 version is too old.

Updated extensions

The extension catalog now lists the latest releases of "Epinio", "Open WebUI" and the "SUSE Application Collection".

The "Open WebUI" extension no longer binds to a specific version, but will always attempt to fetch the latest release when it is being restarted.

Vue.JS has been upgraded from Vue2 → Vue3

The Vue JavaScript framework has been updated to the latest version, which required a rather large amount of internal changes. Ideally, this should not be user-visible. Please report any regressions to the GitHub issue tracker.

Bug fixes

Code signing for spin has been fixed

In the previous releases, a bug in the code signed prevented spin from executing applications locally.

Updates to Bundled Utilities (from Rancher Desktop 1.19.3, as of 1.20.0)

• amazon-ecr-credential-helper 0.9.1 → 0.10.1
• docker 28.1.1 → 28.3.3
• docker-buildx 0.25.0 → 0.26.1
• docker-compose 2.37.1 → 2.39.2
• docker-credential-helpers unchanged 0.9.3
• helm 3.18.3 → 3.18.6
• kuberlr 0.6.0 → 0.6.1
• moby/buildkit unchanged 0.21.1
• nerdctl 2.1.1 → 2.1.3
• spin unchanged 3.3.1
• spin-shim 0.19.0 → 0.20.0
• spin-operator 0.5.0 → 0.6.1
• trivy 0.62.1 → 0.65.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.19.3, can be found using GitHub compare and the details of the release can be found in the v1.20.0 milestone.

Rancher Desktop 1.19.3

This is the 1.19.3 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.19.3

AppImage release works again

An update to one of our dependencies broke the AppImage releases. This has been fixed.

Upgraded bundled utilities

The following utilities have been updated:

• docker-buildx 0.24.0 → 0.25.0
• helm 3.18.0 → 3.18.3
• spin 3.3.0 → 3.3.1

Release Notes for 1.19.2

Images built with OpenJDK 17 to 24 no longer crash (Linux and macOS)

OpenJDK releases 17 to 24 cannot properly detect the cgroup version when running on a Linux kernel 6.12+. Rancher Desktop 1.19.2 downgrades the bundled Linux kernel to version 6.6; this allows more time for images to be rebuilt once the fixed OpenJDK 25 is released.

VZ emulation with Rosetta works on earlier macOS releases than 15.5

As a side-effect of downgrading the kernel, VZ emulation with Rosetta will work again on older macOS releases.

The spin up command works again (macOS)

In Rancher Desktop 1.17.0, the spin binary was moved to a different location and no longer signed with the required entitlements on macOS, causing it to fail code compiled into executable memory. This has been fixed.

Upgraded bundled utilities

The following utilities have been updated:

• docker-compose 2.36.2 → 2.37.1
• spin 3.2.0 → 3.3.0

Release Notes for 1.19.1

VZ emulation with Rosetta requires macOS 15.5

Older Rosetta releases are incompatible with the latest Linux kernel releases (6.11 and later). Rancher Desktop 1.19 uses a Linux 6.12.28 kernel on Linux and macOS and requires the updated Rosetta version from macOS 15.5 or later. This is only a concern for running amd64 container images on Apple silicon machines.

Gnome Desktop compatibility

The 1.19.0 release did not run on Linux with Gnome Desktop. This has been fixed.

SUSE Application Collection extension upgraded to 0.2.2.

The extension had a new release with a few bug fixes.

Release Notes for 1.19.0

What's New

Extension update mechanism

The "Extensions" menu item on the left will show a red bubble with a count of all installed extensions that have an update available from the built-in catalog. The cards for those extensions will have an "Update" button in addition to the "Remove" button.

SUSE Application Collection extension

SUSE Application Collection gives access to trusted, curated, and continuously updated applications. This extension helps you integrate the collection into your local development environment by managing authentication, making apps plug-and-play, and helping you stay up-to-date.

Epinio extension is working again

Thanks to the team at Krumware for taking over maintenance of the Epinio extension! (#6580 and #7280)

Open WebUI extension has MCP support

This update adds a simple, secure MCP-to-OpenAPI proxy server running in a container. It provides access to tools using the Model Context Protocol from the LLM.

It comes pre-configured with a docker and a kubernetes MCP server implementation, allowing the model to talk to the local Moby engine or Kubernetes cluster.

VZ emulation and Snapshots are no longer experimental

The --experimental.virtual-machine.type and --experimental.virtual-machine.use-rosetta options in rdctl are now just --virtual-machine.type and --virtual-machine.use-rosetta.

Bug fixes

Kubernetes reset no longer breaks on Windows

When using Kubernetes 1.30.0 or later, a "Kubernetes Reset" would leave Rancher Desktop in a broken state until WSL2 was restarted (or the host rebooted) #8648.

QEMU slow image pulling (on Linux and macOS) has been fixed

The root cause has been a delay in the DNS host resolver implementation (#4258).

Extensions (on macOS) can now call bundled utilities

Extensions were unable to use bundled utilities such as the credential helpers because Rancher Desktop is normally launched by the Finder and does not inherit the user's PATH setting. With this release, the directory with bundled utilities will be added explicitly when an extension invokes external programs (#8598).

docker build on Windows no longer fails intermittently with http2 errors

This was a regression in Rancher Desktop 1.18.* on Windows only due to a buffering issue in the proxy implementation (#8276).

Many thanks to @bcxpro for analyzing the failure and providing a fix! (#8311)

nerdctl on Windows can now use alternate filenames for Dockerfile

This was a bug in the argument translation layer in nerdctl-stub (#8190).

Updates to Bundled Utilities (as of Rancher Desktop 1.19.3)

• amazon-eco-credential-helper unchanged 0.9.1
• docker 27.5.1 → 28.1.1
• docker-buildx 0.20.1 → 0.25.0
• docker-compose 2.33.0 → 2.37.1
• docker-credential-helpers 0.8.2 → 0.9.3
• helm 3.17.1 → 3.18.3
• kuberlr 0.5.2 → 0.6.0
• moby/buildkit 0.19.0 → 0.21.1
• nerdctl 2.0.3 → 2.1.1
• spin 3.1.2 → 3.3.1
• spin-shim 0.18.0 → 0.19.0
• spinkube unchanged 0.4.0
• trivy 0.59.1 → 0.62.1

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.18.0, can be found using GitHub compare and the details of the release can be found in the v1.19.0 and v1.19.2 milestones.

Rancher Desktop 1.19.2

This is the 1.19.2 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.19.2

Images built with OpenJDK 17 to 24 no longer crash (Linux and macOS)

OpenJDK releases 17 to 24 cannot properly detect the cgroup version when running on a Linux kernel 6.12+. Rancher Desktop 1.19.2 downgrades the bundled Linux kernel to version 6.6; this allows more time for images to be rebuilt once the fixed OpenJDK 25 is released.

VZ emulation with Rosetta works on earlier macOS releases than 15.5

As a side-effect of downgrading the kernel, VZ emulation with Rosetta will work again on older macOS releases.

The spin up command works again (macOS)

In Rancher Desktop 1.17.0, the spin binary was moved to a different location and no longer signed with the required entitlements on macOS, causing it to fail code compiled into executable memory. This has been fixed.

Upgraded bundled utilities

The following utilities have been updated:

• docker-compose 2.36.2 → 2.37.1
• spin 3.2.0 → 3.3.0

Release Notes for 1.19.1

VZ emulation with Rosetta requires macOS 15.5

Older Rosetta releases are incompatible with the latest Linux kernel releases (6.11 and later). Rancher Desktop 1.19 uses a Linux 6.12.28 kernel on Linux and macOS and requires the updated Rosetta version from macOS 15.5 or later. This is only a concern for running amd64 container images on Apple silicon machines.

Gnome Desktop compatibility

The 1.19.0 release did not run on Linux with Gnome Desktop. This has been fixed.

SUSE Application Collection extension upgraded to 0.2.2.

The extension had a new release with a few bug fixes.

Release Notes for 1.19.0

What's New

Extension update mechanism

The "Extensions" menu item on the left will show a red bubble with a count of all installed extensions that have an update available from the built-in catalog. The cards for those extensions will have an "Update" button in addition to the "Remove" button.

SUSE Application Collection extension

SUSE Application Collection gives access to trusted, curated, and continuously updated applications. This extension helps you integrate the collection into your local development environment by managing authentication, making apps plug-and-play, and helping you stay up-to-date.

Epinio extension is working again

Thanks to the team at Krumware for taking over maintenance of the Epinio extension! (#6580 and #7280)

Open WebUI extension has MCP support

This update adds a simple, secure MCP-to-OpenAPI proxy server running in a container. It provides access to tools using the Model Context Protocol from the LLM.

It comes pre-configured with a docker and a kubernetes MCP server implementation, allowing the model to talk to the local Moby engine or Kubernetes cluster.

VZ emulation and Snapshots are no longer experimental

The --experimental.virtual-machine.type and --experimental.virtual-machine.use-rosetta options in rdctl are now just --virtual-machine.type and --virtual-machine.use-rosetta.

Bug fixes

Kubernetes reset no longer breaks on Windows

When using Kubernetes 1.30.0 or later, a "Kubernetes Reset" would leave Rancher Desktop in a broken state until WSL2 was restarted (or the host rebooted) #8648.

QEMU slow image pulling (on Linux and macOS) has been fixed

The root cause has been a delay in the DNS host resolver implementation (#4258).

Extensions (on macOS) can now call bundled utilities

Extensions were unable to use bundled utilities such as the credential helpers because Rancher Desktop is normally launched by the Finder and does not inherit the user's PATH setting. With this release, the directory with bundled utilities will be added explicitly when an extension invokes external programs (#8598).

docker build on Windows no longer fails intermittently with http2 errors

This was a regression in Rancher Desktop 1.18.* on Windows only due to a buffering issue in the proxy implementation (#8276).

Many thanks to @bcxpro for analyzing the failure and providing a fix! (#8311)

nerdctl on Windows can now use alternate filenames for Dockerfile

This was a bug in the argument translation layer in nerdctl-stub (#8190).

Updates to Bundled Utilities

• amazon-eco-credential-helper unchanged 0.9.1
• docker 27.5.1 → 28.1.1
• docker-buildx 0.20.1 → 0.24.0
• docker-compose 2.33.0 → 2.37.1
• docker-credential-helpers 0.8.2 → 0.9.3
• helm 3.17.1 → 3.18.0
• kuberlr 0.5.2 → 0.6.0
• moby/buildkit 0.19.0 → 0.21.1
• nerdctl 2.0.3 → 2.1.1
• spin 3.1.2 → 3.3.0
• spin-shim 0.18.0 → 0.19.0
• spinkube unchanged 0.4.0
• trivy 0.59.1 → 0.62.1

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.18.0, can be found using GitHub compare and the details of the release can be found in the v1.19.0 and v1.19.2 milestones.

Rancher Desktop 1.19.1

This is the 1.19.1 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Release Notes for 1.19.1

VZ emulation with Rosetta requires macOS 15.5

Older Rosetta releases are incompatible with the latest Linux kernel releases (6.11 and later). Rancher Desktop 1.19 uses a Linux 6.12.28 kernel on Linux and macOS and requires the updated Rosetta version from macOS 15.5 or later. This is only a concern for running amd64 container images on Apple silicon machines.

Gnome Desktop compatibility

The 1.19.0 release did not run on Linux with Gnome Desktop. This has been fixed.

SUSE Application Collection extension upgraded to 0.2.2.

The extension had a new release with a few bug fixes.

Release Notes for 1.19.0

What's New

Extension update mechanism

The "Extensions" menu item on the left will show a red bubble with a count of all installed extensions that have an update available from the built-in catalog. The cards for those extensions will have an "Update" button in addition to the "Remove" button.

SUSE Application Collection extension

SUSE Application Collection gives access to trusted, curated, and continuously updated applications. This extension helps you integrate the collection into your local development environment by managing authentication, making apps plug-and-play, and helping you stay up-to-date.

Epinio extension is working again

Thanks to the team at Krumware for taking over maintenance of the Epinio extension! (#6580 and #7280)

Open WebUI extension has MCP support

This update adds a simple, secure MCP-to-OpenAPI proxy server running in a container. It provides access to tools using the Model Context Protocol from the LLM.

It comes pre-configured with a docker and a kubernetes MCP server implementation, allowing the model to talk to the local Moby engine or Kubernetes cluster.

VZ emulation and Snapshots are no longer experimental

The --experimental.virtual-machine.type and --experimental.virtual-machine.use-rosetta options in rdctl are now just --virtual-machine.type and --virtual-machine.use-rosetta.

Bug fixes

Kubernetes reset no longer breaks on Windows

When using Kubernetes 1.30.0 or later, a "Kubernetes Reset" would leave Rancher Desktop in a broken state until WSL2 was restarted (or the host rebooted) #8648.

QEMU slow image pulling (on Linux and macOS) has been fixed

The root cause has been a delay in the DNS host resolver implementation (#4258).

Extensions (on macOS) can now call bundled utilities

Extensions were unable to use bundled utilities such as the credential helpers because Rancher Desktop is normally launched by the Finder and does not inherit the user's PATH setting. With this release, the directory with bundled utilities will be added explicitly when an extension invokes external programs (#8598).

docker build on Windows no longer fails intermittently with http2 errors

This was a regression in Rancher Desktop 1.18.* on Windows only due to a buffering issue in the proxy implementation (#8276).

Many thanks to @bcxpro for analyzing the failure and providing a fix! (#8311)

nerdctl on Windows can now use alternate filenames for Dockerfile

This was a bug in the argument translation layer in nerdctl-stub (#8190).

Updates to Bundled Utilities

• amazon-eco-credential-helper unchanged 0.9.1
• docker 27.5.1 → 28.1.1
• docker-buildx 0.20.1 → 0.24.0
• docker-compose 2.33.0 → 2.36.2
• docker-credential-helpers 0.8.2 → 0.9.3
• helm 3.17.1 → 3.18.0
• kuberlr 0.5.2 → 0.6.0
• moby/buildkit 0.19.0 → 0.21.1
• nerdctl 2.0.3 → 2.1.1
• spin 3.1.2 → 3.2.0
• spin-shim 0.18.0 → 0.19.0
• spinkube unchanged 0.4.0
• trivy 0.59.1 → 0.62.1

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.18.0, can be found using GitHub compare and the details of the release can be found in the v1.19.0 milestone.