- Issued:
- 2026-04-16
- Updated:
- 2026-04-16
RHSA-2026:8433 - Security Advisory
Synopsis
OpenShift Compliance Operator bug fix and enhancement update
Type/Severity
Security Advisory: Important
Topic
An updated OpenShift Compliance Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator v1.9.0 is now available.
See the documentation for bug fix information:
Solution
Before applying this update, make sure all previously released errata relevant to your
system have been applied. For details on how to apply this update, refer to:
Affected Products
- OpenShift Compliance Operator
Fixes
- CMP-3520 - CIS OpenShift 1.9.0 Benchmark Support
- CMP-3974 - Support for Custom Attributes (via Annotations/Labels) in ComplianceCheckResults
- CMP-3993 - Ability to use rules written in CEL to build out of the box profile content
- CMP-4049 - Port customer-requested RHEL node-level compliance checks to the Compliance Operator
- CMP-4108 - Implement support for CIS OpenShift version 1.9.0
- CMP-4112 - File integrity operator does not work with Compliance operator installed
- CMP-4116 - Platform scans timeout when attempting to disable result storage
- CMP-4117 - TestProfileBundleDefaultIsKept fail consistently in CI
CVEs
amd64
| registry.redhat.io/compliance/openshift-compliance-operator-bundle@sha256:e2cbcab60fad0718e63a8c9bacaca97d205735e968505a56ae1a1c523d5ee2da |
| registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:5050558c5b76a544f8785a8ee6e153aaa1c4649e2ec897a1728d71c360ef9175 |
| registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:b6778248c42c242c05accfbebbda445cb48d85484ea7011744f5b0bb32c56a40 |
| registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:9281889838e4c68f688024b27b4fb5e95b461ae63518533d08d06a5d3b499bed |
| registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:45059c429a74ea709c828dcdcf0eeb481ec0c27ec82fa4c7f6a46214749e6edb |
arm64
| registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:59335016a17f8557d8286926c3e738830683bf5bc8dea298ab0420e85b85d089 |
| registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:25a97ab36e361a6b9cb2a5621241d56b4b420d6a2e50a112fc209b09484abbbb |
| registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:ee47b302b5655b1a64d79ce370033956c14cfacd83b3f589f4eb153cc9201d62 |
| registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:ff3573bf04e5f74c9aa62f96c349cbe3599f7623a05acc1881eb321ee5d93487 |
ppc64le
| registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:a80ae4926abc8df9fb976f47911662aa5db8b4beed60efa37e94b1bc36a152c8 |
| registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:55cf2e5dcae568fe3236363993f3987465b78f5f892c7fabcdec2bde63afb4fb |
| registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:62291ebc31aedc55cda270168146cf272856e1e566f75b0694f14e28adeed72c |
| registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:f3c1bd5157e6791f150dbe211a5ca4a391e9e69ac07748a41bb0b829e645933a |
s390x
| registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:1fa845b0dfc4fd18b28558aae4e9fb69f220649495fb4e1284da0dc43f5cacac |
| registry.redhat.io/compliance/openshift-compliance-must-gather-rhel8@sha256:2621107d4c7b72f2e6de593355711fa63ed8efc637d1ea17ea8ac1ffb796a139 |
| registry.redhat.io/compliance/openshift-compliance-openscap-rhel8@sha256:e0d72f7dfeda202524e67c5b344af6a6ef64712cd4f04e90ac1e0dffc49addf7 |
| registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:b1cd378eba90e9258c1639305a8bd66120220333a3cdf2df5ebfb71d1e9d7539 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
