RHSA-2025:13241 - Security Advisory

Topic

Logging for Red Hat OpenShift - 6.2.4

Description

Red Hat OpenShift Logging 6.2.4 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs.

Solution

For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ocp-4-18-release-notes For Red Hat OpenShift Logging 6.2, see the following instructions to apply this update:
https://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.2

Fixes

• LOG-7267 - Remap error in output_logging_parse_encoding: join function failed due to non-string array items
• LOG-7280 - [Logging 6.2] Otel dataModel is enabled without the tech-preview annotation on CLF
• LOG-7303 - [release-6.2] loki-gateway does not enforce fine-grained authorization on /series endpoint
• LOG-7304 - cluster-logging.v6.2.2 missing operators.openshift.io/must-gather-image despite CSV defines must-gather image registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256@sha256 delivered in the operator bundle
• LOG-7313 - [release-6.2] Loki log based alerts for application tenant are not filtered by namespace on dev-console
• LOG-7317 - [release-6.2] Cannot create AlertingRule for infrastructure logs without specifying the namespace
• LOG-7387 - [release-6.2]clusterLogForwarder API doesn't indicate that the kafka URL should be tcp or tls
• LOG-7599 - [release-6.2] vector panic due to Timestamp out of range - cherry-pick request for vectordotdev#20780

CVEs

• CVE-2025-22871

References

• https://access.redhat.com/security/updates/classification/