Release of RHACS 3.73 provides these changes:
New features:
Notable technical changes:
anyuid
Security Context Constraint (SCC). Instead, the default SCC for Sensor is now restricted[-v2]
or stackrox-sensor
, depending on the settings. In addition, the runAsUser
and fsGroup
for the Admission control and Sensor deployments are no longer hard-coded to 4000
on OpenShift clusters to allow using the restricted
and restricted-v2
SCCs. (ROX-9342)central
, which the Central deployment uses, now includes get
and list
access to the pods, events, and namespaces resources in the namespace where you deploy Central./api/vm/export/csv
now requires the CVE Type
filter as part of the input query parameter. Supported values for CVE Type
are IMAGE_CVE
, K8S_CVE
, ISTIO_CVE
, NODE_CVE
, and OPENSHIFT_CVE
.Notice of in-product docs removal:
Bug fixes:
ocp4-cis-node
compliance standard was missing from Splunk. This issue is now fixed. The Splunk integration now includes the ocp4-cis-node
compliance standard results. (ROX-11937)Security Fix(es):
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
app-containers/cosign: false positive verification (CVE-2022-36056)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.