Patch releases

Since Container Cloud 2.23.2, the release train comprises several patch releases that Mirantis delivers on top of a major release mainly to incorporate security updates as soon as they become available without waiting for the next major release. By significantly reducing the time to provide fixes for Common Vulnerabilities and Exposures (CVE), patch releases protect your clusters from cyber threats and potential data breaches.

As compared to a major Cluster release update, a patch release update does not involve any public API or LCM changes, major version bumps of MKE or other major components, workloads evacuation, or host reboot. A patch cluster update only may require restart of containers running the Container Cloud controllers, MKE, Ceph, and StackLight services to update base images with related libraries and apply CVE fixes to images. The data plane is not affected.

Major and patch versions update path

The primary distinction between major and patch product versions lies in the fact that major release versions introduce new functionalities, whereas patch release versions predominantly offer minor product enhancements, mostly CVE resolutions for your clusters.

Depending on the needs of your deployment, you can either update between only major Cluster releases, or update between the major Cluster releases receiving the patch updates in between.

Select the second option, which includes patch updates, only if you want to receive security fixes as soon as they become available and you are prepared to update your cluster often, approximately once in two weeks. Otherwise, you can update only between major Cluster releases as each subsequent major Cluster release includes patch Cluster release updates of the previous major Cluster release.

The following table lists differences between content delivery in major releases as compared to patch releases:

Content delivery in major and patch releases


Major release

Patch release

Major version upgrade of the major product components including but not limited to Ceph and StackLight 0

Patch version bumps of MKE and Kubernetes 1

Container runtime changes including Mirantis Container Runtime and containerd updates

Host machine changes including host operating system updates and upgrades, kernel updates, and so on

Changes in public API

Changes in the Container Cloud lifecycle management

CVE fixes for images

Fixes for known product issues


Some of StackLight sub-components may be updated for patch releases.


MKE patch version bumps apply since Container Cloud 2.24.3.

Management and regional clusters obtain patch releases automatically the same way as major releases. Managed clusters use the same update delivery method as for the major Cluster release updates. New patch Cluster releases become available through the Container Cloud web UI after automatic upgrade of a management or regional cluster to the latest patch Cluster release.

You may decide to use only major Cluster releases without updating to patch Cluster releases. In this case, you will perform updates from an N to N+1 major release.

Major Cluster releases include all patch updates of the previous major Cluster release. However, Mirantis recommends applying security fixes using patch releases as soon as they become available to avoid security threats and potentially achieve legal compliance.


You can skip a number of patch releases and update to the latest one. Though, if you start receiving the patch releases, you should always apply the latest patch release in the series to be able to update to the following major release.

For example, you can update from the patch Cluster release 11.7.1 to 11.7.4 at once, but you cannot immediately update from the patch Cluster release 11.7.x to the patch Cluster release 14.0.x because you need to update to the major Cluster release 14.0.0 first. And to obtain the major Cluster release 14.0.0, you should update your cluster to the latest patch Cluster release 11.7.4.

If you delay the Container Cloud upgrade and schedule it at a later time as described in Schedule Mirantis Container Cloud upgrades, make sure to schedule a longer maintenance window as the upgrade queue can include several patch releases along with the major release upgrade.

For the update procedure, refer to Operations Guide: Update a patch Cluster release of a managed cluster.

The following table lists the Container Cloud 2.25.x patch release and its supported Cluster releases that are being delivered on top of the Container Cloud major release 2.25.0. Click the required patch release link to learn more about its deliverables.

Container Cloud 2.25.x and supported patch Cluster releases

Patch release

Container Cloud






Release history

Patch release date

Jan 10, 2024

Dec 18, 2023

Dec 05, 2023

Nov 27, 2023

Nov 06, 2023

Patch Cluster releases (managed)

17.0.x +
MOSK 23.3.x
17.0.3 + 23.3.3
17.0.2 + 23.3.2
17.0.1 + 23.3.1

17.0.2 + 23.3.2
17.0.1 + 23.3.1

17.0.1 + 23.3.1






- Cluster release is deprecated and will become unsupported in one of the following Container Cloud releases.