Hey again. Recently I have learned about Ingress-nginx CVE-2025-1974; fortunately this CVE doesn’t apply to any of my own pods, but it does affect my current

rke2-ingress-nginx

deployment. What is the best way to remediate this? Is there something on the Rancher UI that I can use to upgrade the deployment/pod/image version, or do I need to get onto the server and make configuration file changes?

what version of rke2?

Looks like rke2r1

try

rke2 -v

command; it should look something like this:

# rke2 -v
rke2 version v1.32.3+rke2r1 (18005e93ee0b015b78be47cf6515ae6d3a9afd55)
go version go1.23.6 X:boringcrypto

Perfect, thank you! I’ll check the version that way and confirm and will upgrade if necessary.

if for any reason you cannot upgrade there is a workaround in above doc also

Hello, back again with another question. Yesterday I posted the above message about updating RKE2 for the CVE-2025-1974 issue, but instead of only updating RKE2 I decided it might be worth updating the whole Rancher install. However, I’m running Rancher via a Docker image and would like to stay on the 2.9.x release, but it looks like the last Docker Hub image for 2.9 was built 6 months ago despite an update to the 2.9 Github release was patched/released a few days ago. Am I correct in assuming that the Docker Hub release of 2.9, 2.9-head, does not include the fix for the CVE?

There are no new community releases of 2.9. Community releases are only available for the latest minor version. If you want to stay on 2.9.x you will need a Rancher Prime subscription.