- Issued:
- 2024-10-30
- Updated:
- 2024-10-30
RHBA-2024:8408 - Bug Fix Advisory
Synopsis
Red Hat Quay v3.13.0 bug fix release
Type/Severity
Bug Fix Advisory
Topic
Red Hat Quay 3.13.0 is now available with bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Quay 3.13.0
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Quay Enterprise 3 x86_64
Fixes
- PROJQUAY-2417 - Support for Postgres client-side certs via the Operator
- PROJQUAY-7654 - Allow specifying tag patterns in auto-pruning policies
- PROJQUAY-5681 - Quay 3.9.0 can't get slack notification when package vulnerability found
- PROJQUAY-7244 - Allow refining searches with an organization
- PROJQUAY-7388 - Quay 3.12 new UI display "undefined" on usage logs for operation "enable team sync" and "disable team sync"
- PROJQUAY-7430 - Allow longer passwords in repository mirroring configuration
- PROJQUAY-7599 - Quay V2 API should support delete manifest by tag name
- PROJQUAY-7606 - web-ui has stricter regex than rest-api for validating team-names
- PROJQUAY-7686 - Old vulnerability page shows huge horizontal scrolls
- PROJQUAY-7982 - "Confirm Username" modal loops
- PROJQUAY-7652 - Keyless Authentication between Quay and OCP
- PROJQUAY-7655 - Multiple auto-pruning policies per repository or organization
- PROJQUAY-8068 - Add Clair 4.8.0 to 3.13 release
CVEs
- CVE-2021-43618
- CVE-2023-2953
- CVE-2023-6004
- CVE-2023-6918
- CVE-2023-25193
- CVE-2023-37328
- CVE-2023-37920
- CVE-2024-2398
- CVE-2024-3651
- CVE-2024-4032
- CVE-2024-6232
- CVE-2024-6345
- CVE-2024-6923
- CVE-2024-25062
- CVE-2024-28182
- CVE-2024-28834
- CVE-2024-37370
- CVE-2024-37371
- CVE-2024-37891
- CVE-2024-40897
- CVE-2024-45490
- CVE-2024-45491
- CVE-2024-45492
References
(none)
ppc64le
| quay/clair-rhel8@sha256:d627ccc2202d3d3e7086cf0f9ca5c6c5ecb3242ecaa4438f0e6614086469e3c1 |
| quay/quay-bridge-operator-bundle@sha256:1203461370297c9ace3cc1bb7162c7455ae32deb12f3f3a49b95a1c5d2871fc8 |
| quay/quay-bridge-operator-rhel8@sha256:6df40c419f76c46a2b1b24ed26a1990fa4c3a94fd13572a9817b19805374eee4 |
| quay/quay-builder-qemu-rhcos-rhel8@sha256:64c5c8eb46be6245b9fc08c9ce1f542245f9f0b59bd7c2e694c82555a9c5bfad |
| quay/quay-builder-rhel8@sha256:487340e66c065a0dd4abccbfe53cd640b544e4f114d50083aade5990a951d1cf |
| quay/quay-container-security-operator-bundle@sha256:86c2f00f9d8491fdcf3c28ff554c68c87606d0a881aaa28b1c44a3ef1b5a4dc4 |
| quay/quay-container-security-operator-rhel8@sha256:b435512e681fd94310469d2b4e6dd2550003c17f2f15868ed4621e35dfa1749f |
| quay/quay-operator-bundle@sha256:b4a8eba009691165bb357a3c85adb045aa7efded1b20ace00c12cc3d1e0aa829 |
| quay/quay-operator-rhel8@sha256:58b2a412e949fe352bf1738bbbfde08e1b7b7153546ccf0364a047d9d1c65e1f |
| quay/quay-rhel8@sha256:593688e39ce787f2a28760311f4de28d762ece626715b45694e7847bc867c0df |
s390x
| quay/clair-rhel8@sha256:042d035fb69c792689866a14348c47d3dc12f76516842622dc2dea2e28f78c5f |
| quay/quay-bridge-operator-bundle@sha256:d0f534f3111125c1ae2c3842cc3b87d1c0568b4aeea49fd03a1825191901791f |
| quay/quay-bridge-operator-rhel8@sha256:e0f64fa36fd3800372b760f8ddf5bf1767aef02c7928cefc03104d9de757a073 |
| quay/quay-builder-qemu-rhcos-rhel8@sha256:c1b185d95148fadcb92003069453d333c9177c50029b1a524ce2945deb9cae31 |
| quay/quay-builder-rhel8@sha256:2cea11db76e4320aefb487551dd95aac3a8ea94f38bb19fcc6f4414a71cc3b0f |
| quay/quay-container-security-operator-bundle@sha256:4a919be7292aad1c84294065ccb58c277833335fab0685bb3011d133d788560d |
| quay/quay-container-security-operator-rhel8@sha256:66f389f0a22decfa6d71d77246d2783188aaf57ad4afb2dbf3de3cfbf311539d |
| quay/quay-operator-bundle@sha256:afd9f69fec1df62d4ee88c77dec86abf324d50f6aaaaee47204410a22a0c29ff |
| quay/quay-operator-rhel8@sha256:2cd70cd06ce37d4e9056bfc3bf7b84f6ac7de1707be8c26c84c21a7339e87666 |
| quay/quay-rhel8@sha256:b206157f4068c9eea39917c78a4a8e1d6ad5751d6e78ce6b58908069fb6b7595 |
x86_64
| quay/clair-rhel8@sha256:7f49e791f8aa3082a8730c46d82d3c4ab61d9008218fe22ac5c968817e8450f4 |
| quay/quay-bridge-operator-bundle@sha256:5272b3ff5cbf71ee687df81103d0b53894516f324b760bb9571f96a67887567c |
| quay/quay-bridge-operator-rhel8@sha256:47e50c06fc01e5aa41e39f3121a45af17516181ee9652cd016741c8fef0bfdbd |
| quay/quay-builder-qemu-rhcos-rhel8@sha256:2f5cc92a9071623a2bae83247d56571edfd00fe2a3c0a68642113fc5c48358e1 |
| quay/quay-builder-rhel8@sha256:47cfedfeab4db3aa80b0108326ba33449a9053b3852ebddf7ce6e8974e2dd525 |
| quay/quay-container-security-operator-bundle@sha256:8f6be82f9aa23fcb8549c8ece551c02c5a58ff77e9a43311e987becd7f6bbe84 |
| quay/quay-container-security-operator-rhel8@sha256:45fe05424cef9efb8c91c8f18700bad9dfb44d6776adea9d304cd3f1028d02e7 |
| quay/quay-operator-bundle@sha256:48adfdfec9aa746bb0689cfd5897001c63bba5943f4ba3cb743b43e2c3794904 |
| quay/quay-operator-rhel8@sha256:bb9f31eec9903998bb001aaa26a26923ab9fad8770a90e5c4f34f7fde884d184 |
| quay/quay-rhel8@sha256:4a96a4bdb1bf5ef111e84d4513ecd86e2fd3a79e9df9c9711c545c08f09a6e12 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
