Red Hat Product Errata RHBA-2023:3256 - Bug Fix Advisory
Issued:
2023-08-14
Updated:
2023-08-14

RHBA-2023:3256 - Bug Fix Advisory

Synopsis

Red Hat Quay v3.9.0 minor release

Type/Severity

Bug Fix Advisory

Topic

Red Hat Quay 3.9.0 is now available with bug fixes.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Quay 3.9.0

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Quay Enterprise 3 x86_64

Fixes

  • PROJQUAY-4614 - Add conftest mediatypes to default Quay configuration
  • PROJQUAY-4865 - Remove unused dependencies
  • PROJQUAY-4957 - Limit indexing of manifests that continuously fail
  • PROJQUAY-5009 - secscan: add api client timeout
  • PROJQUAY-5018 - Ignore unknown media types in manifests
  • PROJQUAY-5237 - The number of repositories in organization is incorrect in new UI
  • PROJQUAY-4993 - Support Action Log Forward to Splunk
  • PROJQUAY-4567 - Robot Tokens
  • PROJQUAY-5289 - Create a new username for accounts that login via SSO in the new UI
  • PROJQUAY-5362 - API: Add filtering to Tags API
  • PROJQUAY-5207 - Phase 3: Quay.io Summit Deliverables
  • PROJQUAY-4608 - Quay Operator should install a fully supported version of Postgres for Quay and Clair
  • PROJQUAY-5050 - Can't provide a link to quay directly to an image that works in both old UI and new UI
  • PROJQUAY-5253 - Don't convert dashes to underscores during first login
  • PROJQUAY-4303 - Multi-arch images are ignored in storage consumption calculation
  • PROJQUAY-4304 - Empty repositories are reporting storage consumption
  • PROJQUAY-5634 - oci: Allow optional components in the image config to be set to "null"
  • PROJQUAY-5639 - Quay 3.9.0 delete organization under normal user by superuser was failed with unauthorized error
  • PROJQUAY-5642 - Quay 3.9.0 image High Vulnerability reported by Redhat ACS
  • PROJQUAY-5630 - Quay 3.9.0 Quay image High vulnerability issue CVE-2022-28948

References

x86_64

quay/clair-rhel8@sha256:64d31335c7a029df0f1c117fa7879b0fede6543ac37f53b557e74c1fa339ec5c
quay/quay-bridge-operator-bundle@sha256:ec43099a829d9a03a11cf3f272f08954da3a29772164c4adf0d312af7c2b7b1c
quay/quay-bridge-operator-rhel8@sha256:9d1c8a196853a9eb38e7e00368bda93084418f15f8b196e28172bac9f5322841
quay/quay-builder-qemu-rhcos-rhel8@sha256:13bc34de61a4a1c65a9bfee63ffa6b9121c4f5e26b8da46cda7e643064e828d4
quay/quay-builder-rhel8@sha256:ffd86c3122c3ce2895b39cc4a743c7ede0dadf33ed254eee3757c9d65e5f765c
quay/quay-container-security-operator-bundle@sha256:9a2b49b5fd423cde3055df5c0b4d792fcb09c36b34ce724e60325fbe2984a030
quay/quay-container-security-operator-rhel8@sha256:f591536c8d3ae41f23a85ee207dffd4e79c1708e0d693b304d251da8352cd5e9
quay/quay-operator-bundle@sha256:abd024d8e764dc8ea95d906cc1fbeeebfc978e3d55c80b2253f1ec9425e60add
quay/quay-operator-rhel8@sha256:cf9b809e893d09b7188702d11ba2da5cf467442db0ce4c558750633ab7a5b1fb
quay/quay-rhel8@sha256:bce51fd2cf81cd16d8d5c7104561f44a71741b86e367e37e79ed35c6fa3fe848

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.