Control Center Next Generation v2.3.2
Control Center Next Generation patch release version 2.3.2 addresses security hygiene improvements across Control Center Next Generation components through upgrades to third-party dependencies.
Security Vulnerabilities
Control Center Next Generation 2.3.2 did not include any upgrades related to exploitable security vulnerabilities.
Resolved security hygiene issues in 3rd party dependencies
The following list of package upgrades are related to vulnerabilities present in open-source packages depended upon by Control Center Next Generation. These are included as part of security hygiene. At this time, no exploitable vector has been identified for any of the CVEs present in the following table:
CVE |
CVSS |
Impacted Package Version |
Upgraded Package Version |
7.5 |
stdlib < v1.25.4 |
stdlib = 1.26.01 |
|
7.5 |
org.lz4:lz4-java < 1.8.0 |
at.yawk.lz4:lz4-java = 1.10.2 |
|
7.4 |
org.glassfish.jersey.core:jersey-client < 3.1.9 |
org.glassfish.jersey.core:jersey-client = 3.1.10 |
|
6.5 |
org.lz4:lz4-java < 1.8.0 |
at.yawk.lz4:lz4-java = 1.10.2 |
|
6.5 |
stdlib < v1.25.4 |
stdlib = 1.26.1 |
|
6.5 |
io.netty:netty-codec-http < 4.1.128.Final |
io.netty:netty-codec-http = 4.1.130.Final |
|
6.4 |
ch.qos.logback:logback-core < 1.5.17 |
ch.qos.logback:logback-core = 1.5.27 |
|
5.3 |
golang.org/x/crypto < v0.43.0 |
golang.org/x/crypto = 0.47.0 |
|
5.3 |
golang.org/x/crypto < v0.43.0 |
golang.org/x/crypto = 0.47.0 |
|
5 |
ch.qos.logback:logback-core < 1.5.17 |
ch.qos.logback:logback-core = 1.5.27 |
|
4.8 |
org.apache.logging.log4j:log4j-core < 2.24.3 |
org.apache.logging.log4j:log4j-core = 2.25.3 |
This patch release version depends upon Red Hat Universal Base Image 9 Micro/Minimal versions :
- Cp-enterprise-control-center-next-gen uses RedHat ubi9 minimal 9.7-1771346502.
- Cp-enterprise-prometheus & Cp-enterprise-alertmanager uses RedHat ubi9 micro 9.7-1771346390.
Control Center Next Generation v2.4.1
Control Center Next Generation patch release version 2.4.1 addresses security hygiene improvements across Control Center Next Generation components through upgrades to third-party dependencies.
Security Vulnerabilities
Control Center Next Generation 2.4.1 did not include any upgrades related to exploitable security vulnerabilities.
Resolved security hygiene issues in 3rd party dependencies
The following list of package upgrades are related to vulnerabilities present in open-source packages depended upon by Control Center Next Generation. These are included as part of security hygiene. At this time, no exploitable vector has been identified for any of the CVEs present in the following table:
CVE |
CVSS |
Impacted Package Version |
Upgraded Package Version |
10 |
stdlib < v1.25.4 |
stdlib = 1.26.1 |
|
7.5 |
stdlib < v1.25.4 |
stdlib = 1.26.1 |
|
7.5 |
stdlib < v1.25.4 |
stdlib = 1.26.1 |
|
7.5 |
org.lz4:lz4-java < 1.8.0 |
at.yawk.lz4:lz4-java = 1.10.2 |
|
7.4 |
org.glassfish.jersey.core:jersey-client < 3.1.9 |
org.glassfish.jersey.core:jersey-client = 3.1.10 |
|
6.5 |
org.lz4:lz4-java < 1.8.0 |
at.yawk.lz4:lz4-java = 1.10.2 |
|
6.5 |
stdlib < v1.25.4 |
stdlib = 1.26.1 |
|
6.5 |
stdlib < v1.25.4 |
stdlib = 1.26.1 |
|
6.5 |
io.netty:netty-codec-http < 4.1.128.Final |
io.netty:netty-codec-http = 4.1.130.Final |
|
6.4 |
ch.qos.logback:logback-core < 1.5.17 |
ch.qos.logback:logback-core = 1.5.27 |
|
5.3 |
golang.org/x/crypto < v0.43.0 |
golang.org/x/crypto = 0.47.0 |
|
5.3 |
golang.org/x/crypto < v0.43.0 |
golang.org/x/crypto = 0.47.0 |
|
5.3 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
5 |
ch.qos.logback:logback-core < 1.5.17 |
ch.qos.logback:logback-core = 1.5.27 |
|
4.8 |
org.apache.logging.log4j:log4j-core < 2.24.3 |
org.apache.logging.log4j:log4j-core = 2.25.3 |
This patch release version depends upon Red Hat Universal Base Image 9 Micro/Minimal versions :
- Cp-enterprise-control-center-next-gen uses RedHat ubi9 minimal 9.7-1773939694.
- Cp-enterprise-prometheus & Cp-enterprise-alertmanager uses RedHat ubi9 micro 9.7-1773894938.