Important: Red Hat OpenShift Pipelines Operator security update
Security Advisory: Important
An update is now available for OpenShift-Pipelines-1.11-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments across multiple platforms such as Kubernetes, Serverless, and VMs by abstracting away the underlying details.
Red Hat OpenShift Pipelines consists of:
Tekton Pipelines 0.47.x
Tekton Triggers 0.24.x
ClusterTasks based on Tekton Catalog
Tekton tkn CLI 0.31.x
Tekton Operator 0.67.x
Tekton Chains 0.16.x (GA)
Tekton Hub 1.13.x (TP)
Tekton Result 0.6.0 (TP)
Pipelines-as-Code 0.19.x (GA)
## Features
Standard CI/CD pipelines definition
Build images with Kubernetes tools such as S2I, Buildah, Buildpacks, Kaniko, etc.
Deploy applications to multiple platforms such as Kubernetes, Serverless, and VMs
Easy to extend and integrate with existing tools
Scale pipelines on-demand
Portable across any Kubernetes platform
Designed for microservices and decentralized teams
Integrated with OpenShift Developer Console
Enhance supply chain security with Tekton Chains (Technology Preview)
Install and deploy Tekton Hub (Technology Preview) with custom catalog on enterprise cluster
Maintain pipelines definition as part of application repository with Pipelines-as-Code (PAC) (General Availability)
For more information, see the Release Notes on any one of the following platforms:
Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cicd/pipelines#op-release-notes-1-11_op-release-notes
OpenShift documentation: https://docs.openshift.com/container-platform/4.13/cicd/pipelines/op-release-notes.html#op-release-notes-1-11_op-release-notes
Security Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
For details on how to apply this update, which includes the changes described in this advisory, refer to: