Loading...

XML

Word

Printable

Type: Spike
Resolution: Done
Priority: Blocker
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- UpgradeBlocker

Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

4.12.23 and higher to 4.13.7 and lower

Which types of clusters?

FIPS-enabled clusters where remediation described in RHSB-2023-001 (certificate rotation) was already performed

What is the impact?

FIPS-enabled clusters where remediation described in RHSB-2023-001 (certificate rotation) was already performed would lose the remediation after updating to an impacted OCP4.13 version.

However, as of 2023-07-24, anyone needing FIPS compliance will likely not want to update to any version of OCP 4.13. OCP 4.13 uses RHEL9.2 binaries, and RHEL9.2 has not yet been submitted for FIPS validation (for up to date information, please see General FAQ for OpenShift and FIPS compliance ).

How involved is remediation?

Remediation described in RHSB-2023-001 (certificate rotation) would need to be re-done after the cluster is updated to 4.13.8 where the RHSB-2023-001 is resolved.

Is this a regression?

No.

is blocked by

OCPBUGS-16622 4.13/4.14 MCDs do not work with FIPS enabled golang builders

Closed

relates to

RFE-4471 In-cluster Prometheus for FIPS-ness

Backlog

links to

openshift/cincinnati-graph-data#3887: OTA-1000: RHSB2023-001: Add for 4.12.23+ -> 4.13 edges

Assignee:: Unassigned

Reporter:: Petr Muller

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/07/24 12:10 PM

Updated:: 2023/08/10 9:57 AM

Resolved:: 2023/08/09 11:28 PM

Details

Description

Which 4.y.z to 4.y'.z' updates increase vulnerability?

Which types of clusters?

What is the impact?

How involved is remediation?

Is this a regression?

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates