Origin: Getting latest security updates in Docker and Kubernetes

@alikhajeh1 afaik old versions of Origin have problems running with Docker 1.12, but the latest version should work with 1.12 (our CI use that version of Docker atm.). @smarterclayton do we have any release docs/readme that highlights what versions of Docker are compatible with given version of Origin?

All security issues are applied to Origin immediately after they are fixed in Kubernetes and become available in the next release (or in latest master).

@mfojtik @alikhajeh1 the Docker version required for OpenShift is documented in pages like this one on our documentation website.

should we be updating to the latest docker version post-ansible to pickup the latest security fixes?

No, a given version of OpenShift will not always be compatible with newer versions of Docker. Furthermore, if you are installing Docker from yum or dnf on Fedora/CentOS/RHEL the distribution maintainers of the package will make sure security patches get back-ported from newer Docker releases.

Are security updates in Kubernetes, such as https://access.redhat.com/security/cve/cve-2016-7075), applied to Origin in a timely manner?

Yes. CVEs should hit both repositories at the same time, and non-critical fixes will get into Origin as soon as possible. For example, Origin v1.2.2 and v1.3.1 were recently released to apply security patches.

We also back port fixes to Red Hat based docker packages.