Rancher Desktop 1.16.0

This is the 1.16.0 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Notable Changes and Bug Fixes

Windows networking updates

Removing support for the legacy networking stack on Windows uncovered a couple of remaining issues:

• Removed the legacy network stack (#7296)

• Removed iptables scraping from the guest agent (#7447)

• Resolved IP address collisions with userspace networks in other WSL distributions (#7383)

• Addressed open connection issues in wsl-proxy, preventing the distro from exhausting file descriptors (#7331)

docker buildx and docker compose plugins are using the updated binaries (Windows)

Rancher Desktop has been shipping updated docker-buildx and docker-compose executables, but when they are started as a plugin via docker buildx or docker compose then they are loaded from the %USERPROFILE%\.docker\cli-plugins directory and not located via the PATH. Previous Rancher Desktop releases would not overwrite existing files in the plugin directory, which means docker buildx and docker compose could have been running outdated version.

Automatic PATH management has been fixed (macOS, Linux)

The changes made in 1.15.0 to prevent shell profiles from being deleted in certain edge conditions broke the updating of shell profiles completely. This happened only with the signed release versions, which is why it wasn't detected earlier.

In 1.16.0 any kind of extended attributes on a shell profile will be copied and will not prevent the update (#7394).

sudo-prompt applet is a native binary for macOS on Apple Silicon

The 1.15.0 release was supposed to be fully native for Apple Silicon, but it turned out that the applet to prompt for the sudo password was still Intel-only. Now Rosetta should really no longer be needed for Rancher Desktop.

Known Issues

Rancher Desktop stopped working on openSUSE Tumbleweed

This is due to a breaking change in the firmware shipped with QEMU on openSUSE (#7463). The openSUSE bug is tracked by https://bugzilla.suse.com/show_bug.cgi?id=1230291.

This issue does not affect installation using the AppImage installer because it bundles its own version of QEMU.

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Deprecations

macOS 11 Big Sur and earlier are no longer officially supported

Apple usually only provides security updates for the last 3 major macOS releases. GitHub removes CI runners once the OS is no longer supported. Due to availability of hardware resources and software dependencies, we may be unable to create new Rancher Desktop releases compatible with older macOS versions in the future.

We will try not to break Rancher Desktop on older macOS versions as long as reasonably possible, but those versions should be considered unsupported.

Updates to Bundled Utilities

• docker 26.1.0 → 27.1.1
• docker-buildx 0.14.1 → 0.16.2
• docker-compose 2.27.1 → 2.29.1
• docker-credential-ecr-login unchanged 0.8.0
• helm 3.15.1 → 3.15.3
• moby/buildkit unchanged 0.12.5
• nerdctl unchanged 1.7.6
• spin: new 2.5.1
• spin-shim: 0.14.1 → 0.15.1
• spinkube: unchanged 0.2.0
• trivy 0.51.4 → 0.53.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.15.1, can be found using GitHub compare and the details of the release can be found in the v1.16.0 milestone.

Rancher Desktop 1.15.1

This is the 1.15.1 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

What has changed in 1.15.1

• Windows only: Resolved a socket leak when using Kubernetes or other containers from WSL distributions, eventually causing connections to stop working after running out of file descriptors. (#7331)
• macOS and Linux only: Resolved an issue where the inability to manage .bashrc/.zshrc/etc., broke the ability to automatically start Rancher Desktop when the user logs in. (#7337)

Release notes for 1.15.0

Notable Features & Changes

Kubernetes versions before 1.21.0 are no longer supported

If you are on an earlier version, updating to Rancher Desktop 1.15.0 will automatically update you to Kubernetes 1.21.14. If you must continue to use an older version, you should stay on Rancher Desktop 1.14.2.

kuberlr and kubectl are native binaries for macOS on Apple Silicon

Rosetta is no longer needed for Rancher Desktop.

New networking tunnel stack is now the only option on Windows

It is no longer possible to select the legacy networking mode.

On macOS the socket_vmnet has replaced vde_vmnet

It is a complete superset of the old functionality, and the old setting is no longer available.

Important Bug Fixes

Shell profile settings are not accidentally deleted

When Rancher Desktop started either after a fresh install, or after a factory reset, and the computer was without internet access, then there was a race condition that could result in the deletion of shell profiles (.bash_profile, .zshrc, etc) (#7154).

This race condition has been fixed. However, the code has been updated to always keep a backup file around, just in case there is another undiscovered way to trigger a similar bug.

A memory leak on Windows has been fixed that could lead to a frozen system

This issue in the tray menu updater was diagnosed and fixed by @mikeseese (#7238). Thank you for your help!

Port forwarding bug with older Kubernetes versions on Windows has been fixed.

For Kubernetes 1.25 versions older than 1.25.3, 1.24 versions older than 1.24.7, or any version before 1.23.13 the port forwarding to the host was not working (#5341). This has been fixed.

Known Issues

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Deprecations

macOS 11 Big Sur and earlier are no longer officially supported

Apple usually only provides security updates for the last 3 major macOS releases. GitHub removes CI runners once the OS is no longer supported. Due to availability of hardware resources and software dependencies, we may be unable to create new Rancher Desktop releases compatible with older macOS versions in the future.

We will try not to break Rancher Desktop on older macOS versions as long as reasonably possible, but those versions should be considered unsupported.

Updates to Bundled Utilities

• docker 26.1.0 → 27.1.1
• docker-buildx 0.14.1 → 0.16.2
• docker-compose 2.27.1 → 2.29.1
• docker-credential-ecr-login unchanged 0.8.0
• helm 3.15.1 → 3.15.3
• moby/buildkit unchanged 0.12.5
• nerdctl unchanged 1.7.6
• spin: new 2.5.1
• spin-shim: 0.14.1 → 0.15.1
• spinkube: unchanged 0.2.0
• trivy 0.51.4 → 0.53.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.14.2, can be found using GitHub compare and the details of the release can be found in the v1.15.0 milestone.

Rancher Desktop 1.15.0

This is the 1.15.0 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Notable Features & Changes

Kubernetes versions before 1.21.0 are no longer supported

If you are on an earlier version, updating to Rancher Desktop 1.15.0 will automatically update you to Kubernetes 1.21.14. If you must continue to use an older version, you should stay on Rancher Desktop 1.14.2.

kuberlr and kubectl are native binaries for macOS on Apple Silicon

Rosetta is no longer needed for Rancher Desktop.

New networking tunnel stack is now the only option on Windows

It is no longer possible to select the legacy networking mode.

On macOS the socket_vmnet has replaced vde_vmnet

It is a complete superset of the old functionality, and the old setting is no longer available.

Important Bug Fixes

Shell profile settings are not accidentally deleted

When Rancher Desktop started either after a fresh install, or after a factory reset, and the computer was without internet access, then there was a race condition that could result in the deletion of shell profiles (.bash_profile, .zshrc, etc) (#7154).

This race condition has been fixed. However, the code has been updated to always keep a backup file around, just in case there is another undiscovered way to trigger a similar bug.

A memory leak on Windows has been fixed that could lead to a frozen system

This issue in the tray menu updater was diagnosed and fixed by @mikeseese (#7238). Thank you for your help!

Port forwarding bug with older Kubernetes versions on Windows has been fixed.

For Kubernetes 1.25 versions older than 1.25.3, 1.24 versions older than 1.24.7, or any version before 1.23.13 the port forwarding to the host was not working (#5341). This has been fixed.

Known Issues

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Deprecations

macOS 11 Big Sur and earlier are no longer officially supported

Apple usually only provides security updates for the last 3 major macOS releases. GitHub removes CI runners once the OS is no longer supported. Due to availability of hardware resources and software dependencies, we may be unable to create new Rancher Desktop releases compatible with older macOS versions in the future.

We will try not to break Rancher Desktop on older macOS versions as long as reasonably possible, but those versions should be considered unsupported.

Updates to Bundled Utilities

• docker 26.1.0 → 27.1.1
• docker-buildx 0.14.1 → 0.16.2
• docker-compose 2.27.1 → 2.29.1
• docker-credential-ecr-login unchanged 0.8.0
• helm 3.15.1 → 3.15.3
• moby/buildkit unchanged 0.12.5
• nerdctl unchanged 1.7.6
• spin: new 2.5.1
• spin-shim: 0.14.1 → 0.15.1
• spinkube: unchanged 0.2.0
• trivy 0.51.4 → 0.53.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.14.2, can be found using GitHub compare and the details of the release can be found in the v1.15.0 milestone.

Rancher Desktop 1.14.2

This is the 1.14.2 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

What has changed in 1.14.2

This release is mostly identical to 1.14.1 with the single exception being the spin executable for macOS. Since it is being notarized, it had to be signed with the hardened runtime, which broke the functionality of running applications natively (not in a container or on Kubernetes) via spin up. In the 1.14.2 release, the macOS spin binaries are signed with the com.apple.security.cs.allow-unsigned-executable-memory entitlement to allow native code generation.

We are not enabling auto-update for the 1.14.2 release because the percentage of affected users will be very small. You need to manually update if you are on macOS and want to run spin up.

What has changed in 1.14.1

Cluster Explorer would no longer dynamically refresh in 1.14.0 because the web socket connection had been broken. This issue has been fixed (#6968).

There are no other changes in 1.14.1.

Full Changelog: The full version changelog, from v1.14.0, can be found using GitHub compare.

Release Notes for 1.14.0

Notable Features & Changes

Bundles the spin cli (experimental)

Rancher Desktop now includes the spin CLI to support building Wasm images.

The js2wasm and kube plugins, as well as the default templates, are installed the first time the WebAssembly support option has been selected in the Container Engine settings.

The plugins and templates are also installed into any distro for which WSL Integration has been enabled.

Option to install the spinkube operator (experimental)

Rancher Desktop now has an option to install the spinkube operator in the Kubernetes settings to support running Spin applications on Kubernetes. It will install and configure cert-manager and the spin-operator into the cluster. This option requires that WebAssembly support is enabled.

The tunnelling network on Windows supports WSL integration

Containers and Kubernetes services can now be accessed from other WSL distributions, as long as WSL Integration is enabled for them.

The tunnelling network implementation is now complete and has become the default setting in this release (for new installations or after a factory reset). Support for the legacy network is scheduled to be removed in the following release (1.15.0).

The timezone inside the VM now matches the timezone on the host

This means CronJobs in Kubernetes can now be specified using localtime.

Known Issues

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Deprecations

The legacy networking stack on Windows will be removed in 1.15.0

The tunnelling network on Windows has become the default in this release and should be a full superset of the legacy stack capabilities.

We are planning to remove the legacy networking mode in 1.15.0.

vde_vmnet will be removed in 1.15.0

The socket_vmnet daemon provides all the functionality required by Rancher Desktop and is actively maintained while vde_vmnet itself is deprecated.

VZ emulation already uses socket_vmnet unconditionally because it never had support for vde_vmnet.

The option will be removed and socket_vmnet will automatically be used when Administrative Access is enabled.

Kubernetes versions before 1.21.0 will no longer be supported in 1.15.0

Kubernetes only maintains updates for the latest 3 minor releases (so right now only for 1.27.0 and up). Rancher Desktop tries to support a wider range of legacy versions, but sometimes it becomes necessary to remove support for older versions to keep the code maintainable while adding new features.

We intend to remove support for Kubernetes versions before 1.21.0 in Rancher Desktop 1.15.0.

macOS 11 Big Sur and earlier are no longer officially supported

Apple usually only provides security updates for the last 3 major macOS releases. GitHub removes CI runners once the OS is no longer supported. Due to availability of hardware resources and software dependencies, we may be unable to create new Rancher Desktop releases compatible with older macOS versions in the future.

We will try not to break Rancher Desktop on older macOS versions as long as reasonably possible, but those versions should be considered unsupported.

Updates to Bundled Utilities

• docker 25.0.4 → 26.1.0
• docker-buildx 0.13.0 → 0.14.1
• docker-compose 2.24.7 → 2.27.1
• docker-credential-ecr-login 0.7.1 → 0.8.0
• helm 3.14.2 → 3.15.1
• moby/buildkit unchanged 0.12.5
• nerdctl 1.7.3 → 1.7.6
• spin: new 2.5.1
• spin-shim: 0.11.1 → 0.14.1
• spinkube: new 0.2.0
• trivy 0.49.1 → 0.51.4

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.13.1, can be found using GitHub compare and the details of the release can be found in the v1.14.0 milestone.

Rancher Desktop 1.14.1

This is the 1.14.1 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

What has changed in 1.14.1

Cluster Explorer would no longer dynamically refresh in 1.14.0 because the web socket connection had been broken. This issue has been fixed (#6968).

There are no other changes in 1.14.1.

Full Changelog: The full version changelog, from v1.14.0, can be found using GitHub compare.

Release Notes for 1.14.0

Notable Features & Changes

Bundles the spin cli (experimental)

Rancher Desktop now includes the spin CLI to support building Wasm images.

The js2wasm and kube plugins, as well as the default templates, are installed the first time the WebAssembly support option has been selected in the Container Engine settings.

The plugins and templates are also installed into any distro for which WSL Integration has been enabled.

Option to install the spinkube operator (experimental)

Rancher Desktop now has an option to install the spinkube operator in the Kubernetes settings to support running Spin applications on Kubernetes. It will install and configure cert-manager and the spin-operator into the cluster. This option requires that WebAssembly support is enabled.

The tunnelling network on Windows supports WSL integration

Containers and Kubernetes services can now be accessed from other WSL distributions, as long as WSL Integration is enabled for them.

The tunnelling network implementation is now complete and has become the default setting in this release (for new installations or after a factory reset). Support for the legacy network is scheduled to be removed in the following release (1.15.0).

The timezone inside the VM now matches the timezone on the host

This means CronJobs in Kubernetes can now be specified using localtime.

Known Issues

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Deprecations

The legacy networking stack on Windows will be removed in 1.15.0

The tunnelling network on Windows has become the default in this release and should be a full superset of the legacy stack capabilities.

We are planning to remove the legacy networking mode in 1.15.0.

vde_vmnet will be removed in 1.15.0

The socket_vmnet daemon provides all the functionality required by Rancher Desktop and is actively maintained while vde_vmnet itself is deprecated.

VZ emulation already uses socket_vmnet unconditionally because it never had support for vde_vmnet.

The option will be removed and socket_vmnet will automatically be used when Administrative Access is enabled.

Kubernetes versions before 1.21.0 will no longer be supported in 1.15.0

Kubernetes only maintains updates for the latest 3 minor releases (so right now only for 1.27.0 and up). Rancher Desktop tries to support a wider range of legacy versions, but sometimes it becomes necessary to remove support for older versions to keep the code maintainable while adding new features.

We intend to remove support for Kubernetes versions before 1.21.0 in Rancher Desktop 1.15.0.

macOS 11 Big Sur and earlier are no longer officially supported

Apple usually only provides security updates for the last 3 major macOS releases. GitHub removes CI runners once the OS is no longer supported. Due to availability of hardware resources and software dependencies, we may be unable to create new Rancher Desktop releases compatible with older macOS versions in the future.

We will try not to break Rancher Desktop on older macOS versions as long as reasonably possible, but those versions should be considered unsupported.

Updates to Bundled Utilities

• docker 25.0.4 → 26.1.0
• docker-buildx 0.13.0 → 0.14.1
• docker-compose 2.24.7 → 2.27.1
• docker-credential-ecr-login 0.7.1 → 0.8.0
• helm 3.14.2 → 3.15.1
• moby/buildkit unchanged 0.12.5
• nerdctl 1.7.3 → 1.7.6
• spin: new 2.5.1
• spin-shim: 0.11.1 → 0.14.1
• spinkube: new 0.2.0
• trivy 0.49.1 → 0.51.4

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.13.1, can be found using GitHub compare and the details of the release can be found in the v1.14.0 milestone.

Rancher Desktop 1.14.0

This is the 1.14 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Notable Features & Changes

Bundles the spin cli (experimental)

Rancher Desktop now includes the spin CLI to support building Wasm images.

The js2wasm and kube plugins, as well as the default templates, are installed the first time the WebAssembly support option has been selected in the Container Engine settings.

The plugins and templates are also installed into any distro for which WSL Integration has been enabled.

Option to install the spinkube operator (experimental)

Rancher Desktop now has an option to install the spinkube operator in the Kubernetes settings to support running Spin applications on Kubernetes. It will install and configure cert-manager and the spin-operator into the cluster. This option requires that WebAssembly support is enabled.

The tunnelling network on Windows supports WSL integration

Containers and Kubernetes services can now be accessed from other WSL distributions, as long as WSL Integration is enabled for them.

The tunnelling network implementation is now complete and has become the default setting in this release (for new installations or after a factory reset). Support for the legacy network is scheduled to be removed in the following release (1.15.0).

The timezone inside the VM now matches the timezone on the host

This means CronJobs in Kubernetes can now be specified using localtime.

Known Issues

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Deprecations

The legacy networking stack on Windows will be removed in 1.15.0

The tunnelling network on Windows has become the default in this release and should be a full superset of the legacy stack capabilities.

We are planning to remove the legacy networking mode in 1.15.0.

vde_vmnet will be removed in 1.15.0

The socket_vmnet daemon provides all the functionality required by Rancher Desktop and is actively maintained while vde_vmnet itself is deprecated.

VZ emulation already uses socket_vmnet unconditionally because it never had support for vde_vmnet.

The option will be removed and socket_vmnet will automatically be used when Administrative Access is enabled.

Kubernetes versions before 1.21.0 will no longer be supported in 1.15.0

Kubernetes only maintains updates for the latest 3 minor releases (so right now only for 1.27.0 and up). Rancher Desktop tries to support a wider range of legacy versions, but sometimes it becomes necessary to remove support for older versions to keep the code maintainable while adding new features.

We intend to remove support for Kubernetes versions before 1.21.0 in Rancher Desktop 1.15.0.

macOS 11 Big Sur and earlier are no longer officially supported

Apple usually only provides security updates for the last 3 major macOS releases. GitHub removes CI runners once the OS is no longer supported. Due to availability of hardware resources and software dependencies, we may be unable to create new Rancher Desktop releases compatible with older macOS versions in the future.

We will try not to break Rancher Desktop on older macOS versions as long as reasonably possible, but those versions should be considered unsupported.

Updates to Bundled Utilities

• docker 25.0.4 → 26.1.0
• docker-buildx 0.13.0 → 0.14.1
• docker-compose 2.24.7 → 2.27.1
• docker-credential-ecr-login 0.7.1 → 0.8.0
• helm 3.14.2 → 3.15.1
• moby/buildkit unchanged 0.12.5
• nerdctl 1.7.3 → 1.7.6
• spin: new 2.5.1
• spin-shim: 0.11.1 → 0.14.1
• spinkube: new 0.2.0
• trivy 0.49.1 → 0.51.4

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.13.1, can be found using GitHub compare and the details of the release can be found in the v1.14.0 milestone.

Rancher Desktop 1.13.1

This is the 1.13.1 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

What has changed in 1.13.1

• Windows only: The minimum WSL kernel requirement (5.15.0.0 or higher) introduced in the v1.13.0 release is no longer required; as a result, the Rancher Desktop installer no longer automatically upgrades WSL. (#6606, #6624)

Full Changelog: The full version changelog, from v1.13.0, can be found using GitHub compare.

Release Notes for 1.13.0

Notable Features & Changes

WebAssembly/Wasm support (experimental)

Rancher Desktop can now be configured to run WebAssembly applications in addition to Linux containers. It includes the Spin runtime, and additional wasm shims can be installed manually.

WebAssembly is currently supported as a stand-alone container running on the moby engine, or in Kubernetes pods running with containerd.

Turning on Wasm support with the moby engine will change the location where images are stored, so all previously downloaded or built images become inaccessible. You may want to run docker system prune --all to reclaim the space (if you don't plan on disabling Wasm support again).

Wasm support will be locked and disabled if the machine has a locked profile installed that uses schema version 10 or earlier. You will need to use schema version 11 to unlock.

Cluster Dashboard button

Rancher Desktop now displays a "Cluster Dashboard" button in the navigation bar on the left side of the window. This is purely for discovery, as many users have been unaware that this functionality exists; the button performs the same action as the "Cluster Dashboard" menu item in the notification icon context menu.

The button is only displayed when Kubernetes is enabled.

Important Bug Fixes

~/.kube/config in WSL distros (Windows)

Rancher Desktop up to version 1.11 used a symlink from ~/.kube/config inside WSL distributions back to the Windows version of this config file (when WSL integration is enabled).

In Rancher Desktop 1.12, this symlink had to be replaced by a separate config file inside WSL because Kubernetes would use a different IP address when using the tunneling network stack (it runs inside a separate network namespace). This meant that the user had to maintain multiple config files and the kube context inside a distro could be different from the Windows side.

In this 1.13 release, we are running a tunnel to the WSL network namespace; this means Kubernetes is again reachable via 127.0.0.1 from both Windows and the WSL distros. The separate ~/.kube/config files inside the distros will be converted back into a symlink, but only if it contains no other information than the Rancher Desktop cluster itself. If there is additional configuration data, then the user will have to perform the data merging manually if they want to get back to using a symlink as well.

Support for QEMU on M3 machines (macOS)

QEMU for Apple Silicon machines has been updated to version 8.2.1 and now supports the M3 CPU architecture as well.

Support for kind (macOS and Linux only)

This release supports kind on macOS and Linux as long as Kubernetes is either disabled or running Kubernetes 1.20.4 or higher (older Kubernetes versions require cgroups v1, which is incompatible with kind).

Experimental virtiofs mount type could delete $HOME directory data (Linux only)

This serious bug has been fixed.

Note that on Linux this setting requires the Rust implementation of virtiofsd to be installed on the host; otherwise it won't work.

Experimental 9p mount type now works correctly for RPM and DEB installation (Linux only)

It is still not working in the AppImage install.

Known Issues

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Updates to Bundled Utilities

• docker 24.0.7 → 25.0.4
• docker-buildx 0.12.0 → 0.13.0
• docker-compose 2.23.3 → 2.24.7
• docker-credential-helpers 0.8.0 → 0.8.1
• helm 3.13.3 → 3.14.2
• moby/buildkit 0.12.3 → 0.12.5
• nerdctl 1.7.1 → 1.7.3
• trivy 0.48.0 → 0.49.1

Bundled Wasm shims

The spin shim comes from the containerd-wasm-shims release 0.11.1.

• Spin version 2.2.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.12.3, can be found using GitHub compare and the details of the release can be found in the v1.13.0 milestone.

Rancher Desktop 1.13.0

This is the 1.13 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to macOS, Windows, and Linux.

Updated Windows Requirements

This release requires a newer WSL kernel release (5.15.0.0 or higher) than previous releases. You can check the currently installed version with this command:

C:\>wsl uname -r
5.15.133.1-microsoft-standard-WSL2

If necessary, the installer will attempt to upgrade WSL via the Microsoft Store, but if that fails because the user doesn't have permissions, then the installation or upgrade of Rancher Desktop will fail so the user will have to upgrade WSL on their own.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

Notable Features & Changes

WebAssembly/Wasm support (experimental)

Rancher Desktop can now be configured to run WebAssembly applications in addition to Linux containers. It includes the Spin runtime, and additional wasm shims can be installed manually.

WebAssembly is currently supported as a stand-alone container running on the moby engine, or in Kubernetes pods running with containerd.

Turning on Wasm support with the moby engine will change the location where images are stored, so all previously downloaded or built images become inaccessible. You may want to run docker system prune --all to reclaim the space (if you don't plan on disabling Wasm support again).

Wasm support will be locked and disabled if the machine has a locked profile installed that uses schema version 10 or earlier. You will need to use schema version 11 to unlock.

Cluster Dashboard button

Rancher Desktop now displays a "Cluster Dashboard" button in the navigation bar on the left side of the window. This is purely for discovery, as many users have been unaware that this functionality exists; the button performs the same action as the "Cluster Dashboard" menu item in the notification icon context menu.

The button is only displayed when Kubernetes is enabled.

Important Bug Fixes

~/.kube/config in WSL distros (Windows)

Rancher Desktop up to version 1.11 used a symlink from ~/.kube/config inside WSL distributions back to the Windows version of this config file (when WSL integration is enabled).

In Rancher Desktop 1.12, this symlink had to be replaced by a separate config file inside WSL because Kubernetes would use a different IP address when using the tunneling network stack (it runs inside a separate network namespace). This meant that the user had to maintain multiple config files and the kube context inside a distro could be different from the Windows side.

In this 1.13 release, we are running a tunnel to the WSL network namespace; this means Kubernetes is again reachable via 127.0.0.1 from both Windows and the WSL distros. The separate ~/.kube/config files inside the distros will be converted back into a symlink, but only if it contains no other information than the Rancher Desktop cluster itself. If there is additional configuration data, then the user will have to perform the data merging manually if they want to get back to using a symlink as well.

Support for QEMU on M3 machines (macOS)

QEMU for Apple Silicon machines has been updated to version 8.2.1 and now supports the M3 CPU architecture as well.

Support for kind (macOS and Linux only)

This release supports kind on macOS and Linux as long as Kubernetes is either disabled or running Kubernetes 1.20.4 or higher (older Kubernetes versions require cgroups v1, which is incompatible with kind).

Experimental virtiofs mount type could delete $HOME directory data (Linux only)

This serious bug has been fixed.

Note that on Linux this setting requires the Rust implementation of virtiofsd to be installed on the host; otherwise it won't work.

Experimental 9p mount type now works correctly for RPM and DEB installation (Linux only)

It is still not working in the AppImage install.

Known Issues

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

The dashboard does not update automatically when container states have changed or new containers are introduced (#5775).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Updates to Bundled Utilities

• docker 24.0.7 → 25.0.4
• docker-buildx 0.12.0 → 0.13.0
• docker-compose 2.23.3 → 2.24.7
• docker-credential-ecr-login 0.8.0 → 0.8.1
• helm 3.13.3 → 3.14.2
• moby/buildkit 0.12.3 → 0.12.5
• nerdctl 1.7.1 → 1.7.3
• trivy 0.48.0 → 0.49.1

Bundled Wasm shims

The spin shim comes from the containerd-wasm-shims release 0.11.1.

• Spin version 2.2.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.12.3, can be found using GitHub compare and the details of the release can be found in the v1.13.0 milestone.

Rancher Desktop 1.12.3

This is the 1.12.3 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to Mac, Windows, and Linux.

⚠️ Warning ⚠️

Do NOT use the experimental virtiofs mount type (on Linux and macOS). We have experienced catastrophic data loss with this mount option on Linux (the $HOME directory on the host was wiped out), and have seen a single bug report on Lima claiming a similar experience on macOS. We are not aware of a direct incidence with Rancher Desktop on macOS, but Lima is the underlying technology managing the VM and volume mounts.

Due to the catastrophic failure mode we urge everyone to NOT use this option.

We will temporarily remove this setting in the 1.13.0 release until the issue is understood and fixed.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

What has changed in 1.12.3

The 1.12.3 patch release updates runc to version 1.1.12, buildkitd to 0.12.5, and nerdctl to 1.7.3 to fix a number of CVEs:

• CVE-2024-21626 Several container breakouts due to internally leaked fds (high)
• CVE-2024-23650 Possible panic when incorrect parameters sent from frontend (moderate)
• CVE-2024-23651 Possible race condition with accessing subpaths from cache mounts (high)
• CVE-2024-23652 Possible host system access from mount stub cleaner (high)
• CVE-2024-23653 Interactive containers API does not validate entitlements check (high)

All these CVEs can only be exploited if the user is using malicious input in the container build process or is running container images that have already been compromised.

The following CVE is not fixed in this patch release because there is no upstream release for moby 23.* that includes the fix yet:

• CVE-2024-24557 Classic builder cache poisoning (moderate)

Note that Rancher Desktop is only affected by this CVE if the user explicitly opts out of Buildkit to use the legacy/classic builder (sets DOCKER_BUILDKIT=0). It does not apply to the default configuration.

What has changed in 1.12.2

The 1.12.2 patch release fixes a single issue on macOS and Linux where the shell profile (e.g. ~/.bash_profile) could be deleted (#6281). This was due to a race condition, after either a fresh install or a factory-reset, which would display the first-run dialog. When this dialog was closed (accepted) quickly, the file could be overwritten with truncated content.

There are no changes (except for the version number bump) on Windows.

What has changed in 1.12.1

The 1.12.1 patch release fixes a single memory corruption issue on Windows for importing CA certificates (#6308). There are no changes (except for the version number bump) on macOS and Linux.

Release notes for 1.12.0

Notable Features & Changes

Windows WSL Installation

For Windows users that have previously overridden the WSL installation check, please use WSLINSTALLED instead of WSLKERNELINSTALLED.

Windows tunnelling networking mode is no longer experimental

It has feature parity with the legacy networking mode and will become the default setting for new installations (and factory reset) in the 1.13 release. We expect to remove the legacy networking support in 1.14.

macOS builds for aarch64 are now native binaries

The VM code has always been platform-native, but the UI used to require Rosetta because it was still an x86_64 binary. Now everything except for kuberlr and the kubectl versions managed by it are aarch64 binaries. The problem with kuberlr and kubectl is that there are no native binaries available from upstream for older Kubernetes versions.

macOS socket_vmnet networking is no longer experimental

socket_vmnet is a replacement for vde_vmnet, which is deprecated upstream. It was never supported in VZ emulation mode, so Rancher Desktop already uses socket_vmnet in VZ mode when admin access is enabled.

socket_vmnet will become the default for QEMU as well in the 1.13 release; in 1.14, vde_vmnet will be removed.

Deployment Profiles

This release now requires deployment profiles to have an explicit version field (which is 10, as of release 1.11.0).

The version of rdctl that ships with this release will have the version field in any generated deployment files. However, this means that existing files will either need to be regenerated or manually edited in place.

• For Linux, add "version": 10, at the very start of the JSON-formatted deployment file immediately after
  the initial open brace {.

• For macOS, add <key>Version</key><integer>10</integer> after the initial <dict> tag.

• For Windows, add a DWORD value named version with value 10 (hexadecimal a) at the top level of each profile that needs updating.

Important Bug Fixes

Snapshots

Improvements and fixes regarding executing multiple application actions while a snapshot is undergoing a management activity (#5846, #5848, #5849, and #5854).

Known Issues

Apple M3 CPUs

Apple M3 CPUs are not supported (yet) by QEMU. Please use VZ emulation instead (#5943).

Snapshots

There is a known issue with the Snapshot Cancel operation in the UI. It is possible that the operation can no longer be cancelled when the button is pressed. In that case, the operation may succeed but the UI will still claim that it has been cancelled (#6159).

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

There are known issues with the Container Dashboard when using the nerdctl container engine; one is that the "Started" field shows an inaccurate time for containers starting up. The dashboard also has an issue updating when container states have changed or new containers are introduced (#6191, #6189, #5877, and #5775).

Provisioning Scripts - Windows

The location for provisioning scripts on Windows has changed from %AppData%\rancher-desktop\provisioning to %LocalAppData%\rancher-desktop\provisioning. The files are not automatically migrated when Rancher Desktop is updated, so they must be manually moved or copied to the new location.

9p - Linux OS

There is a known issue with some Linux distributions and using the experimental mount type 9p (#4943).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Updates to Bundled Utilities

• helm 3.12.3 → 3.13.3
• docker 24.0.6 → 24.0.7
• docker-buildx 0.11.2 → 0.12.0
• docker-compose 2.22.0 → 2.23.3
• docker-credential-ecr-login 0.7.1 → 0.7.1
• nerdctl 1.6.2 → 1.7.1
• moby/buildkit 0.12.3 → 0.12.4
• trivy 0.46.0 → 0.46.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.12.0, can be found using GitHub compare and the details of the release can be found in the v1.12.0 milestone.

Rancher Desktop 1.12.2

This is the 1.12.2 release of Rancher Desktop, an open source desktop application to bring Kubernetes and container management to Mac, Windows, and Linux.

Installers

• Windows
• macOS x86_64
• macOS aarch64
• Linux install notes

What has changed in 1.12.2

The 1.12.2 patch release fixes a single issue on macOS and Linux where the shell profile (e.g. ~/.bash_profile) could be deleted (#6281). This was due to a race condition, after either a fresh install or a factory-reset, which would display the first-run dialog. When this dialog was closed (accepted) quickly, the file could be overwritten with truncated content.

There are no changes (except for the version number bump) on Windows.

What has changed in 1.12.1

The 1.12.1 patch release fixes a single memory corruption issue on Windows for importing CA certificates (#6308). There are no changes (except for the version number bump) on macOS and Linux.

Release notes for 1.12.0

Below are the release notes for 1.20.0:

Notable Features & Changes

Windows WSL Installation

For Windows users that have previously overridden the WSL installation check, please use WSLINSTALLED instead of WSLKERNELINSTALLED.

Windows tunnelling networking mode is no longer experimental

It has feature parity with the legacy networking mode and will become the default setting for new installations (and factory reset) in the 1.13 release. We expect to remove the legacy networking support in 1.14.

macOS builds for aarch64 are now native binaries

The VM code has always been platform-native, but the UI used to require Rosetta because it was still an x86_64 binary. Now everything except for kuberlr and the kubectl versions managed by it are aarch64 binaries. The problem with kuberlr and kubectl is that there are no native binaries available from upstream for older Kubernetes versions.

macOS socket_vmnet networking is no longer experimental

socket_vmnet is a replacement for vde_vmnet, which is deprecated upstream. It was never supported in VZ emulation mode, so Rancher Desktop already uses socket_vmnet in VZ mode when admin access is enabled.

socket_vmnet will become the default for QEMU as well in the 1.13 release; in 1.14, vde_vmnet will be removed.

Deployment Profiles

This release now requires deployment profiles to have an explicit version field (which is 10, as of release 1.11.0).

The version of rdctl that ships with this release will have the version field in any generated deployment files. However, this means that existing files will either need to be regenerated or manually edited in place.

• For Linux, add "version": 10, at the very start of the JSON-formatted deployment file immediately after
  the initial open brace {.

• For macOS, add <key>Version</key><integer>10</integer> after the initial <dict> tag.

• For Windows, add a DWORD value named version with value 10 (hexadecimal a) at the top level of each profile that needs updating.

Important Bug Fixes

Snapshots

Improvements and fixes regarding executing multiple application actions while a snapshot is undergoing a management activity (#5846, #5848, #5849, and #5854).

Known Issues

Apple M3 CPUs

Apple M3 CPUs are not supported (yet) by QEMU. Please use VZ emulation instead (#5943).

Snapshots

There is a known issue with the Snapshot Cancel operation in the UI. It is possible that the operation can no longer be cancelled when the button is pressed. In that case, the operation may succeed but the UI will still claim that it has been cancelled (#6159).

Windows Networking

There is a known issue with the new network not including all aliased domains (#5239).

Container Dashboard

There are known issues with the Container Dashboard when using the nerdctl container engine; one is that the "Started" field shows an inaccurate time for containers starting up. The dashboard also has an issue updating when container states have changed or new containers are introduced (#6191, #6189, #5877, and #5775).

Provisioning Scripts - Windows

The location for provisioning scripts on Windows has changed from %AppData%\rancher-desktop\provisioning to %LocalAppData%\rancher-desktop\provisioning. The files are not automatically migrated when Rancher Desktop is updated, so they must be manually moved or copied to the new location.

9p - Linux OS

There is a known issue with some Linux distributions and using the experimental mount type 9p (#4943).

Extensions Install - Allowed Images

When using the Allowed Images feature and also specifying extensions in a deployment profile, the extension images must be included in both lists (#4920).

Updates to Bundled Utilities

• helm 3.12.3 → 3.13.3
• docker 24.0.6 → 24.0.7
• docker-buildx 0.11.2 → 0.12.0
• docker-compose 2.22.0 → 2.23.3
• docker-credential-ecr-login 0.7.1 → 0.7.1
• nerdctl 1.6.2 → 1.7.1
• moby/buildkit 0.12.3 → 0.12.4
• trivy 0.46.0 → 0.46.0

Connect with the developers

• The issue queue

• Rancher Users Slack in the #rancher-desktop channel

Changelog

The full version changelog, from v1.12.0, can be found using GitHub compare and the details of the release can be found in the v1.12.0 milestone.