OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains the following OpenShift Virtualization 4.8.1 images:

RHEL-8-CNV-4.8

kubevirt-v2v-conversion-container-v4.8.1-1
bridge-marker-container-v4.8.1-2
node-maintenance-operator-container-v4.8.1-1
cnv-containernetworking-plugins-container-v4.8.1-1
virtio-win-container-v4.8.1-1
ovs-cni-plugin-container-v4.8.1-2
kubevirt-vmware-container-v4.8.1-1
kubernetes-nmstate-handler-container-v4.8.1-2
cluster-network-addons-operator-container-v4.8.1-2
kubemacpool-container-v4.8.1-2
ovs-cni-marker-container-v4.8.1-2
cnv-must-gather-container-v4.8.1-4
virt-operator-container-v4.8.1-2
vm-import-virtv2v-container-v4.8.1-2
vm-import-operator-container-v4.8.1-2
vm-import-controller-container-v4.8.1-2
kubevirt-template-validator-container-v4.8.1-2
virt-cdi-cloner-container-v4.8.1-5
virt-cdi-controller-container-v4.8.1-5
virt-cdi-operator-container-v4.8.1-5
virt-cdi-apiserver-container-v4.8.1-5
hostpath-provisioner-operator-container-v4.8.1-3
virt-cdi-uploadproxy-container-v4.8.1-5
virt-cdi-importer-container-v4.8.1-5
hyperconverged-cluster-operator-container-v4.8.1-3
virt-cdi-uploadserver-container-v4.8.1-5
hyperconverged-cluster-webhook-container-v4.8.1-3
hostpath-provisioner-container-v4.8.1-2
kubevirt-ssp-operator-container-v4.8.1-5
virt-launcher-container-v4.8.1-3
virt-api-container-v4.8.1-3
virt-handler-container-v4.8.1-3
virt-controller-container-v4.8.1-3
hco-bundle-registry-container-v4.8.1-18

Security Fix(es):

• gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

• golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• [CNV 2.4.3] oc vm delete doesn’t complete sometimes (BZ#1900631)

• Migration fails with read only cdrom drive attached (BZ#1927378)

• [CNV-2.5] Manifests in openshift-cnv missing resource requirements - Network (BZ#1935218)

• [RFE][v2v] Expose the vddk library version loaded by nbdkit (BZ#1937405)

• New OCP priority classes are not used - Network (BZ#1953482)

• Migration fails with read only cdrom drive attached on “timed out waiting for domain to be defined” (BZ#1966903)

• cfgMap kubevirt-ca brought in by kubevirt does not get reconciled (BZ#1968410)

• Update nmstate version in CNV (BZ#1971262)

• virt-api - deprecated API is used (BZ#1972762)

• Pending VMIs when creating concurrent bulk of VMs backed by WFFC DVs (BZ#1974289)

• Migration of ‘Migratable’ VMs fails although live migration is enabled for the target environment (BZ#1977277)

• CDI importer doesn’t report AwaitingVDDK like it used to (BZ#1979957)

• [4.8.1] Cloning DataVolumes between namespaces fails while creating cdi-upload pod (BZ#1982269)

• VMs Migration from a specific VMware fails the importer, on NfcFssrvrProcessErrorMsg (BZ#1984775)

• [RFE] Keep the VddkInitImage value in the v2v-vmware conigMap when upgrading CNV from 2.6 to CNV-4.8 (BZ#1984801)

• CDI Importer fails on large qcow2.gz (BZ#1989170)

• 4.8.1 containers (BZ#1989410)

• [hpp] CNV Daemonsets have maxUnavailable set to 1 which leads to very slow upgrades on large clusters (BZ#1990063)