- Issued:
- 2024-09-30
- Updated:
- 2024-09-30
RHBA-2024:6761 - Bug Fix Advisory
Synopsis
OpenShift Compliance Operator 1.6.0
Type/Severity
Bug Fix Advisory
Topic
OpenShift Compliance Operator 1.6.0 is now available for the Red
Hat OpenShift Enterprise 4 catalog, which includes various bug
fixes and enhancements.
Description
The OpenShift Compliance Operator 1.6.0 is now available. See the
documentation for bug fix information:
Solution
Before applying this update, make sure all previously released
errata relevant to your system have been applied. For details on how
to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Fixes
- CMP-2485 - Conflicting titles for rules `ocp4-route-ip-whitelist` & `ocp4-routes-rate-limit`
- CMP-2610 - Use FIPS compliant rhel-els image for Compliance Operator
- CMP-2614 - Implement update timestamps on ComplianceCheckResults
- CMP-2615 - Add a check aggregate to the compliance scan metadata
- OCPBUGS-17828 - Improve ocp4-cis-scc-limit-container-allowed-capabilities instructions
- OCPBUGS-19690 - Some rules with auto-remediations available get failed after auto-remediation have been applied for rhcos4-high profile
- OCPBUGS-304 - Compliance rule ocp4-resource-requests-limits-in-deployment failing for rhacs-operatro-controller-manager operator.
- OCPBUGS-31674 - After auto remediation applied, some rules still failed for rhcos4-moderate and rhcos4-high profiles
- OCPBUGS-32551 - accessTokenInactivityTimeoutSeconds used in oauthclient-inactivity-timeout is immutable
- OCPBUGS-34982 - The annotations for the deprecated rules should be updated
- OCPBUGS-35765 - bios-enable-execution-restrictions should be excluded for ppc64le
- OCPBUGS-35854 - The rule ocp4-etcd-unique-ca gets fail by default for 4.17 payload
- OCPBUGS-39417 - [CEE.neXT]PrometheusOperatorRejectedResources alert after upgrading compliance operator to 1.5.1
- OCPBUGS-42177 - Rule ocp4-moderate-resource-requests-quota fail if the ResourceQuota exists in all non-control namespaces
- OCPBUGS-42185 - The must-gather image name is too long
- OCPBUGS-42247 - The must-gather image for compliance operator is not working as expected
CVEs
- CVE-2021-43618
- CVE-2021-46848
- CVE-2022-1271
- CVE-2022-36227
- CVE-2022-47629
- CVE-2022-48554
- CVE-2023-2602
- CVE-2023-2603
- CVE-2023-7104
- CVE-2023-29491
- CVE-2024-6119
- CVE-2024-25062
- CVE-2024-28182
- CVE-2024-28834
- CVE-2024-28835
- CVE-2024-34397
- CVE-2024-37370
- CVE-2024-37371
- CVE-2024-45490
- CVE-2024-45491
- CVE-2024-45492
References
(none)
ppc64le
compliance/openshift-compliance-content-rhel8@sha256:df1f298da056fcebaeb91c84bcd1730c65fce6daa9c9cfecccd942031e5b69e1 |
compliance/openshift-compliance-must-gather-rhel8@sha256:4b5fd9ad6ae61942a3716322975aabb73be6bc0c94e02f8203c817e2402f0b35 |
compliance/openshift-compliance-openscap-rhel8@sha256:fa7113ed4149dc331a29e3fb2c8f3597344b7e4d9045b3951c9d12a25036fcee |
compliance/openshift-compliance-rhel8-operator@sha256:f2b0cd745d8e10809d6ce3ab9b95ad244c0879209b0747ea125aeeeebb65c3e1 |
s390x
compliance/openshift-compliance-content-rhel8@sha256:49acd2acd36a60f617ab3292675229c4ffefccd02c93eee1b92010548a153f0a |
compliance/openshift-compliance-must-gather-rhel8@sha256:67d1b42f57bffcc0e84a91441552e2938203b7a11526d8f826c8b0b0e9eaa956 |
compliance/openshift-compliance-openscap-rhel8@sha256:fe60ce744fb5c16e2589c8ad9b5bdb5565339c423f115e714b99793554c776b4 |
compliance/openshift-compliance-rhel8-operator@sha256:ef016343f613b3ee345a0775fc61f9ed8effa1a9a45bb1efbef63b03ae13fcd1 |
x86_64
compliance/openshift-compliance-content-rhel8@sha256:828d38e1ab78aa4ded7d9f60c96eabe2c7ff03fce35f81d5a801cf2af1369121 |
compliance/openshift-compliance-must-gather-rhel8@sha256:7ab8b6e9760dfa023c1756e0d1731a40c37297ee3f36aab239f4016cde8612de |
compliance/openshift-compliance-openscap-rhel8@sha256:8d4e343d623efa0fca9f5d9e1597f65db1ac65dea8fa31f6a9eed9f4d2072bee |
compliance/openshift-compliance-operator-bundle@sha256:8e2ae4ec6fb99d69494763893be9e0a22f85f7fdfcfe09d90df07909c94877be |
compliance/openshift-compliance-rhel8-operator@sha256:cd064df7870daf38c6a284940b72f1a46bf411ba2c590a728d2f5ca6552e74a5 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.