RHBA-2024:4055 - Bug Fix Advisory

Topic

Downstream release of the koku-metrics-operator version 3.3.0.

Description

Downstream release (3.3.0) of the koku-metrics-operator. See release notes for
features delivered as part of this release. Release notes can be found at:
https://github.com/project-koku/koku-metrics-operator/releases/tag/v3.3.0-downstream

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Cost Management 1 x86_64

Fixes

• COST-1665 - Operator: Include Node in Storage Reports (Enhancement)
• COST-4737 - CVE-2023-45290 costmanagement-metrics-operator-container: golang: net/http: memory exhaustion in Request.ParseMultipartForm [cost-management]
• COST-4738 - CVE-2024-24783 costmanagement-metrics-operator-container: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm [cost-management]
• COST-4739 - CVE-2024-24785 costmanagement-metrics-operator-container: golang: html/template: errors returned from MarshalJSON methods may break template escaping [cost-management]
• COST-4866 - Operator: Start collecting csi_volume_handle metric
• COST-4916 - Cost Management Operator 3.3.0
• COST-5027 - Opt-In per Namespace ROS OCP recommendations
• COST-5032 - Operator: Switch to kube_persistentvolume_capacity_bytes metric for PV capacity

CVEs

• CVE-2024-33599
• CVE-2024-33600
• CVE-2024-33601
• CVE-2024-33602

References

(none)