- Issued:
- 2026-01-28
- Updated:
- 2026-01-28
RHSA-2026:1488 - Important: Red Hat OpenShift GitOps v1.19.1 security update
Synopsis
Important: Red Hat OpenShift GitOps v1.19.1 security update
Type/Severity
Security Advisory Important
Topic
Important: Red Hat OpenShift GitOps v1.19.1 security update
Description
An update is now available for Red Hat OpenShift GitOps. Bug Fix(es) and Enhancement(s):
- GITOPS-8080 (CVE-2025-58183 openshift-gitops-1/argocd-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.19])
- GITOPS-8083 (CVE-2025-58183 openshift-gitops-1/dex-rhel8: Unbounded allocation when parsing GNU sparse map [gitops-1.19])
- GITOPS-7849 (Cherry pick Repo Type Fix to Argo CD 3.1 stream)
- GITOPS-7992 (openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition)
- GITOPS-8225 (RC 1.19.0-2 : haproxy replica remains 1 with HA upgrade)
- GITOPS-8249 (Prevent argoCD from automatically refreshing to gitops repository )
- GITOPS-8411 (CVE-2025-55190 still blocking due to github.com/argoproj/argo-cd/v2@v2.14.11 in gitops-rhel8:v1.18.1)
- GITOPS-8535 (Show All Namespaces or Current Namespace Only option)
- GITOPS-8591 (Reciving TargetDown after upgrading GitOps )
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenShift GitOps | 1.19 | x86_64 |
Fixes
(none)
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.