Patch releases


Patch releases are currently not supported for attached MKE clusters, which were not originally deployed by Container Cloud.

Since Container Cloud 2.23.2, the release train comprises several patch releases that Mirantis delivers on top of a major release to incorporate security updates as soon as they become available without waiting for the next major release. By significantly reducing the time for providing CVE fixes, patch releases protect your clusters from cyber threats and potential data breaches.

As compared to a major Cluster release update, a patch release update does not involve any public API or LCM changes, MKE or other major component version bumps, workloads evacuation, or host reboot. A patch cluster update only requires restart of containers running the Container Cloud controllers, Ceph, and StackLight services to update base images with related libraries and apply CVE fixes of critical and high severity. The data plane is not affected.

The following table lists differences between content delivery in major releases as compared to patch releases:

Content delivery in major and patch releases


Major release

Patch release

Version update and upgrade of the major product components including but not limited to Kubernetes, Ceph, and StackLight 0.

Container runtime changes including Mirantis Container Runtime and containerd updates

Host machine changes including host operations system updates and upgrades, kernel updates, and so on

Changes in public API

Changes in the Container Cloud lifecycle management

Common Vulnerabilities and Exposures (CVE) fixes

Fixes for known product issues


Some of StackLight sub-components may be updated for patch releases.

Management and regional clusters obtain patch releases automatically the same way as major releases. Managed clusters use the same update delivery method as for the major Cluster release updates. New patch Cluster releases become available through the Container Cloud web UI after automatic upgrade of a management or regional cluster to the latest patch Cluster release.

You may decide to use only major Cluster releases without updating to patch Cluster releases. In this case, you will perform updates from an N to N+1 major release.

Major Cluster releases include all patch updates of the previous major Cluster release. However, Mirantis recommends applying security fixes using patch releases as soon as they become available to avoid security threats and potentially achieve legal compliance.


You can skip a number of patch releases and update to the latest one. Though, if you start receiving the patch releases, you should always apply the latest patch release in the series to be able to update to the following major release.

For example, you can update from the patch Cluster release 11.7.1 to 11.7.4 at once, but you cannot immediately update from the patch Cluster release 11.7.x to the patch Cluster release 14.0.x because you need to update to the major Cluster release 14.0.0 first. And to obtain the major Cluster release 14.0.0, you should update your cluster to the latest patch Cluster release 11.7.4.

If you delay the Container Cloud upgrade and schedule it at a later time as described in Schedule Mirantis Container Cloud upgrades, make sure to schedule a longer maintenance window as the upgrade queue can include several patch releases along with the major release upgrade.

For the update procedure, refer to Operations Guide: Update a patch Cluster release of a managed cluster.

The following table lists current patch Container Cloud and Cluster releases that are being delivered on top of the latest Container Cloud major release. Release notes for patch releases contain lists of updated artifacts and CVE fixes.

Container Cloud 2.23.x and supported patch Cluster releases

Patch release

Container Cloud






Release history

Patch release date

May 22, 2023

May 04, 2023

Apr 20, 2023

Apr 04, 2023

Mar 07, 2023

Patch Cluster releases (managed)

12.7.x +
MOSK 23.1.x
12.7.2 + 23.1.2
12.7.1 + 23.1.1

12.7.1 + 23.1.1




- Cluster release is deprecated and will become unsupported in one of the following Container Cloud releases.