This is a quick reminder about the importance of keeping software up to date. Whether you are using Portainer in your home lab, or managing a large fleet of Kubernetes clusters in the data center or cloud - it’s essential to ensure Portainer and other software you deploy is kept up to date.
While it may seem easier to stick with currently running versions of software, it’s nearly always more cost effective in the long run to stay current - the hidden costs of data breaches, reputational damage, and regulatory fines will significantly outweigh any perceived short-term savings or convenience.
Portainer is committed to security and as well as working with security researchers and using modern vulnerability scanning tools - we perform routine third party audits. This year alone we’ve addressed dozens of CVEs in Portainer releases. Check out the https://docs.portainer.io/release-notes for more information. Also check out our knowledge base article "How does Portainer respond to CVEs?". Finally you can find a list of current CVEs in publicly available databases such as Mitre.
Aside from the additional risks of cybersecurity attacks when running unpatched software with known vulnerabilities, you should also factor in some of the other benefits:
- As customers expand their Portainer deployments, we’re constantly improving the performance, scalability, and stability of Portainer for managing business critical workloads whether in the data center or on the factory floor.
- Support for the latest versions of the products and technologies that Portainer integrates with including Kubernetes, Docker, Podman, and Identity, and cloud services.
- We’re constantly adding new features to make Portainer more powerful and make your life easier - take a look out our release notes for any version here https://docs.portainer.io/release-notes
To help schedule and plan your updates, we’ve recently published Portainer BE Lifecycle Policy. In brief, we maintain two release “channels”:
- Long Term Support releases (identified with an “LTS” suffix) are supported until the release of the next LTS version plus a 3 month migration window.
- Short Term Support releases (identified with an “STS” suffix) are supported until the release of the next STS or LTS version.
Older versions that fall outside of this policy are no longer maintained by Portainer and currently that includes versions prior to 2.21.
Updating couldn’t be easier - for LTS releases; the web console will notify you of available updates and allow you to update in place without having to backup and restore your settings manually.
To update to STS releases as well as information on options and best practices for updating Portainer deployments, take a look at this page https://docs.portainer.io/start/upgrade.
COMMENTS