RHEA-2025:19729 - Product Enhancement Advisory

Topic

Red Hat 3scale API Management 2.16.0 Release - Container Images

Description

Release of 3scale API Management components provides these changes:

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.14/html-single/installing_3scale/index

Affected Products

• Red Hat 3scale API Management Platform 2 for RHEL 8 x86_64
• Red Hat 3scale API Management Platform 2 for RHEL 8 s390x
• Red Hat 3scale API Management Platform 2 for RHEL 8 ppc64le
• Red Hat 3scale API Management Platform 2 for RHEL 7 x86_64
• Red Hat 3scale API Management Platform 2 for RHEL 7 s390x
• Red Hat 3scale API Management Platform 2 for RHEL 7 ppc64le

Fixes

• THREESCALE-11020 - Add a way for the user to provide Redis TLS certs and keys for porta and backend
• THREESCALE-11021 - Add a way for the client to provide redis ACL credentials to system and backend
• THREESCALE-11457 - system-searchd pod crashing on s390x
• THREESCALE-8404 - TLS and ACL support for Redis connection
• THREESCALE-10018 - ActiveDocs shows Error when a response body is CSV and starts from double quote
• THREESCALE-10180 - Upgrade to sidekiq 7
• THREESCALE-10233 - Support OAS 3.1 in System Active Docs
• THREESCALE-10588 - CMS should not be marked as TP
• THREESCALE-10761 - Problem with special chars in application_id in utilization
• THREESCALE-10763 - Application description can not be {NUMBER}_
• THREESCALE-10843 - Add more detailed session and account activity to Audit Logs
• THREESCALE-10880 - Upgrade porta to Rails 6.1
• THREESCALE-10924 - keep only a single set of porta configuration files
• THREESCALE-11076 - Sidekiq: Extract the `:ssl` param from the Redis URL
• THREESCALE-11090 - No description in [Product_applications_listing]
• THREESCALE-11179 - Account Settings > Users > SSO Integrations (Empty view)
• THREESCALE-11198 - Upgrade to sidekiq 7.3
• THREESCALE-11205 - Accept sentinels credentials in the redis URI
• THREESCALE-11214 - Provider creation via API sometimes fails because of tenant ID check
• THREESCALE-11276 - Disapearing item from the accounts new field definition dropdown menu
• THREESCALE-11378 - Incorrect message in Access Code input form
• THREESCALE-11494 - Prepare 3scale-operator master branch for 2.16
• THREESCALE-11499 - 3scale accounts listing can't filter by state
• THREESCALE-11536 - Backend: Get rid of `rspec_api_documentation` gem
• THREESCALE-2689 - Add the ability to create or update a Service Subscription using the 3scale API
• THREESCALE-7340 - Upgrade to webpack@5
• THREESCALE-7955 - User model extra fields not updating via admin portal form
• THREESCALE-8038 - System-app postgreSQL libraries does not support scram-sha-256 for passwords
• THREESCALE-8102 - Make route creation in zync optional.
• THREESCALE-8271 - 3scale is not capable to have 2 different Applications with the same clientID, even in different RH-SSO Realms: it doesn't store the secrets accordingly
• THREESCALE-8319 - The 3scale API endpoint /admin/api/settings.json doesn't update account_approval_required field
• THREESCALE-8735 - Client secret in clear text in the API Manager UI (RH SSO Integration)
• THREESCALE-8770 - Invoice line items with negative cost can't be created from the UI
• THREESCALE-9033 - Some special characters in Application Keys are not supported
• THREESCALE-9169 - Upgrade porta to ruby 3.1
• THREESCALE-9596 - Update Sidekiq
• THREESCALE-9682 - Backend Opentelemetry instrumentation
• THREESCALE-9780 - ActiveDocs table
• THREESCALE-9784 - PF4 table toolbar
• THREESCALE-9896 - Implement EmptyState
• THREESCALE-10156 - Make ssl_verify_client directive configurable
• THREESCALE-10894 - Multiple filter service warnings are logged when APICAST_SERVICES_LIST is used.
• THREESCALE-11015 - Introspection Policy does not work when `fapi-1-baseline` client policy is enabled in RHKB
• THREESCALE-11036 - Investigate path routing + TLS termination policy
• THREESCALE-11194 - APIcast using stale configuration for a deleted Product
• THREESCALE-6454 - APIcast connections should be drained gracefully on pod deletion
• THREESCALE-8149 - Enable to configure the Upstream Connection timeouts globally
• THREESCALE-9301 - fix dns cache miss
• THREESCALE-9320 - Conditional policy evaluating incorrectly: second policy in policy chain always triggers
• THREESCALE-10601 - Bump OpenResty from 1.19 to 1.21
• THREESCALE-11770 - Incorrect 3scale version in UI 2.16.0RC1
• THREESCALE-11771 - Apicast pods failing on ppc64l
• THREESCALE-11796 - Options in FAPI policy cannot be set.
• THREESCALE-11757 - fix local dev make cluster/create/system-mysql
• THREESCALE-11850 - Preflight check fails on redis-sentinel
• THREESCALE-11868 - Remove mysql and redis image reference from csv and build
• THREESCALE-11805 - system-app-pre/post hook always trigger
• THREESCALE-11951 - operator reverts payment customatization suggested by documentation
• THREESCALE-12002 - PSQL15 cause error system pre hook failed on FIPS enabled cluster
• THREESCALE-11554 - 3scale operator fails to reconcile a Product CR when a backend reference is removed from usages and application plan limit is removed too
• THREESCALE-11897 - Add support for PostgreSQL 15
• THREESCALE-11619 - Support PostgreSQL 15 in System and Zync
• THREESCALE-11610 - Apicast policies fail to validate
• THREESCALE-12040 - Block 2.16 upgrade if 3scale is run with oracle DB

CVEs

• CVE-2025-6395
• CVE-2025-32988
• CVE-2025-32989
• CVE-2025-32990

References

(none)