Issued:: 2025-04-04
Updated:: 2025-04-04

RHSA-2025:3607 - Red Hat OpenShift distributed tracing platform Tempo - 3.5.1 release

Synopsis

Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 release

Type/Severity

Security Advisory Important

Topic

Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 has been released

Description

Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features. The Red Hat OpenShift distributed tracing (Tempo) 3.5.1 is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] release 2.7.1.

Breaking changes:

With this update, for a user to create or modify a TempoStack or TempoMonolithic CR with enabled multi-tenancy, the user must have permissions to create a TokenReview and SubjectAccessReview.

Deprecations:

Nothing

Technology Preview features:

Nothing

Enhancements:

Nothing

Bug fixes:

Known issues:

Currently, when the OpenShift tenancy mode is enabled, the ServiceAccount of the gateway component of a TempoStack or TempoMonolithic instance requires the TokenReview and SubjectAccessReview permissions for authorization. Workaround: deploy the instance in a dedicated namespace, and carefully audit which users have permission to read the Secrets in this namespace.

Solution

For details on how to apply this update, refer to: https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators

Affected Products

Product	Version	Arch
Red Hat OpenShift distributed tracing	3.5.1	x86_64

Fixes

(none)

CVEs

(none)

References

https://access.redhat.com/security/cve/CVE-2025-2786

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.