Docker Community Forums

Share and learn in the Docker community.

Universal Control Plane 1.1.3 has been released! (security and performance updates)


(Vivek Saraswat) #1

We are pleased to announce the latest GA patch update to Universal Control Plane (v1.1.3)! You can find more detailed info on the changes in the UCP release notes. As always, you can either upgrade your current deployment or you can install a new deployment of UCP. Please note there are both security and performance enhancements with this patch, so we encourage you to update as soon as possible.

The security update in this patch fixes an issue discovered by our development team during internal testing. The issue allowed a malicious user with limited privileges could escalate their privileges to perform unauthorized actions on the cluster via the API. This issue affects deployments of Universal Control Plane versions 1.1.2 or prior, and can only be used to gain access to the system by someone who already has a UCP account.

The performance update shows significant improvement to speed of cluster operations (e.g. docker run and docker-compose up when large numbers of overlay networks are deployed in the environment.

Some of the additional changes in UCP version 1.1.3:

New features: Non-admin users cannot edit/delete UCP/DTR volumes, View-Only default permissions now prohibit certain actions related to Images/Networks/Volumes
Bug fixes: Container rescheduling with overlay networks, LDAP admin sync when migrating from DTR 1.4.3. to 2.0.x, GUI-created volumes populating labels field, UI sidebar visibility, UCP/DTR config preservation on restart

As with previous versions, UCP 1.1.3 does not use the built-in orchestration features of Engine 1.12’s swarm-mode. Instead, it will run the classic Swarm 1.2.5 with swarm-join and swarm-master containers on the cluster.

Feel free to leave any feedback on this release here on the forums or through your Docker field rep.


(Vishnu Bharathi) #2

@vsaraswat Clarification regarding this

As with previous versions, UCP 1.1.3 does not use the built-in orchestration features of Engine 1.12’s swarm-mode. Instead, it will run the classic Swarm 1.2.5 with swarm-join and swarm-master containers on the cluster.

Is support for Docker engine 1.12’s swarm mode on the roadmap ?


(Vivek Saraswat) #3

Hi Vishnu,

Yes, swarm-mode will be supported in the next major release of UCP. For a preview of how it will look, you can watch our keynote demo from DockerCon: https://blog.docker.com/2016/07/docker-datacenter-dockercon-2016-image-security-engine-1-12-and-burning-man/ (The demo starts ~22 minutes into the video)


(Vishnu Bharathi) #4

Hey Vivek,

Awesome demo , by the way. Is there a beta release, where I could try out the UCP and DTR that you showed there ? or may be I should wait until the release. ( If so , when do you expect the stable version to be available for usage ? )


(Vivek Saraswat) #5

Glad you liked the demo =)

No public beta available right now, but will definitely announce if and when that happens or when we are headed to release.