RHEA-2025:10678 - Product Enhancement Advisory

Topic

Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes new features and bug fixes.

Description

This release of RHACS includes new features and bug fixes. If you are
using an earlier version of RHACS, you are advised to upgrade to this
release 4.8.0.

New features:

For a list of new features and information about them, see: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#release-notes-48

Bugs fixed:

• Previously, if messages contained non-UTF-8 characters, the Secured Cluster sensor would remain uninitialized and offline. It prevented proper monitoring of affected clusters. With this release, the Sensor now handles non-UTF-8 characters in user-provided data. As a result, the Secured Cluster sensor no longer fails to initialize due to these characters and correctly monitors all clusters.
• Previously, warning messages in sensor pod logs incorrectly indicated that images were Not Pullable because the system attempted to determine pullability even when the image ID was empty. As a consequence, images were skipped from workload CVE scans. RHACS 4.8 correctly scans the images for vulnerabilities.
• Fixed an issue where signing images multiple times with different keys led to failed image signature verification.
• Previously, sometimes RHACS did not correctly initialize the Scanner V4 integration with default indexer and matcher endpoints, which caused scanner pods to fail and prevented images from being scanned. With this update, RHACS correctly initializes the Scanner V4 integration, scans the images, and creates vulnerability reports as expected.
• Previously, creating a security policy with a cluster scope using the cluster’s name would cause the UI to crash upon viewing the policy. It was due to the system’s inability to resolve the cluster name to its corresponding ID correctly. This update enables proper resolution of cluster names to IDs in security policies. As a result, you can now view policies with cluster scope in the UI without encountering errors.
• Previously, the Scanner V4 failed to identify some critical CVEs in Java workloads because an unidentified jar error caused the scanner to skip valid JAR files during the scanning process. As a consequence, RHACS did not detect these vulnerabilities in the scan results. This update eliminates the `unidentified jar" error, enabling the scanner to process JAR files properly. As a result, the Scanner V4 now accurately identifies critical CVEs in Java workloads, providing comprehensive vulnerability scanning.
• Previously, the Cancel button on the delegated scanning page provided no visual feedback if you made no changes, leading to confusion about its functionality. This lack of feedback occurred because the button only reset the form for unpersisted changes. This update introduces an Edit button to initiate editing, making the Save and Cancel buttons visible and enabled only when you make changes.

Solution

If you are using an earlier version of RHACS, you are advised to upgrade to this release 4.8.0.

Affected Products

• Red Hat Advanced Cluster Security for Kubernetes 4 x86_64
• Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
• Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le
• Red Hat Advanced Cluster Security for Kubernetes for ARM 4 aarch64

Fixes

• ROX-30000 - Release RHACS 4.8.0

CVEs

• CVE-2023-40403
• CVE-2024-12718
• CVE-2025-4138
• CVE-2025-4330
• CVE-2025-4435
• CVE-2025-4517
• CVE-2025-4802
• CVE-2025-6020
• CVE-2025-32414

References

• https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#release-notes-48