RHBA-2021:0435 - Bug Fix Advisory

Topic

The compliance-operator image update is now available for OpenShift Container Platform 4.7.

This update fixes bugs in the compliance-operator and compliance-openscap containers, and includes an update to the CIS profile content. Some compliance profiles that were not usable yet (e.g. the NCP profile) were removed.

Description

The compliance-operator image update is now available for OpenShift
Container Platform 4.7.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64

Fixes

• BZ - 1898819 - Aggregator pod tries to parse ConfigMaps without results
• BZ - 1901760 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object
• BZ - 1902249 - The compliancesuite object returns error with ocp4-cis tailored profile
• BZ - 1905008 - [OCP v47] The Compliance-Operator brew Bundle image does not available for OCP4.7
• BZ - 1907410 - [OCP v47] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object
• BZ - 1908990 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator
• BZ - 1909120 - [OCP v47] Always update the default profilebundles on Compliance operator startup
• BZ - 1910462 - After remediation applied, the compliancecheckresults still reports Failed status for some rules
• BZ - 1919098 - [OCP v47] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present

CVEs

• CVE-2020-1971
• CVE-2020-24659

References

(none)