This release of RHACS 4.3.6 provides the following bug fix:
- Fixed an issue where an incorrectly configured Jira notifier causes the Central component of RHACS to enter a crash loop
It provides the following security fixes:
- go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)
- helm: Missing YAML content leads to panic (CVE-2024-26147)
- helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.