The FIPS Publication 140 is a series of computer security standards developed by the National Institute of Standards and Technology (NIST) to ensure the quality of cryptographic modules. The FIPS 140 standard ensures that cryptographic tools implement their algorithms correctly. Red Hat UBI 9 comes with a FIPS validated OpenSSL version and the manager must be dynamically linked to OpenSSL to use FIPS validated cryptographic modules when is executed on nodes that are booted into FIPS mode.

Action required: containers: Using RHEL/UBI9? Update your FROM lines!
From RHEL 9.5 GA (2024-11-12) onwards, the main RHEL 9 container images are being built via Konflux instead of OSBS, with this corresponding implication for downstream containers: Freshmaker automation will not trigger for CVEs in your images until you make the following changes (or migrate to Konflux)

If your image is based directly on a RHEL/UBI9 image, the following changes are required:

Update your FROM lines as follows.
If you are using the regular (full) ubi9 image, change to
FROM registry.redhat.io/rhel9-osbs/osbs-ubi9

If you are using the minimal ubi9 image, change to
FROM registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal

If you are using the micro ubi9 image, change to
FROM registry.redhat.io/rhel9-osbs/osbs-ubi9-micro

Prefix the FROM line with a comment containing the following text:

1. This OSBS Base Image is designed and engineered to be the base layer for
2. Red Hat products. This base image is only supported for approved Red Hat
3. products. This image is maintained by Red Hat and updated regularly.