Red Hat Container Image Updates

Updated -

Red Hat recognizes that the advent of containers means that the supply chain has standardized and customers now require tighter interaction and integration between platform teams (RHEL), Middleware teams (JBoss, Software Collections) and even end developers. Red Hat provides two solutions to fill this need: an automated solution and a traditional, errata-style solution. Tools such as the OpenShift Build System (OSBS) make it possible to consume image updates automatically. Red Hat issues errata for container image updates, which supports more traditional (curated) workflows.

Container images are updated at a regular cadence. These updates reflect software releases and security updates.

Below are the release schedules for Red Hat's most popular images.

Base RHEL and UBI Images

  • Built every 6 weeks
  • Built when a Critical or Important CVE is released

OpenShift Container Platform (distributed following the docker image format)

  • Built every time RHEL base image is updated
  • Built every time there is an OpenShift/Atomic Platform CVE
  • Built every time there is a OpenShift/Atomic Platform release

Red Hat Software Collections

  • Built every time RHEL base image is updated
  • Built every time there is an Software Collections CVE
  • Built every time there is an Software Collection release

Red Hat JBoss Middleware for OpenShift

  • Built every time there is a JBoss Middleware Critical CVE
  • Built every time there is a Critical RHEL/JDK CVE

Update and maintenance lifecycle for applicable products align to the JBoss Middleware Product Update and Support Policy.

The complete list of JBoss Middleware OpenShift container images can be found in the Red Hat Middleware for OpenShift product documentation.


This does not describe the UBI policy.

Where can I go to see if a CVE was picked up in a UBI? This information is critical to us in IBM. Thanks.

Hi, this information can be found on the Security tag for each image. Example:

Here we see that ubi8:8.1-397 was shipped with and it includes fixes for CVE-2019-13734 and CVE-2019-18408