(RHSA-2023:3943) Moderate: ACS 4.1 enhancement and security update

The release of ACS 4.1 provides these changes:

Security Fix(es):

• golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

• net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

• golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

• golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)

• golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

• golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

New features:

• Manual renewal of Central and Sensor certificates

• Vulnerability Management 2.0 (Technology Preview)

• RHACS Cloud Service scanning support for images pulled from on-premise registries

• eBPF collection method on IBM Z and IBM® LinuxONE

• Ability to configure the display of default compliance standards in the Compliance Dashboard

• Declarative configurations for authentication and authorization

• SSO configuration using the roxctl CLI

• New collection method based on BPF CO-RE (Technology Preview)

• Network graph updates

• Policy Management simplification

• New permission sets

• Improvements for Sensor resync (General Availability)

For notable technical changes, deprecated and removed features, bug fixes, and known issues, refer to the Release Notes.