Red Hat Advanced Cluster Security for Kubernetes 3.0.58 includes feature enhancements, bug fixes, scale improvements, and other changes.

Release date: April 08, 2021

Important bug fixes

  • ROX-5397, ROX-6458, and ROX-6619: Fixed a minor issue in the Iptables Executed in Privileged Container security policy, updated the remediation instructions in the Curl in Image security policy, and updated the Kubernetes Dashboard Deployed policy criteria.

  • ROX-6497: Previously, you could not use an OIDC identity provider with the Authorization Code Grant authentication flow, by using a client secret. The connection would fail with the implicit grant not allowed for this client error message.

  • ROX-6626: Previously, if you were using Red Hat Advanced Cluster Security for Kubernetes on OpenShift Container Platform, the Network Graph view would show too many connections and did not show Network baselines.

  • ROX-6792: Fixed an issue with the inactive deployment filter in the Violations view.

  • ROX-6820: Previously, Red Hat Advanced Cluster Security for Kubernetes would not report CVEs in Distroless images under certain conditions.

  • ROX-6887: Previously, the admission controller enforcement would not work for deploy-time policies if you were using enforceOnUpdates.

Resolved in version 3.0.58.1

Release date: Apr 20, 2021

  • ROX-6959: Previously, the OpenShift Container Platform Cluster Version Operator was not correctly identified as an orchestrator component.

Security updates

The updated Collector image resolves the following fixable CVE:

The updated RHEL-based images resolves the following fixable RHSA:

Important system changes

  • Removed all licensing restrictions from Red Hat Advanced Cluster Security for Kubernetes.

  • You can now enforce scheduling for the scanner and scanner-db deployments on specific nodes.

  • Red Hat Advanced Cluster Security for Kubernetes includes a Fixed by column to the Vulnerability ManagementAll EntitiesComponents view. It lists the component version that fixes all vulnerabilities for a component. The Fixed by column only works if you are using Scanner.

  • You can now roll back to a previous version of Central if an upgrade fails to install.

Image versions

Image Description Current version

Main

It includes Central, Sensor, Admission Controller, and Compliance. It also includes roxctl for use in CI (continuous integration) systems.

stackrox.io/main:3.0.58.1

Scanner

Scans images.

stackrox.io/scanner:2.12.2

Scanner DB

Stores image scan results and vulnerability definitions.

stackrox.io/scanner-db:2.12.2

Collector

Collects runtime activity in Kubernetes or OpenShift Container Platform clusters.

collector.stackrox.io/collector:3.1.20-latest