Docker Community Forums

Share and learn in the Docker community.

Universal Control Plane 1.0.3 security patch update available

(Vivek Saraswat) #1

Edit: We have replaced v1.0.2 with v1.0.3 which fixes a bug related to viewing a user’s account profile in the UI. Please install or update to version 1.0.3.

We have just released the 2nd GA patch update to Universal Control Plane, v1.0.3. This is a security patch update, so we strongly encourage you to adopt it as soon as possible. You can upgrade from your existing deployment or you can install a new deployment.

More info on each UCP release is available in the updated release notes.

UCP v.1.0.3 has the following changes:

  • Fixes a security issue by which a non-admin user account could gain admin-level privileges via the UCP API.

While this issue cannot be used to gain access to the system by someone who does not already have an account, we still encourage you to upgrade as soon as possible. Feel free to provide any feedback here on the forums or to your Docker field rep.

(Vivek Saraswat) #2

Hello folks,

Some of our users have noticed a potential bug related to team labels in the new version 1.0.2. We’ve pulled it from Hub and are in the process of creating a fix. Apologies for the inconvenience and stay tuned.

(Vivek Saraswat) #3

Update: We have updated with a new patch, v1.0.3, which fixes the bug. Please update using this patch. I will edit the thread name and first post with the new info.