- Issued:
- 2025-04-15
- Updated:
- 2025-04-15
RHSA-2025:3928 - Important: ACS 4.5 enhancement and security update
Synopsis
Important: ACS 4.5 enhancement and security update
Type/Severity
Security Advisory Important
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS).
Description
This release of RHACS includes the following bug fix:
- Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency.
This release also addresses the following security vulnerabilities:
-
RHSA-2025:2679: libxml2 security update
-
RHSA-2025:1350: libxml2 security update
-
RHSA-2025:1330: openssl security update
-
CVE-2024-57083: Prototype pollution in redoc can allow a DoS attack
-
CVE-2024-21536: Flaw in
http-proxy-middlewarepackage -
CVE-2025-30204: Flaw in the golang-jwt implementation of JSON Web Tokens (JWT)
Solution
If you are using an earlier version of RHACS 4.5, you are advised to upgrade to patch release 4.5.9.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Advanced Cluster Security for Kubernetes | 4 | x86_64 |
| Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE | 4 | s390x |
| Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian | 4 | ppc64le |
Fixes
- This content is not included.BZ - 2319884
- This content is not included.BZ - 2354195
- This content is not included.BZ - 2355865
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html/release_notes/index
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.