**File not scanned for virus due to size.**$$$$$$Release Notes for 1.22.3$$$Rancher Desktop 1.22.3 is a security-focused patch release. We strongly recommend upgrading.$$$$$$Security Fixes$$$Important$$$$$$macOS and Linux: additional steps required after upgrading.$$$A bug in the ISO version comparison means an in-place upgrade from any earlier 1.22.x release will keep booting the previous kernel; leaving the modules listed below in place. Choose one of these to apply the container-escape mitigation:$$$$$$Manual kernel upgrade (preserves your data): follow the steps in #10288.$$$Factory reset: run Troubleshooting ? Factory Reset after upgrading. This removes all containers; images; and Kubernetes state — back up anything you need to keep first.$$$Windows is not affected: the mitigation ships in the application binary and applies on the next start.$$$$$$Container escape mitigation (CVE-2026-31431; CVE-2026-43284; CVE-2026-43500)$$$Three recent Linux kernel exploits — copy.fail (CVE-2026-31431) and the two dirtyfrag variants (CVE-2026-43284; CVE-2026-43500) — let unprivileged processes gain a page-cache write primitive and tamper with files outside their normal reach. Inside Rancher Desktop; that means an attacker with code execution in any container could escape that scope and modify the rest of the VM.$$$$$$Each exploit needs a specific Linux kernel module loaded. Rancher Desktop now removes those modules; so the exploits have nothing to hook into.

**File not scanned for virus due to size.**$$$$$$Release Notes for 1.22.0$$$Whats New$$$Select moby storage driver$$$Version 1.21.0 switched to the containerd-snapshotter storage driver by default. On Windows; this happened unconditionally (even on upgrades); which made existing images inaccessible.$$$$$$Users can now choose between the classic and containerd-snapshotter storage drivers via rdctl:$$$$$$rdctl set --container-engine.moby-storage-driver classic$$$rdctl set --container-engine.moby-storage-driver snapshotter$$$Rancher Desktop automatically selects the driver based on where your existing images are stored. See Migrating Images for instructions on moving images between storage drivers. Windows users affected by the 1.21.0 issue can switch back to the classic driver to regain access to their images. (#9732)

**File not scanned for virus due to size.**$$$$$$Release Notes for 1.22.0$$$Whats New$$$Select moby storage driver$$$Version 1.21.0 switched to the containerd-snapshotter storage driver by default. On Windows; this happened unconditionally (even on upgrades); which made existing images inaccessible.$$$$$$Users can now choose between the classic and containerd-snapshotter storage drivers via rdctl:$$$$$$rdctl set --container-engine.moby-storage-driver classic$$$rdctl set --container-engine.moby-storage-driver snapshotter$$$Rancher Desktop automatically selects the driver based on where your existing images are stored. See Migrating Images for instructions on moving images between storage drivers. Windows users affected by the 1.21.0 issue can switch back to the classic driver to regain access to their images. (#9732)

**File not scanned for virus due to size.**$$$$$$Release Notes for 1.22.0$$$Whats New$$$Select moby storage driver$$$Version 1.21.0 switched to the containerd-snapshotter storage driver by default. On Windows; this happened unconditionally (even on upgrades); which made existing images inaccessible.$$$$$$Users can now choose between the classic and containerd-snapshotter storage drivers via rdctl:$$$$$$rdctl set --container-engine.moby-storage-driver classic$$$rdctl set --container-engine.moby-storage-driver snapshotter$$$Rancher Desktop automatically selects the driver based on where your existing images are stored. See Migrating Images for instructions on moving images between storage drivers. Windows users affected by the 1.21.0 issue can switch back to the classic driver to regain access to their images. (#9732)