- Issued:
- 2026-06-17
- Updated:
- 2026-06-17
RHSA-2026:26571 - Security Advisory
Synopsis
OpenShift Compliance Operator bug fix and enhancement update
Type/Severity
Security Advisory: Important
Topic
An updated OpenShift Compliance Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator v1.9.1 is now available.
See the documentation for bug fix information:
Solution
Before applying this update, make sure all previously released errata relevant to your
system have been applied. For details on how to apply this update, refer to:
Affected Products
- OpenShift Compliance Operator
Fixes
- CMP-4283 - TailoredProfiles unable to adopt default rules that are not within profile they're extending
- CMP-4313 - Change default ImagePullPolicy from Always to ifNotPresent
- CMP-4324 - ProfileBundle parser status race makes TestParsingErrorRestartsParserInitContainer flake (~67%)
- CMP-4333 - STIG reference annotations missing from Rule CRs after ComplianceAsCode PR #13793 changed URLs from public.cyber.mil to www.cyber.mil
- CMP-4346 - Bump Go to 1.25.9 and dependencies to address compliance-operator-bundle CVEs
- CMP-4349 - NERC-CIP references not parsed from updated CaC content URL
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.