RHSA-2025:8274 - Important: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update

Synopsis

Important: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update

Security Advisory Important

Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update.

Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security release.

Security Fix(es):

openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) gitops-1.14
openshift-gitops-1/gitops-operator-bundle: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) gitops-1.14
openshift-gitops-1/argocd-rhel9: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting (XSS) gitops-1.14
openshift-gitops-operator-container: Namespace Isolation Break gitops-1.14
openshift-gitops-dex-container: Unexpected memory consumption during token parsing in golang.org/x/oauth2 gitops-1.14
openshift-gitops-container: Potential denial of service in golang.org/x/crypto gitops-1.14
openshift-gitops-argo-rollouts-container: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS gitops-1.14
openshift-gitops-argocd-container: jwt-go allows excessive memory allocation during header parsing gitops-1.14
openshift-gitops-argocd-rhel9-container: jwt-go allows excessive memory allocation during header parsing gitops-1.14
openshift-gitops-argocd-container: Prototype Pollution in redoc gitops-1.14
openshift-gitops-argocd-rhel9-container: Prototype Pollution in redoc gitops-1.14

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

Product	Version	Arch
Red Hat OpenShift GitOps	1.14	x86_64
Red Hat OpenShift GitOps	1.14	x86_64
Red Hat OpenShift GitOps for IBM Z and LinuxONE	1.14	s390x
Red Hat OpenShift GitOps for IBM Power, little endian	1.14	ppc64le
Red Hat OpenShift GitOps for ARM 64	1.14	aarch64
Red Hat OpenShift GitOps for ARM 64	1.14	aarch64

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.