Updated images are now available for Red Hat Advanced Cluster Security (RHACS).

This release of RHACS fixes the following bugs:

* Fixed an issue where Central could perform image scans even when delegated
 scanning was enabled, due to a race condition during Sensor reconnection.

* Fixed an issue where mismatched aggregation fields in Compliance tables and
 widgets caused inconsistent percentage displays.

* Fixed an issue where you ran into Google Kubernetes Engine (GKE)
 compatibility test failures because the tests still used a deprecated service in RHACS 4.6.

* Fixed an issue where you could see the Configuration Management page despite
 only having Alert permissions, resulting in role-based access control (RBAC) errors.

* Fixed an issue where verifying multi-signed images failed due to incorrect
 error handling.

This release of RHACS fixes the following security vulnerabilities:

CVE-2024-21536: Flaw in http-proxy-middleware allowed denial of service through
 unhandled promise rejections in micromatch.

CVE-2025-30204: Flaw in jwt-go allowed excessive memory allocation during
 header parsing, which could lead to a possible denial of service.

CVE-2024-57083: Flaw in redoc allowed prototypes in mergeObjects to be tainted,
 which allowed a denial of service through crafted payloads.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-21536: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-57083: Improperly Controlled Modification of Object Prototype
 Attributes ('Prototype Pollution') (CWE-1321)
CVE-2025-30204: Asymmetric Resource Consumption (Amplification) (CWE-405)