-
Spike
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
None
-
1
-
False
-
None
-
False
-
-
-
OTA 243, OTA 244
Which 4.y.z to 4.y'.z' updates increase vulnerability?
- example: Customers updating from 4.13 or older 4.14 into 4.14.0-rc.2 or later (which have OCPBUGS-19353), until
OCPBUGS-20331or its 4.14 backport lands a fix.
Which types of clusters?
- Clusters where the Console calability is disabled. Check your vulnerability with:
$ oc get -o json clusterversion version | jq -r '.status.capabilities.enabledCapabilities[]'
If the output includes Console, you are not exposed. If it does not include Console, you are exposed.
What is the impact? Is it serious enough to warrant removing update recommendations?
- The Console property will become implicitly enabled on update, and pull in all of the Console components.
How involved is remediation?
- There is no supported path to recovery, because capabilities cannot be uninstalled.
Is this a regression?
- Yes, OCPBUGS-19353 regressed clusters updating in with Console previously enabled.
- blocks
-
OCPBUGS-20331 previously disabled cluster capability Console unintentionally enabled during an upgrade
-
- Closed
-
- links to