Skip to content

ROX-30520: Patch release notes for 4.7.6 #97450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: rhacs-docs-4.7
Choose a base branch
from
+24 −1
Open

ROX-30520: Patch release notes for 4.7.6 #97450

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion modules/common-attributes.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,9 @@ endif::[]
:osp: Red{nbsp}Hat OpenShift
:olm-first: Operator Lifecycle Manager (OLM)
:olm: OLM
:rhacs-version: 4.7.5
:rhacs-version: 4.7.6
:ga-date-475: 22 July 2025
:ga-date-476: 18 August 2025
:ocp-supported-version: 4.12
:ocp-latest-version: 4.19
:plugin-acs-latest-version: 0.0.4
Expand Down
22 changes: 22 additions & 0 deletions release_notes/47-release-notes.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ toc::[]
|`4.7.3` | 15 May 2025
|`4.7.4` | 11 June 2025
|`4.7.5` | {ga-date-475}
|`4.7.6` | {ga-date-476}


|====
Expand Down Expand Up @@ -503,4 +504,25 @@ This release provides fixes for the following security issues:

* Flaw in `net/http` allowed request smuggling due to improper handling of bare line feed (LF) in chunked data (link:https://access.redhat.com/security/cve/cve-2025-22871[CVE-2025-22871])

[id="about-release-476_{context}"]
== About release version 4.7.6

*Release date*: {ga-date-476}

This release of {product-title-short} 4.7 provides the following bug fixes:

//ROX-30366
* Before this update, the upgrade to Golang gRPC 1.67 and later caused problems with gRPC connections that affected multiple users. This issue prevented gRPC connections and blocked communications between Central and Sensor. With this release, the `GRPC_ENFORCE_ALPN_ENABLED` flag has been added in {product-title-short}. The default value disables the Application-Layer Protocol Negotiation (ALPN) enforcement, and therefore allows the connection between Sensor and Central as well as the communication between the components.

This release also addresses the following security vulnerabilities:

* GNOME Glib flaw (link:https://access.redhat.com/security/cve/CVE-2024-34397[CVE-2024-34397])
* Requests HTTP library flaw (link:https://access.redhat.com/security/cve/CVE-2024-47081[CVE-2024-47081])
* Glib library flaws (link:https://access.redhat.com/security/cve/CVE-2024-52533[CVE-2024-52533], link:https://access.redhat.com/security/cve/CVE-2025-4373[CVE-2025-4373])
* Memory corruption flaw in SQLite (link:https://access.redhat.com/security/cve/CVE-2025-6965[CVE-2025-6965])
* Flaw in libxslt (link:https://access.redhat.com/security/cve/CVE-2025-7425[CVE-2025-7425])
* Double-free vulnerability in glibc (link:https://access.redhat.com/security/cve/CVE-2025-8058[CVE-2025-8058])
* Flaw in libxml2 library (link:https://access.redhat.com/security/cve/CVE-2025-32415[CVE-2025-32415])
* Perl standard library threads component flaw (link:https://access.redhat.com/security/cve/CVE-2025-40909[CVE-2025-40909])

include::modules/image-versions.adoc[leveloffset=+1]