RabbitMQ removal due to security vulnerabilities
Issue
-
We have been informed that the current version of RabbitMQ is too vulnerable so we need to remove it. Will attach the spreadsheet from our security team telling us to remove it. What would be the proper steps to removing RabbitMQ off the stack?
-
Here is the vulnerability report:
overcloud-controler-1 Red Hat Enterprise Linux Server 7.7 Cloud Agent 7-2-2019 8:50:59 AM 4-22-2020 5:19:02 PM Intranet Linux_Server UNIX/Cisco Login N/A 105868 5 Critical EOL/Obsolete Software : Pivotal RabbitMQ Server 3.6.x Detected RabbitMQ is an open source multi-protocol messaging broker. According to RabbitMQ Release Series Document support for RabbitMQ Server 3.6.x ended on 31st May 2018 and will not be getting regular patches. QID Detection Logic: (authenticated) Operating System: Linux The qid checks the installed package list to check if RabbitMQ Server is installed or not. Update to the latest version of RabbitMQ Server. e365232 (Mar 13 2020 9:47AM): ATTENTION: Vendor support for this product has officially ended. Per Company Policy, employees and contractors are expected to discontinue use of this software, removing it from their asset. Continued use of this product MUST be approved by Cyber Risk exception. 2-24-2020 11:35:44 AM 2-25-2020 9:56:45 PM 4-22-2020 12:37:53 PM 57 rabbitmq-server-3.6.15-6.el7ost.noarch Other/Other NoMatch
Environment
- Red Hat OpenStack Platform 13.0 (RHOSP)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.