From 4670699478e932b51d3c06e84f3637d99288c87c Mon Sep 17 00:00:00 2001 From: Kerry Carmichael Date: Thu, 10 Apr 2025 12:49:47 -0400 Subject: [PATCH] release notes for patch 4.5.9 --- modules/common-attributes.adoc | 4 ++-- release_notes/45-release-notes.adoc | 23 +++++++++++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/modules/common-attributes.adoc b/modules/common-attributes.adoc index cabfd16201e7..6de20c863617 100644 --- a/modules/common-attributes.adoc +++ b/modules/common-attributes.adoc @@ -55,9 +55,9 @@ endif::[] :osp: Red{nbsp}Hat OpenShift :olm-first: Operator Lifecycle Manager (OLM) :olm: OLM -:rhacs-version: 4.5.8 +:rhacs-version: 4.5.9 :ocp-supported-version: 4.11 -:ocp-latest-version: 4.17 +:ocp-latest-version: 4.18 :product-rosa: Red{nbsp}Hat OpenShift Service on AWS :product-rosa-short: ROSA :product-title: Red{nbsp}Hat Advanced Cluster Security for Kubernetes diff --git a/release_notes/45-release-notes.adoc b/release_notes/45-release-notes.adoc index 115651f276b8..c49bb0336c8c 100644 --- a/release_notes/45-release-notes.adoc +++ b/release_notes/45-release-notes.adoc @@ -24,6 +24,7 @@ toc::[] |`4.5.6` | 11 February 2025 |`4.5.7` | 10 March 2025 |`4.5.8` | 31 March 2025 +|`4.5.9` | 15 April 2025 |==== @@ -509,7 +510,25 @@ This release of {product-title-short} includes the following bug fix: This release also addresses the following security vulnerabilities: -* link:https://access.redhat.com/security/cve/cve-2025-22868[CVE-2025-22868] Flaw in the `golang.org/x/oauth2/jws` package. -* link:https://access.redhat.com/security/cve/cve-2025-22869[CVE-2025-22869] Flaw in the `golang.org/x/crypto/ssh` package. +* link:https://access.redhat.com/security/cve/cve-2025-22868[CVE-2025-22868]: Flaw in the `golang.org/x/oauth2/jws` package +* link:https://access.redhat.com/security/cve/cve-2025-22869[CVE-2025-22869]: Flaw in the `golang.org/x/crypto/ssh` package + +[id="about-release-459_{context}"] +== About release 4.5.9 + +*Release date*: 15 April 2025 + +This release of {product-title-short} includes the following bug fix: + +* Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency. + +This release also addresses the following security vulnerabilities: + +* link:https://access.redhat.com/errata/RHSA-2025:2679[RHSA-2025:2679]: `libxml2` security update +* link:https://access.redhat.com/errata/RHSA-2025:1350[RHSA-2025:1350]: `libxml2` security update +* link:https://access.redhat.com/errata/RHSA-2025:1330[RSHA-2025:1330]: `openssl` security update +* link:https://access.redhat.com/security/cve/cve-2024-57083[CVE-2024-57083]: Prototype pollution in redoc can allow a DoS attack +* link:https://access.redhat.com/security/cve/cve-2024-21536[CVE-2024-21536]: Flaw in `http-proxy-middleware` package +* link:https://access.redhat.com/security/cve/cve-2025-30204[CVE-2025-30204]: Flaw in the `golang-jwt` implementation of JSON Web Tokens (JWT) include::modules/image-versions.adoc[leveloffset=+1]