Red Hat Advanced Cluster Security for Kubernetes 3.0.58

ROX-5397, ROX-6458, and ROX-6619: Fixed a minor issue in the Iptables Executed in Privileged Container security policy, updated the remediation instructions in the Curl in Image security policy, and updated the Kubernetes Dashboard Deployed policy criteria.

ROX-6497: Previously, you could not use an OIDC identity provider with the Authorization Code Grant authentication flow, by using a client secret. The connection would fail with the implicit grant not allowed for this client error message.

ROX-6626: Previously, if you were using Red Hat Advanced Cluster Security for Kubernetes on OpenShift Container Platform, the Network Graph view would show too many connections and did not show Network baselines.

ROX-6792: Fixed an issue with the inactive deployment filter in the Violations view.

ROX-6820: Previously, Red Hat Advanced Cluster Security for Kubernetes would not report CVEs in Distroless images under certain conditions.

ROX-6887: Previously, the admission controller enforcement would not work for deploy-time policies if you were using enforceOnUpdates.

CVE-2021-20305

RHSA-2021:1206

Removed all licensing restrictions from Red Hat Advanced Cluster Security for Kubernetes.

You can now enforce scheduling for the scanner and scanner-db deployments on specific nodes.

Red Hat Advanced Cluster Security for Kubernetes includes a Fixed by column to the Vulnerability Management → All Entities → Components view. It lists the component version that fixes all vulnerabilities for a component. The Fixed by column only works if you are using Scanner.

You can now roll back to a previous version of Central if an upgrade fails to install.