Red Hat Container Image Updates

Red Hat recognizes that the advent of containers means the supply chain has standardized, and customers now require tighter interaction and integration between platform teams (RHEL & OpenShift), Middleware teams (JBoss) and developers. Red Hat provides two solutions to fill this need: an automated solution and a traditional, errata-style solution. Tools such as the OpenShift Pipelines make it possible to consume image updates automatically. Red Hat issues errata for container image updates, which supports more traditional (curated) workflows.

Below are the release schedules for Red Hat's most popular images.

Base RHEL and UBI Images

• RHEL and UBI images prioritize delivering CVE & bug fixes quickly. Any time a new RPM contained in the image is released, we rebuild and test all images. UBI container images use only RHEL software packages for their build. We patch and release Critical and Important CVEs affecting RHEL software packages as soon as possible, typically within hours or days.

Update and maintenance lifecycle for applicable components align to the Red Hat Enterprise Linux Life Cycle.

OpenShift Container Platform (distributed in container image format)

• Built every time RHEL base image is updated
• Built every time there is an OpenShift/Atomic Platform CVE fix
• Built every time there is a OpenShift/Atomic Platform release

Update and maintenance lifecycle for applicable components align to the Red Hat OpenShift Container Platform Life Cycle Policy.

Red Hat JBoss Middleware for OpenShift

• Built every time there is a JBoss Middleware Critical CVE fix
• Built every time there is a Critical RHEL/JDK CVE fix

Update and maintenance lifecycle for applicable products align to the JBoss Middleware Product Update and Support Policy.

The complete list of JBoss Middleware OpenShift container images can be found in the Red Hat Middleware for OpenShift product documentation.