- Issued:
- 2024-06-24
- Updated:
- 2024-06-24
RHBA-2024:4055 - Bug Fix Advisory
Synopsis
Cost Management security fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Downstream release of the koku-metrics-operator version 3.3.0.
Description
Downstream release (3.3.0) of the koku-metrics-operator. See release notes for
features delivered as part of this release. Release notes can be found at:
https://github.com/project-koku/koku-metrics-operator/releases/tag/v3.3.0-downstream
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Cost Management 1 x86_64
Fixes
- COST-1665 - Operator: Include Node in Storage Reports (Enhancement)
- COST-4737 - CVE-2023-45290 costmanagement-metrics-operator-container: golang: net/http: memory exhaustion in Request.ParseMultipartForm [cost-management]
- COST-4738 - CVE-2024-24783 costmanagement-metrics-operator-container: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm [cost-management]
- COST-4739 - CVE-2024-24785 costmanagement-metrics-operator-container: golang: html/template: errors returned from MarshalJSON methods may break template escaping [cost-management]
- COST-4866 - Operator: Start collecting csi_volume_handle metric
- COST-4916 - Cost Management Operator 3.3.0
- COST-5027 - Opt-In per Namespace ROS OCP recommendations
- COST-5032 - Operator: Switch to kube_persistentvolume_capacity_bytes metric for PV capacity
References
(none)
aarch64
costmanagement/costmanagement-metrics-rhel8-operator@sha256:7f5b652f9237863447ed5e2c518e403da502f7b20dc45d2bded898644e180a47 |
ppc64le
costmanagement/costmanagement-metrics-rhel8-operator@sha256:029346801b24caf501f98c8870d5271221aa18d648710057609987e43c9f42f8 |
s390x
costmanagement/costmanagement-metrics-rhel8-operator@sha256:e967ed84fc28ac74677bf71bb27cbd51f07fe8ff20fed6961ae37bc6a8ebdd69 |
x86_64
costmanagement/costmanagement-metrics-operator-bundle@sha256:226634a6f640c8095b8c61055d8c9bb4c81dc50d1cf413267b23caa488982f1b |
costmanagement/costmanagement-metrics-rhel8-operator@sha256:55668a141ede02230fef3526f6c94b7b18ae671b2489259abfa50fa99d906503 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.