RHSA-2024:1433 - Security Advisory

Topic

Migration Toolkit for Applications 7.0.2 release

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Migration Toolkit for Applications 7.0.2 Images

Security Fix(es) from Bugzilla:

• golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Migration Toolkit for Applications 1 x86_64

Fixes

• BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
• MTA-1868 - Missing text below graphs on Reports page
• MTA-1956 - Assessment status is "In progress" instead of "Not started" when the application is associated with an archived questionnaire
• MTA-1964 - [Assessment] Display risk weight for answer choices while answering a questionnaire
• MTA-2043 - [KANTRA][CLI] some errors are found in the generated logs
• MTA-1255 - [UI] Turning off "Use Refresh Tokens" (Keycloak feature) breaks MTA
• MTA-1468 - No tool-tip on hover - UI issue
• MTA-1648 - "Exclude Rules" feature doesn't exclude custom rules after analysis
• MTA-1721 - [Assessment] Exporting a questionnaire includes unnecessary metadata
• MTA-1726 - [Hub] MigrationWave StartDate and EndDate fields are not required and initialized with the same value
• MTA-1785 - Source+Dependency analysis on <JDK11 java application fails compilation
• MTA-1790 - Pagination is shown thrice on migration waves page
• MTA-1845 - "Export to Issue Manager" button should be disabled once the applications are linked to JIRA
• MTA-1872 - Cannot go back and forth with the keyboard arrows within a search box of a filter
• MTA-1880 - [Assessment] Padding on Questionnaire page can be improved
• MTA-1888 - Change request to make the term same "Review" in applications and archetypes page
• MTA-1955 - [Assessment Reports] App count in the Unassessed/Unknown chart doesn't consider apps assessed to have unknown risk
• MTA-1958 - [Application] Missing tooltip for single application Delete button: "Cannot delete application assigned to migration wave."
• MTA-1963 - [Assessment] Add show more/less options for 'Archetypes assessed' and 'Archetypes reviewed' lists on app drawer
• MTA-1965 - Add excludeFor example in questionnaire template
• MTA-1967 - App drawer incorrectly lists assessed archetypes when there are no required questionnaires
• MTA-1972 - Inherited assessment tags should get listed as assessment tags instead of archetype tags on app drawer
• MTA-1973 - App 'Assessment' status shows 'Completed' instead of 'Not started' for inherited assessment after questionnaire is archived
• MTA-2004 - [Custom rules in analysis] Source/target labels are not parsed well when manually uploading yaml file
• MTA-2007 - [Dependencies]Application inventory page shows no applications once Accessed from dependencies
• MTA-2008 - [Dependencies] Doesn't filter and navigate to the affected applications
• MTA-2018 - JBoss EAP8 should be the version selected by default in the list of targets
• MTA-2020 - Remove tackle2-addon container image from operator manifests
• MTA-2041 - [KANTRA] [CLI] the terminal doesn't display the error
• MTA-2046 - [Analyzer]Placeholders in issue description are not being interpolated using jee-example-app-1.0.0.ear
• MTA-2047 - [Analyzer] "Unable to connect" message seen on Single Application issue's Page
• MTA-2056 - [UI] The filters passed as query params are not being removed when the user clicks on "Clear all filters"
• MTA-2064 - [CLI] eap6, 7, 8 appear twice when listing targets
• MTA-2067 - [UI] Sometimes issues contain variable names instead of values
• MTA-2087 - [UI] Typo in column header in affected applications of issues
• MTA-2093 - [Dynamic Reports] Landscape filter is not working
• MTA-2099 - Rules from technology-usage appear as issues
• MTA-2101 - [Analyzer] cdi-to-quarkus-00030 rules affected file is empty
• MTA-2160 - MTA CLI does not work on arm-based machines
• MTA-2201 - MTA CLI doesn't have a version flag
• MTA-2246 - Expected camel4 violations are not generated for camel-cbr example app
• MTA-2260 - [RFE] Increase time for success alerts on all pages
• MTA-2283 - [Archetypes] Application list in the Archetype side drawer doesn't scale well
• MTA-2296 - [Assessment] Take button takes long to get rendered on Assessment actions page
• MTA-2320 - Only associated archetypes should get listed as Assessed archetypes on app side drawer
• MTA-2322 - [UI] Some application filters do not work until the user types something into it
• MTA-2343 - Pages under Migration menu take long to load
• MTA-2346 - [Assessment] discarding associated application assessment with assessed archetype shows application assessment status "Not Started"
• MTA-2351 - [CLI] MTA CLI for Linux doesn't work on arm cpus
• MTA-2354 - App 'Assessment' status shows Completed and Inheritance indicator icon even when not associated with archetypes
• MTA-2359 - Application Tags tab takes long to load
• MTA-467 - Name & Description search filter doesn't work with extra spaces
• MTA-2332 - [CLI] Openrewrite transformation commands get stuck in MacOs

CVEs

• CVE-2022-1962
• CVE-2023-4244
• CVE-2023-5717
• CVE-2023-6135
• CVE-2023-6356
• CVE-2023-6535
• CVE-2023-6536
• CVE-2023-6606
• CVE-2023-6610
• CVE-2023-6817
• CVE-2023-39326
• CVE-2023-45285
• CVE-2023-46218
• CVE-2023-48795
• CVE-2023-51042
• CVE-2023-51385
• CVE-2024-0193
• CVE-2024-0646

References

• https://access.redhat.com/security/updates/classification/#moderate