- Issued:
- 2026-05-19
- Updated:
- 2026-06-01
RHSA-2026:19375 - Security Advisory
Synopsis
Red Hat Quay 3.16.4
Type/Severity
Security Advisory: Important
Topic
Red Hat Quay 3.16.4 is now available with bug fixes.
Description
Quay 3.16.4
Solution
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Quay
Fixes
- PROJQUAY-11579 - Quay new UI Login page branding logo is invisible
- PROJQUAY-11578 - Quay 3.16.4 Operator rejects "PULL_METRICS_REDIS" in configBundleSecret when Redis is managed after config-tool migration
- PROJQUAY-11544 - Quay new UI Verify User can't sign in with OIDC provider
- PROJQUAY-11435 - Quay's is_jwt() rejects RFC 9068 access tokens with typ: at+jwt
- PROJQUAY-11334 - config-tool: malformed struct tag on DistributedStorageArgs.Signature breaks storage config serialization
- PROJQUAY-11174 - Quay's is_jwt() rejects RFC 9068 access tokens with typ: at+jwt
- PROJQUAY-10884 - Migrate to PatternFly6
- PROJQUAY-10872 - repositorygcworker fails to delete images with "Population must be a sequence" error.
CVEs
- CVE-2025-61726
- CVE-2025-62718
- CVE-2026-2377
- CVE-2026-25679
- CVE-2026-27137
- CVE-2026-27459
- CVE-2026-27962
- CVE-2026-28802
- CVE-2026-29063
- CVE-2026-29074
- CVE-2026-30922
- CVE-2026-32280
- CVE-2026-32282
- CVE-2026-32286
- CVE-2026-32589
- CVE-2026-32590
- CVE-2026-32597
- CVE-2026-33186
- CVE-2026-33894
- CVE-2026-34986
- CVE-2026-39892
- CVE-2026-40192
- CVE-2026-40895
- CVE-2026-42033
- CVE-2026-42035
- CVE-2026-42039
- CVE-2026-42041
- CVE-2026-42043
- CVE-2026-42044
- CVE-2026-4427
- CVE-2026-4598
- CVE-2026-4599
- CVE-2026-4600
- CVE-2026-4601
- CVE-2026-4602
amd64
| registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee |
| registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006 |
| registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f |
| registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b |
| registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9 |
| registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b |
| registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e |
| registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3 |
| registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03 |
| registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef |
ppc64le
| registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79 |
| registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f |
| registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf |
| registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46 |
| registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2 |
| registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3 |
s390x
| registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1 |
| registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66 |
| registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b |
| registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f |
| registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879 |
| registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9 |
arm64
| registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
