Pre-release v2.14.0-alpha2

Images with -rc

rancher/fleet-agent:v0.15.0-alpha.5
rancher/fleet:v0.15.0-alpha.5
rancher/rancher-agent:v2.14.0-alpha2
rancher/rancher:v2.14.0-alpha2
rancher/rke2-cloud-provider:v1.33.0-rc1.0.20250430074337-dc03cb4b3faa-build20250430
rancher/rke2-cloud-provider:v1.33.0-rc1.0.20250905195603-857412ae5891-build20250908
rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908
rancher/rke2-cloud-provider:v1.35.0-rc1.0.20251218152248-a6c6cd15c0c4-build20251219
rancher/scc-operator:v0.3.1-rc.2
rancher/shell:v0.6.2-rc.1
rancher/system-agent:v0.3.15-rc.1-suc
rancher/wins:v0.5.4-rc.1

Components with -rc

CLI_VERSION v2.12.0-rc.1
DASHBOARD_UI_VERSION v2.14.0-alpha1
SYSTEM_AGENT_VERSION v0.3.15-rc.1
UI_VERSION 2.14.0-alpha1
WINS_AGENT_VERSION v0.5.4-rc.1
AKS-OPERATOR v1.13.0-rc.4
ALI-OPERATOR v1.13.0-rc.2
EKS-OPERATOR v1.13.0-rc.4
GKE-OPERATOR v1.13.0-rc.3

Min version components with -rc

Chart/KDM sources

• CHART_DEFAULT_BRANCH: dev-v2.14 (scripts/package-env)
• CHART_DEFAULT_BRANCH: dev-v2.14 (package/Dockerfile)
• CATTLE_KDM_BRANCH: dev-v2.14 (package/Dockerfile)
• CATTLE_KDM_BRANCH: dev-v2.14 (Dockerfile.dapper)
• KDMBranch: dev-v2.14 (pkg/settings/setting.go)
• ChartDefaultBranch: dev-v2.14 (pkg/settings/setting.go)

v2.13.2

Release v2.13.2

Important: If you are using Active Directory Federation Service (AD FS), upgrading to Rancher v2.10.1 or later may cause issues with authentication, requiring manual intervention. These issues are due to the AD FS Relying Party Trust not being able to pick up a signature verification certificate from the metadata. For more information see #48655. These issues can be corrected by either of two methods:

• Updating the Relying Party Trust information from federation metadata (Relying Party Trust -> Update from Federation Metadata...)
• Directly adding the certificate (Relying Party Trust -> Properties -> Signature tab -> Add -> Select the certificate).

Rancher v2.13.2 is the latest patch release of Rancher. This is a Community version release that introduces maintenance updates and bug fixes.

For more information on new features in the general minor release, see the v2.13.0 release notes.

Security Fixes for Rancher Vulnerabilities

This release addresses the following Rancher security issue:

• Rancher now provides new versions of the Rancher Backup chart which prevent the leak of secret S3 credentials via the Rancher Backup pod log. For more information, refer to CVE-2025-62879.
• Rancher now removes the ability to fetch CA certificates stored in Rancher’s setting cacerts when using the login command. For more information, refer to CVE-2025-67601.

For additional details, see the Security Advisories and CVEs page in Rancher's documentation or in Rancher's GitHub repository.

Rancher App (Global UI)

Major Bug Fixes

• Fixed an issue where the selection of pods in the Rancher UI (Workloads > Pods) would reset when the status of a pod changed. See #16094.

• Added additional improvements to reduce the amount of failed network requests when fetching resources shown in lists in the Rancher UI by reducing the length of the URL used in the request. This failure was more likely to happen when viewing resources in the local cluster as an administrator. See #16216.

Install/Upgrade Notes

If you’re installing Rancher for the first time, your environment must fulfill the installation requirements.

Important: Chart name change for Rancher Prime. The chart name change introduced in Rancher Prime v2.13.1 has been reverted. The chart name rancher should be used for all installations and upgrades. As an example, the installation command is now helm install rancher rancher-prime/rancher.

Important: Rancher now requires the cluster it runs on to have the Kubernetes API Aggregation Layer enabled. This is because Rancher extends Kubernetes with additional APIs by registering its own extension API server. Please note that all versions of Kubernetes supported in this Rancher versions K8s distributions (RKE2/K3s) will have the aggregation layer configured and enabled by default. Refer to the Extension API Server documentation and #50400 for more information.

Important: Rancher Kubernetes Engine (RKE/RKE1) has reached end of life as of July 31, 2025. Rancher versions 2.12.0 and later no longer support provisioning or managing downstream RKE1 clusters. We recommend replatforming RKE1 clusters to RKE2 to ensure continued support and security updates. Learn more about the transition here.

Rancher now has a pre-upgrade validation check for RKE1 resources which fails and lists the RKE1 resources if present. Refer to the RKE1 Resource Validation and Upgrade Requirements documentation and #50286 for more information.

Important: It is crucial that you review the available disk space on your nodes and plan accordingly before upgrading to Rancher v2.12.0 and later to avoid potential disk pressure and pod eviction issues. For additional information refer to the UI Server Side Pagination - Disk Space documentation.

Important: Rancher now has an enablement option called AUDIT_LOG_ENABLED for API Audit Logs for a Rancher installation. In Rancher versions 2.11.x and earlier, only the AUDIT_LEVEL could be set and the default log level (0) would disable the audit log. In Rancher versions 2.12.x and later, the default log level (0) now only contains the log request and response metadata, and can be set when configuring AUDIT_LOG_ENABLED. If installing or upgrading via Helm you can enable the API Audit Logs and specify the log level by applying the following setting to your Helm command: --set auditLog.enabled=true --set auditLog.level=0. See the Enabling the API Audit Log to Record System Events documentation and #48941.

Changes in Image Artifacts

Image artifact digests are renamed in Rancher v2.12.0, v2.11.4 and v2.10.8. Up until this change, separate image digests files for each operating system and architecture have been maintained for compatibility reasons. With this change, only one file for each operating system is to be provided:

• The rancher-images-digests-linux-amd64.txt and rancher-images-digests-linux-arm64.txt files are to be renamed to rancher-images-digests-linux.txt.
• The rancher-images-digests-windows-ltsc2019.txt and rancher-images-digests-windows-ltsc2022.txt files are to be renamed to rancher-images-digests-windows.txt.

Upgrade Requirements

• Creating backups: Create a backup before you upgrade Rancher. To roll back Rancher after an upgrade, you must first back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to the same state as when the backup was created, any changes post-upgrade will not be included after the restore.

• Helm version requirements:

  • To manage Rancher 2.12.x and later, you must upgrade your Helm client to version 3.18 or newer.
  • This change is required to reflect the addition of Kubernetes 1.33 support with this release.
  • Currently, the official Helm Version Support Policy dictates that only Helm 3.18 supports the proper Kubernetes version range for Rancher 2.12.

• CNI requirements:

  • For Kubernetes v1.19 and later, disable firewalld as it’s incompatible with various CNI plugins. See #28840.
  • When upgrading or installing a Linux distribution that uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or later, upgrade to RKE v1.19.2 or later to get Flannel v0.13.0. Flannel v0.13.0 supports nf_tables. See Flannel #1317.

• Requirements for air-gapped environments:

  • When using a proxy in front of an air-gapped Rancher instance, you must pass additional parameters to NO_PROXY. See the documentation and issue #2725.
  • When installing Rancher with Docker in an air-gapped environment, you must supply a custom registries.yaml file to the docker run command, as shown in the K3s documentation. If the registry has certificates, then you’ll also need to supply those. See #28969.

Versions

Images

• rancher/rancher:v2.13.2

Tools

• CLI - v2.13.2

Kubernetes Versions for RKE2/K3s

• v1.34.3 (Default)
• v1.33.7
• v1.32.11

Rancher Helm Chart Versions

In Rancher v2.6.0 and later, in the Apps & Marketplace UI, many Rancher Helm charts are named with a major version that starts with 100. This avoids simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also complies with semantic versioning (SemVer), which is a requirement for Helm. You can see the upstream version number of a chart in the build metadata, ...

Pre-release v2.13.2-rc2

Images with -rc

rancher/rancher-agent:v2.13.2-rc2
rancher/rancher:v2.13.2-rc2
rancher/rke2-cloud-provider:v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101
rancher/rke2-cloud-provider:v1.32.5-rc1.0.20250516182639-8e8f2a4726fd-build20250612
rancher/rke2-cloud-provider:v1.32.8-rc1.0.20250814215348-fe896f7e7cf8-build20250908
rancher/rke2-cloud-provider:v1.33.0-rc1.0.20250430074337-dc03cb4b3faa-build20250430
rancher/rke2-cloud-provider:v1.33.0-rc1.0.20250905195603-857412ae5891-build20250908
rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908

Components with -rc

Min version components with -rc

Chart/KDM sources

• CHART_DEFAULT_BRANCH: release-v2.13 (scripts/package-env)
• CHART_DEFAULT_BRANCH: release-v2.13 (package/Dockerfile)
• CATTLE_KDM_BRANCH: release-v2.13 (package/Dockerfile)
• CATTLE_KDM_BRANCH: release-v2.13 (Dockerfile.dapper)
• KDMBranch: release-v2.13 (pkg/settings/setting.go)
• ChartDefaultBranch: release-v2.13 (pkg/settings/setting.go)

v2.12.6

Please refer to our Prime Documentation for release notes about the Rancher Prime build.

Pre-release v2.12.6-rc2

[v2.12] backport add rke2 runtime images (#53537)

* add rke2 runtime images

* fix identation

* fix identation

v2.11.10

Please refer to our Prime Documentation for release notes about the Rancher Prime build.

Pre-release v2.11.10-rc2

[v2.11] backport add rke2 runtime images (#53538)

* add rke2 runtime images

* ffix image

v2.10.11

Please refer to our Prime Documentation for release notes about the Rancher Prime build.

Pre-release v2.10.11-rc2

add rke2 runtime images (#53539)

Pre-release v2.13.2-rc1

Images with -rc

rancher/rancher-agent:v2.13.2-rc1
rancher/rancher:v2.13.2-rc1
rancher/rke2-cloud-provider:v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101
rancher/rke2-cloud-provider:v1.32.5-rc1.0.20250516182639-8e8f2a4726fd-build20250612
rancher/rke2-cloud-provider:v1.32.8-rc1.0.20250814215348-fe896f7e7cf8-build20250908
rancher/rke2-cloud-provider:v1.33.0-rc1.0.20250430074337-dc03cb4b3faa-build20250430
rancher/rke2-cloud-provider:v1.33.0-rc1.0.20250905195603-857412ae5891-build20250908
rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908

Components with -rc

DASHBOARD_UI_VERSION v2.13.2-rc1
UI_VERSION 2.13.2-rc1

Min version components with -rc

Chart/KDM sources

• CHART_DEFAULT_BRANCH: release-v2.13 (scripts/package-env)
• CHART_DEFAULT_BRANCH: release-v2.13 (package/Dockerfile)
• CATTLE_KDM_BRANCH: release-v2.13 (package/Dockerfile)
• CATTLE_KDM_BRANCH: release-v2.13 (Dockerfile.dapper)
• KDMBranch: release-v2.13 (pkg/settings/setting.go)
• ChartDefaultBranch: release-v2.13 (pkg/settings/setting.go)