RabbitMQ removal due to security vulnerabilities

Solution In Progress - Updated -

Issue

  • We have been informed that the current version of RabbitMQ is too vulnerable so we need to remove it. Will attach the spreadsheet from our security team telling us to remove it. What would be the proper steps to removing RabbitMQ off the stack?

  • Here is the vulnerability report:

overcloud-controler-1   Red Hat Enterprise Linux Server 7.7 Cloud Agent 7-2-2019 8:50:59 AM 4-22-2020 5:19:02 PM    Intranet    Linux_Server    UNIX/Cisco Login    N/A 105868          5   Critical        EOL/Obsolete Software : Pivotal RabbitMQ Server 3.6.x Detected  RabbitMQ is an open source multi-protocol messaging broker.   According to RabbitMQ Release Series Document support for RabbitMQ Server 3.6.x ended on 31st May 2018 and will not be getting regular patches.   QID Detection Logic: (authenticated) Operating System: Linux The qid checks the installed package list to check if RabbitMQ Server is installed or not.       Update to the latest version of RabbitMQ Server.          e365232 (Mar 13 2020 9:47AM): ATTENTION: Vendor support for this product has officially ended. Per Company Policy, employees and contractors are expected to discontinue use of this software, removing it from their asset. Continued use of this product MUST be approved by Cyber Risk exception.        2-24-2020 11:35:44 AM   2-25-2020 9:56:45 PM    4-22-2020 12:37:53 PM   57  rabbitmq-server-3.6.15-6.el7ost.noarch  Other/Other     NoMatch

Environment

  • Red Hat OpenStack Platform 13.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In