Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 has been released

Release of Red Hat OpenShift distributed tracing provides following security
 improvements, bug fixes, and new features.
The Red Hat OpenShift distributed tracing (Tempo) 3.5.1 is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] release 2.7.1.

Breaking changes:
* With this update, for a user to create or modify a TempoStack or
 TempoMonolithic CR with enabled multi-tenancy, the user must have permissions to create a TokenReview and SubjectAccessReview.

Deprecations:
* Nothing

Technology Preview features:
* Nothing

Enhancements:
* Nothing

Bug fixes:
* https://access.redhat.com/security/cve/CVE-2025-2786
* https://access.redhat.com/security/cve/CVE-2025-2842

Known issues:
* Currently, when the OpenShift tenancy mode is enabled, the ServiceAccount of
 the gateway component of a TempoStack or TempoMonolithic instance requires the TokenReview and SubjectAccessReview permissions for authorization. Workaround: deploy the instance in a dedicated namespace, and carefully audit which users have permission to read the Secrets in this namespace.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-2786: Exposure of Sensitive Information to an Unauthorized Actor
 (CWE-200)
CVE-2025-2842: Exposure of Sensitive Information to an Unauthorized Actor
 (CWE-200)
CVE-2025-30204: Asymmetric Resource Consumption (Amplification) (CWE-405)