|
Product
|
Released on
|
Highlights
|
|
.Net 7.0.13
|
1, Nov
|
Containers support OpenShift Container Platform versions that are currently RH supported for RHEL 8.7 and later, and 9.2 and later.
Security fixes:
Denial of Service with Client Certificates using .NET Kestrel Security.
|
|
Serverless 1.30.2
|
2, Nov
|
This release addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on OpenShift Container Platform 4.11 and later versions.
|
|
Pipelines 1.12.2
|
6, Nov
|
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.12.2 is available on OpenShift Container Platform version 4.12 and later.
Fixed issues:
- Earlier, the generated Git secret for the latest pipeline run was deleted when the max-keep-runs parameter was exceeded. Now, the Git secret is no longer deleted on the latest pipeline run.
- With this update, the S2I cluster task uses a General Availability container image.
|
|
Pipelines 1.11.2
|
8, Nov
|
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.11.2 is available on OpenShift Container Platform version 4.12 and later.
Fixed issues:
- Earlier, the tkn pac resolve -f command did not detect the existing secret for authentication with the Git repository. Now, this command successfully detects the secret.
- You can use --v1beta1 flag in the tkn pac resolve command. Use this flag if you want to generate the pipeline run with the v1beta1 API version schema.
- Earlier, the tkn pr logs command failed to display the logs for a pipeline run if this pipeline run referenced a resolver. Now, the command displays the logs.
- SHA digest of the git-init image corresponds to version 1.12.1, which is the current released version of the image.
|
|
GitOps 1.8.6
|
8, Nov
|
Security fixes:
- golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487).
|
|
Dev Spaces 3.9.1
|
9, Nov
|
Bug fixes.
|
|
.Net 7.0.14
|
15, Nov
|
Containers support OCP versions that are currently RH supported for RHEL 8.7 and later, and 9.2 and later.
Security fixes:
- ASP.NET security feature bypass vulnerability in Blazor forms.
- Arbitrary file write and deletion vulnerability.
|
|
ACS 4.3
|
15, Nov
|
Support for Central and Scanner on IBM Power.
|
|
Service Mesh 2.4.5
|
15, Nov
|
Supported on OCP version 4.11 and later.
Bug fixes:
- Denial of service when using HTTP/2 protocol.
- golang: net/http, x/net/http2: rapid stream resets can cause excessive work.
|
|
3scale 2.13.7
|
16, Nov
|
3scale operator actions for CVE-2023-44487 (HTTP/2 Rapid Reset), Apicast operator actions for CVE-2023-44487 (HTTP/2 Rapid Reset) - Apicast Operator 2.13 and Apicast actions for CVE-2023-44487 (HTTP/2 Rapid Reset) for 3scale 2.13.
|
|
3scale 2.12.4
|
16, Nov
|
3scale operator actions for CVE-2023-44487 (HTTP/2 Rapid Reset), Apicast operator actions for CVE-2023-44487 (HTTP/2 Rapid Reset) - ApicastOperator 2.12 and
[MAJOR INCIDENT] Apicast CVE-2023-44487 (HTTP/2 Rapid Reset) for 3scale 2.12.
|
|
.Net 8.0.0
|
20, Nov
|
Containers support OCP versions that are currently RH supported for RHEL 8.9 and later, and 9.3 and later.
New features:
- .NET 8.0 includes built-in support for building container images for .NET projects.
- The base library, GC, and JIT have seen many performance improvements.
ASP.NET Core 8.0 improvements:
- Server-side rendering of Blazor components is now possible.
|
|
GitOps 1.9.3
|
20, Nov
|
Security fixes:
- golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
|
|
Pipelines 1.13.0
|
30, Nov
|
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.13 is available on OpenShift Container Platform version 4.12 and later.
Fixed issues:
- A secret is deleted only when all pipeline runs that use it are deleted.
- When concealing secrets in logs, the process now starts from the longest secret, ensuring that no part of any secret is displayed in the logs.
- If you specify a results spec for a pipeline, the results provided by the pipeline are correctly processed.
- The storage. oci.repository parameter is processed correctly for Tekton Chains.
- The errors are processed and logged on the Tekton Chains controller log.
|
|
|
|
Runtimes
|
|
|
|
JWS Operator 2.0.10
|
2, Nov
|
Updated the JWS Operator image for OpenShift to fix http2 and python CVEs.
|
|
AMQ B 7.10.5 CR1
|
9, Nov
|
Multiarch release of the AMQ Broker 7.10.5 Operator and associated container images on RHEL8 for the OpenShift Container Platform.
|
|
AMQ B 7.11.4
|
9, Nov
|
Multiarch release of the AMQ Broker 7.11.4 Operator and associated container images on RHEL8 for the OpenShift Container Platform.
|
|
RHDG OpenShift 8.4.5
|
13, Nov
|
Updated the RHDG Operator and associated container images OpenShift to fix http2 and python CVEs.
|
|
RHBK 22.0.5 GA
|
15, Nov
|
New release for Red Hat build of Keycloak 22.0.5 on Openshift Container Platform 4.12, 4.13, 4.14.
|
|
RHSSO 7.6.6
|
24, Nov
|
A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
|