- Issued:
- 2025-06-24
- Updated:
- 2025-06-24
RHSA-2025:9506 - Security Advisory
Synopsis
Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift GitOps v1.16.2 release
Description
An update is now available for Red Hat OpenShift GitOps.
Security Fix(es):
- openshift-gitops-operator-container: Namespace Isolation Break [gitops-1.16](CVE-2024-13484)
Bug Fix(es):
- Gitops operator is not accepting regular expression in sourceNamespaces - Application in non-controlplane namespaces (GITOPS-6675)
- gitops-plugin Pods should comply with the Pod Security restricted policy (GITOPS-6777)
- Missing ArgoCD commit ID in UI (GITOPS-6896)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Fixes
CVEs
amd64
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:66a05dbe2c838e38fd4ba7634f3e2687017dc75acf1226e16c7046697c2ec6a6 |
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:b2d3757f0de603eb0f39f821642b27b915b1317b0d02513cc112d15531d53a1b |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:28a3ed9273aa1cbf66f002dea963f45165f3675e7cced6d0267aafed75256e1c |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:0043c38927694097d753d20ed189a7fbaf331dc3cf631465bb3a5973fdb4844c |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4d4fd5ad560ee73533587642ab7fc2838a400288433b697eee312c81c498658a |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:b33ca45c04bb1fa7e72ad66da8839305e6ed24dedeaa04b64c5bc393bf7af397 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:d5e31695ac2b9a5fcee8f56c41d44884e9464f5cad29d8a8d050a8dbe2b78143 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fcc25f81533e0485dd626ce8ef573caafb5d8944e061ee8541f22aa34e066338 |
| registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:cc14268ddbd89c654124439711249fc888a50de97ddf0e29d9665cd490bb1aeb |
arm64
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:6b46a60526a6ca7b112d6e031b05a68f51b088979eab950d6307a82b93789775 |
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:32af5cafad41025ed016ce016d4b71346c79cc59af9f861ce3e4d6c763b62616 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:98ba4a0e9b1946b09159b591cef4f0afe85b0c5d692892b7b8c7979422bf8cbe |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:e1e028561be60a45b36388c94532e192d7a684087ba0224195e35ab1f209802f |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:1e74ebf5fd6ba3af207f6176550074b2958ff073174f4e0db046ede32403dba5 |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:a1037e89f690785b715fb0e3e16f63761c6aba294a430c78ac91f373f1c8aadb |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:de09ec72794b71919ff9ffd1669b5e53107885bbac4709861a209312a09b946c |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:4c56abf35c11af85501a8c4a2ec30b1f1efd28eee8af6d62e417846a40cde72e |
ppc64le
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:38bb3c35d6b1a6acc1b5b1fac2d3fbb1d7666d541c1aafa67ce72a2582613101 |
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8959ae3709067b7cd6e389a6c70d0d09b890007f7f2cd65b4a2bfc22b4f97a2d |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:bb8d712ae51005be2cca0a98111e5798550226e5b2a34befe7f012417e772a65 |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:b32703b7ffe202a315fe9b583fc84b94ae4a12a7cbcbd90c034e5ca07e3df64b |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:8ff92f79f5120140e0aa9ceb197661fd170ee7c68f99637251731435313ab04a |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:c26c7b47feb5144d686a23da871f5b762f07c08f0207824f91e8b7f171004f6a |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:7e44683bc8b54e91051a627d413ac8ef51ed00080cec577bd5191bc59e50ee87 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:81ea9837bfd653a2e965e7d545afede7d4bee6bf9cc658b7c81aceb6ee097b05 |
s390x
| registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:529cfb5c13b9c5724c69f201639fe31f28b98df411ea0d4c7d2a6dc71d75b710 |
| registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2f6af92a47b24f9f9ac214d5961c8a4cdf3f458ddf5fd9588be5ed9295ad4557 |
| registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:a083c8ad66fe69f7fa59c1002ee8cb477286eb14576bb1b034be4a9b8c13853e |
| registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:bc9bd4c8d18e5c2066aff0ec3e96ab0f540e31130e7e0db40236e2bfdd239ae0 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:6555c3c45e0b61deb7ef6e8100eca1764731316592637fcdbe867bf3636cd78f |
| registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:aed68357134c7b7b832f36d150b89c50bbac05f3f60d4d7faf24a641b9869991 |
| registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:4b388c6a523ef995849010f8f2dea4ea95e3814279f1add58bcd0f855e4586c2 |
| registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:62d0a872cc40558260a4fc4cc55c39b9e0ef6d495f798b8ff0e10161f555a003 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
