This message was deleted.

there is no such thing as a vulnerability free image. We rebuild and bump images regularly, but any image that’s more than a couple weeks old is going to have SOMETHING that needs to be updated. We’re planning to bump etcd and a couple other things in the next release, but we don’t make it to all of them every release.

Of course, that makes perfect sense! I just assumed that since you go through all of this effort, then when you release stable, you'd make sure to bump the images to versions with no known unfixed vulnerabilities before releasing, though I understand that you want to let the image brew for a few weeks before promoting it to stable. In any case, looks like continuing to use stable is my best bet here?

1.27 appears to be on a slightly newer rebuild of the image… but if you’re using rancher, you’re stuck with 1.26 or older for now.

We just install stable (1.25) rke2 now using the airgapped method now, so we could use different package. If 1.26 is not significantly better than stable, we'll just stay with stable.