- Issued:
- 2022-11-02
- Updated:
- 2022-11-02
RHBA-2022:6657 - Bug Fix Advisory
Synopsis
OpenShift Compliance Operator bug fix update
Type/Severity
Bug Fix Advisory
Topic
An updated OpenShift Compliance Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator v0.1.57 is now available. See the documentation for bug fix information:
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Fixes
- BZ - 2060726 - Compliance operator does not generate alert notification for non-control namespace
- BZ - 2062530 - CU found ocp4-var-oauth-inactivity-timeout and other compliance-operator variables are having an issue
- BZ - 2075041 - Compliance Check Results FAIL even if the kubelet parameter is correct by default
- BZ - 2082416 - The rule: ocp4-kubelet-configure-event-creation is failing after auto remediation applied
- BZ - 2091794 - Instructions for rule ocp4-configure-network-policies not clear
- BZ - 2092913 - When debug is setting to true, the pod generated by scansettingbinding won?t get deleted when the scansettingbinding get deleted
- BZ - 2098581 - APIRemovedInNextEUSReleaseInUse alert fired for openshift-compliance cronjobs
- BZ - 2102511 - [OSD] mcp puase status stuck at true issue as Compliance Operator failed to check if kubeletconfig custom-kubelet is subset of rendered MC 99-worker-generated-kubelet
- BZ - 2105153 - Rule ocp4-kubelet-enable-client-cert-rotation is not working as expected
- BZ - 2105878 - Rule ocp4-kubelet-enable-streaming-connections not working as expected when variable is set while streamingConnectionIdleTimeout in kubeletconfig unset
- BZ - 2117268 - ocp4-pci-dss-api-checks-pod in CrashLoopBackoff state due to ignition spec.config not in MC
- BZ - 2117747 - Compliance rules are failing after remediated automatically from scan setting successfully
- OCPBUGS-2156 - Compliancesuite could not be deleted successfully for 4.6 and 4.7
- OCPBUGS-1066 - ocp4-oauth-or-oauthclient-inactivity-timeout fail even if all oauthclient have set accessTokenInactivityTimeoutSeconds to 600
- OCPBUGS-1792 - The instructions for rule ocp4-machine-volume-encrypted need to be updated
- OCPBUGS-2331 - CIS scan rules fail to validate newer TLS cipher suites
CVEs
References
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.