Red Hat Advanced Cluster Security for Kubernetes 3.0.61 includes feature enhancements, bug fixes, scale improvements, and other changes.

Release date: June 10, 2021

New features

  • ROX-6639: Red Hat Advanced Cluster Security for Kubernetes includes a new policy criteria for vulnerabilities severity score in an image’s contents. It provides a more accurate reflection of risk than a CVSS score.

Important bug fixes

  • ROX-6991 and ROX-7058: Previously, CSV exports of security risks were inconsistent with the RHACS user interface.

  • ROX-7004: Previously, CVE-2016-4074 was reported as a false positive when images contained the component jq 1.6-r0 or jq 1.6-r1.

  • ROX-7270: Previously, under certain conditions, searched images would not correctly index and display.

  • ROX-7276: Previously, improper handling of very short-lived tokens caused the GitLab OIDC authentication provider to prematurely log users out.

Resolved in version 3.0.61.1

Release date: June 21, 2021

  • ROX-7387: Previously, in deployments using non-standard namespaces, admission controller failed to enforce or monitor deploy time policies.

Important system changes

  • ROX-6639: Red Hat Advanced Cluster Security for Kubernetes includes a new default policy to flag fixable high or important severity vulnerabilities in images.

  • ROX-7133: Red Hat Advanced Cluster Security for Kubernetes now calculates the image risk using a score assigned to the severity rating of a vulnerability rather than the CVSS score. Doing this provides a more accurate reflection of an image’s risk.

Image versions

Image Description Current version

Main

It includes Central, Sensor, Admission Controller, and Compliance. It also includes roxctl for use in CI (continuous integration) systems.

registry.redhat.io/rh-acs/main:3.0.61.1

Scanner

Scans images and nodes.

registry.redhat.io/rh-acs/scanner:2.15.2

Scanner DB

Stores image scan results and vulnerability definitions.

registry.redhat.io/rh-acs/scanner-db:2.15.2

Collector

Collects runtime activity in Kubernetes or OpenShift Container Platform clusters.

registry.redhat.io/rh-acs/collector:3.1.25-latest