- Issued:
- 2025-12-15
- Updated:
- 2025-12-16
RHSA-2025:23207 - Important: Red Hat OpenShift GitOps v1.16.5 security update
Synopsis
Important: Red Hat OpenShift GitOps v1.16.5 security update
Type/Severity
Security Advisory Important
Topic
Important: Red Hat OpenShift GitOps v1.16.5 security update
Description
An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s):
- GITOPS-8116 (CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html [gitops-1.17])
- GITOPS-8019 (CVE-2025-49844 - Vulnerability with Redis)
- GITOPS-8142 (CVE-2024-45337 reported by RHACS for OpenShift GitOps Operator v1.18.1 (ArgoCD-based) due to outdated git-lfs binary, dependency update required to remove false positive.)
Post-Upgrade Action Required: Audit GitOps Operator Roles
Following this upgrade, we strongly recommend you run the provided audit script to review namespace-scoped access.
- The script identifies Roles/RoleBindings that grant cross-namespace access for the GitOps operator's features (created via .spec.sourceNamespaces).
- Run it to verify and confirm that only the intended namespaces have cross-namespace access to deploy applications.
For more details, refer to :
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift GitOps | 1.16 | x86_64 |
Fixes
(none)
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.