An updated images are now available for RHODF-4.14-RHEL-9.

Red Hat Product Security has rated this update as having a security impact of
 Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenShift Data Foundation is software-defined storage integrated with and
 optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift DataFoundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API.

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

* PostCSS: Improper input validation in PostCSS (CVE-2023-44270)

* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause
 authorization bypass in golang.org/x/crypto (CVE-2024-45337)

* golang.org/x/net/html: Non-linear parsing of case-insensitive content in
 golang.org/x/net/html (CVE-2024-45338)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-44270: Improper Neutralization of CRLF Sequences ('CRLF
 Injection') (CWE-93)
CVE-2024-6104: Insertion of Sensitive Information into Log File (CWE-532)
CVE-2024-45338: Allocation of Resources Without Limits or Throttling (CWE-770)