openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/distr-tracing-tempo-rn-bug-fixes.adoc

40 lines
2.3 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * observability/distr_tracing/distr-tracing-rn.adoc
:_mod-docs-content-type: REFERENCE
[id="fixed-issues_{context}"]
= Fixed issues
[role="_abstract"]
The {TempoShortName} 3.8.2 patch release includes a fix for the following issue:
CVE-2025-61729::
Before this update, the `HostnameError.Error()` function in the Go `crypto/x509` package used string concatenation in a loop without limiting the number of printed hostnames. This behavior caused quadratic runtime when processing certificates with many hostnames, allowing attackers to consume excessive resources. With this update, the function uses the Go `strings.Builder` programming element for efficient string construction and limits the number of hostnames in an error message to 99. As a result, the function now runs efficiently even for certificates with many hostnames.
+
link:https://access.redhat.com/security/cve/cve-2025-61729[CVE-2025-61729]
The {TempoShortName} 3.8.1 patch release includes a fix for the following issue:
CVE-2025-58183::
Before this update, malicious tar archives could be used for denial of service by triggering memory overuse by the `tar.Reader` decompressor. With this update, the Go version upgrade to 1.25.3 enforces a maximum limit on the count of sparse region data blocks. As a result, memory usage when processing these archives is bounded and secure.
+
link:https://www.cve.org/CVERecord?id=CVE-2025-58183[CVE-2025-58183]
The {TempoShortName} 3.8 release fixes the following issues:
Resolved issue with TLS certificates affecting Tempo pods::
Before this update, the Tempo pods stopped communicating because internal TLS certificates were renewed. With this update, the Tempo pods automatically restart when certificates are renewed.
+
link:https://issues.redhat.com/browse/TRACING-5622[TRACING-5622]
Tempo query frontend no longer fails to fetch trace JSON::
Before this update, clicking on *Trace* in the Jaeger UI and refreshing the page, or accessing *Trace* -> *Trace Timeline* -> *Trace JSON* from the Tempo query frontend, might result in the Tempo query pod failing with an EOF error. With this update, this issue is resolved.
+
link:https://issues.redhat.com/browse/TRACING-5483[TRACING-5483]
[NOTE]
====
Some linked Jira tickets are accessible only with Red Hat credentials.
====
View Git Blame Copy Permalink