openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/otel-rn-bug-fixes.adoc

44 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * observability/otel/otel-rn.adoc
:_mod-docs-content-type: REFERENCE
[id="fixed-issues_{context}"]
= Fixed issues
[role="_abstract"]
The {OTELName} 3.8.2 patch release includes a fix for the following issue:
CVE-2025-61729::
Before this update, the `HostnameError.Error()` function in the Go `crypto/x509` package used string concatenation in a loop without limiting the number of printed hostnames. This behavior caused quadratic runtime when processing certificates with many hostnames, allowing attackers to consume excessive resources. With this update, the function uses the Go `strings.Builder` programming element for efficient string construction and limits the number of hostnames in an error message to 99. As a result, the function now runs efficiently even for certificates with many hostnames.
+
link:https://access.redhat.com/security/cve/cve-2025-61729[CVE-2025-61729]
[NOTE]
====
There was no 3.8.1 patch release for {OTELName}.
Version 3.8.1 patch release was shipped only for {TempoShortName}.
====
The {OTELName} 3.8 release fixes the following issues:
Fixed BearerTokenAuth Extension errors::
Before this update, the BearerTokenAuth Extension might log errors when the service account token was refreshed. With this update, the extension correctly handles token file refresh without producing errors.
+
link:https://issues.redhat.com/browse/TRACING-5678[TRACING-5678]
Fixed errors from the CA Injector of cert-manager::
Before this update, the CA Injector of cert-manager was logging errors related to fetching the certificates for the {OTELOperator}. With this update, the OpenTelemetry Collector no longer relies on cert-manager, preventing unnecessary error logs.
+
link:https://issues.redhat.com/browse/TRACING-5590[TRACING-5590]
Fixed short-term token authentication for the AWS Cloud Watch Exporter::
Before this update, the AWS Cloud Watch Exporter ignored short-term token authentication using an Amazon Resource Name (ARN). With this update, the exporter correctly handles short-term token authentication.
+
link:https://issues.redhat.com/browse/TRACING-5528[TRACING-5528]
[NOTE]
====
Some linked Jira tickets are accessible only with Red Hat credentials.
====
View Git Blame Copy Permalink