- Issued:
- 2026-01-22
- Updated:
- 2026-01-23
RHSA-2026:1018 - Important: Red Hat OpenShift GitOps v1.17.4 security update
Synopsis
Important: Red Hat OpenShift GitOps v1.17.4 security update
Type/Severity
Security Advisory Important
Topic
Important: Red Hat OpenShift GitOps v1.17.4 security update
Description
An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s):
- GITOPS-8231 (CVE-2025-47913 openshift-gitops-1/argocd-agent-rhel8: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.17])
- GITOPS-8233 (CVE-2025-47913 openshift-gitops-1/argocd-rhel9: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [gitops-1.17])
- GITOPS-8078 (CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.17])
- GITOPS-8081 (CVE-2025-58183 openshift-gitops-1/dex-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.17])
- GITOPS-7753 (CVE-2025-58754 openshift-gitops-1/argocd-extensions-rhel8: Axios DoS via lack of data size check [gitops-1.17])
- GITOPS-8511 (CVE-2025-68156 openshift-gitops-1/argocd-rhel8: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.17])
- GITOPS-8512 (CVE-2025-68156 openshift-gitops-1/argocd-rhel9: Expr: Denial of Service via uncontrolled recursion in expression evaluation [gitops-1.17])
- GITOPS-7568 (ignoreDifferences setting is not honored for OAuthClient resource)
- GITOPS-7992 (openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition)
- GITOPS-8225 (RC 1.19.0-2 : haproxy replica remains 1 with HA upgrade)
- GITOPS-8411 (CVE-2025-55190 still blocking due to github.com/argoproj/argo-cd/v2@v2.14.11 in gitops-rhel8:v1.18.1)
- GITOPS-8591 (Reciving TargetDown after upgrading GitOps )
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift GitOps | 1.17 | x86_64 |
Fixes
(none)
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.