This is a quick reminder about the importance of keeping software up to date. Whether you are using Portainer in your home lab, or managing a large fleet of Kubernetes clusters in the data center or cloud - it’s essential to ensure Portainer and other software you deploy is kept up to date.
While it may seem easier to stick with currently running versions of software, it’s nearly always more cost effective in the long run to stay current - the hidden costs of data breaches, reputational damage, and regulatory fines will significantly outweigh any perceived short-term savings or convenience.
Portainer is committed to security and as well as working with security researchers and using modern vulnerability scanning tools - we perform routine third party audits. This year alone we’ve addressed dozens of CVEs in Portainer releases. Check out the https://docs.portainer.io/release-notes for more information.
Aside from the additional risks of cybersecurity attacks when running unpatched software with known vulnerabilities, you should also factor in some of the other benefits:
To help schedule and plan your updates, we’ve recently published Portainer BE Lifecycle Policy. In brief, we maintain two release “channels”:
Older versions that fall outside of this policy are no longer maintained by Portainer and currently that includes versions prior to 2.21.
Updating couldn’t be easier - for LTS releases; the web console will notify you of available updates and allow you to update in place without having to backup and restore your settings manually.
To update to STS releases as well as information on options and best practices for updating Portainer deployments, take a look at this page https://docs.portainer.io/start/upgrade.