RHSA-2025:2789 - Security Advisory

Topic

Red Hat build of OpenTelemetry 3.5.0 has been released

Description

Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features.
Breaking changes:

• Nothing

Deprecations:

• In the Red Hat build of OpenTelemetry 3.5, the Loki Exporter, which is a temporary Technology Preview feature, is deprecated. The Loki Exporter is planned to be removed in the Red Hat build of OpenTelemetry 3.6. If you currently use the Loki Exporter for the OpenShift Logging 6.1 or later, replace the Loki Exporter with the OTLP HTTP Exporter.

Technology Preview features:

• AWS CloudWatch Exporter
• AWS EMF Exporter
• AWS X-Ray Exporter

Enhancements:

• The following Technology Preview features reach General Availability:
• Host Metrics Receiver
• Kubelet Stats Receiver
• With this update, the OpenTelemetry Collector uses the OTLP HTTP Exporter to push logs to the OpenShift Logging (LokiStack) 6.1 or later.
• With this update, the Operator automatically creates RBAC rules for the Kubernetes Events Receiver (k8sevents), Kubernetes Cluster Receiver (k8scluster), and Kubernetes Objects Receiver (k8sobjects) if the Operator has sufficient permissions.

For more information, see "Creating the required RBAC resources automatically": https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry/configuring-the-collector#otel-creating-required-RBAC-resources-automatically_otel-configuration-of-otel-collector

Bug fixes:

• Before this update, manually created routes for the Collector services were unintentionally removed when the Operator pod was restarted. With this update, restarting the Operator pod does not result in the removal of the manually created routes.

Known issues:

• Nothing

Solution

For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators

Fixes

• https://issues.redhat.com/browse/TRACING-4945
• https://issues.redhat.com/browse/TRACING-3508
• https://issues.redhat.com/browse/TRACING-4526
• https://issues.redhat.com/browse/TRACING-4831
• https://issues.redhat.com/browse/TRACING-4875

CVEs

(none)

References

• https://access.redhat.com/security/cve/CVE-2024-45336
• https://access.redhat.com/security/cve/CVE-2024-56171
• https://access.redhat.com/security/cve/CVE-2025-22866
• https://access.redhat.com/security/cve/CVE-2025-24528
• https://access.redhat.com/security/cve/CVE-2025-24928
• https://access.redhat.com/security/updates/classification/
• https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry