Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes security fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

This release of RHACS 4.7.2 includes the following security fixes:

* CVE-2024-21536: Denial of Service vulnerability in the
 `http-proxy-middleware` package.
* CVE-2025-30204: Excessive memory allocation during header parsing in
 `golang-jwt` package.
* CVE-2024-57083: Denial of Service vulnerability in the `redoc` package.

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-21536: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-57083: Improperly Controlled Modification of Object Prototype
 Attributes ('Prototype Pollution') (CWE-1321)
CVE-2025-30204: Asymmetric Resource Consumption (Amplification) (CWE-405)