- Issued:
- 2021-11-10
- Updated:
- 2021-11-10
RHBA-2021:4530 - OpenShift Compliance Operator bug fix and enhancement update
Synopsis
OpenShift Compliance Operator bug fix and enhancement update
Type/Severity
Bug Fix Advisory None
Topic
An updated OpenShift Compliance Operator image that fixes various bugs and adds enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator image update is available with the following changes:
- add error to the result object as comment (#721)
- fix needs-review unpause pool
- Validate that rules in tailored profile are of appropriate type
- TailoredProfiles: Allocate rules map with expected number of items
- Fix error message json representation in CRD
- aggregator: Remove MachineConfig validation
- Add description to TailoredProfile yaml
- Specify fsgroup, user and non-root user usage in resultserver
- Gather /version when doing Platform scans
- Add flag to skip the metrics deployment
- fetch openscap version during build time
- Add instructions and check type to Rule object
- add support for multi line remediation
- Fix value-required handling.
- Use ClusterRole/ClusterRoleBinding for monitoring permissions
- Remove tailorprofile variable selection check
- Disallow empty titles and descriptions for tailored profiles
- Restart profileparser on failures
- Make default scanTolerations more tolerant
- Associate variable with compliance check result
- Enable Creation of TailoredProfiles without extending existing ones
- Don't shadow an import with a variable name
- compliancescan: Fill the
element and the urn:xccdf:fact:identifier for node checks - Add support for remediation templating for operator
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift Container Platform | 4.8 | x86_64 |
| Red Hat OpenShift Container Platform | 4.7 | x86_64 |
| Red Hat OpenShift Container Platform | 4.6 | x86_64 |
Fixes
- This content is not included.BZ - 1969620
- This content is not included.BZ - 1983062
- This content is not included.BZ - 1988259
- This content is not included.BZ - 1999374
- This content is not included.BZ - 2003170
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.