The following advisory data is extracted from: https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2789.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat build of OpenTelemetry 3.5.0 release Advisory ID: RHSA-2025:2789-03 Product: Red Hat OpenShift distributed tracing Advisory URL: https://access.redhat.com/errata/RHSA-2025:2789 Issue date: 2025-03-14 Revision: 03 CVE Names: CVE-2024-45336 ==================================================================== Summary: Red Hat build of OpenTelemetry 3.5.0 has been released Description: Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features. Breaking changes: * Nothing Deprecations: * In the Red Hat build of OpenTelemetry 3.5, the Loki Exporter, which is a temporary Technology Preview feature, is deprecated. The Loki Exporter is planned to be removed in the Red Hat build of OpenTelemetry 3.6. If you currently use the Loki Exporter for the OpenShift Logging 6.1 or later, replace the Loki Exporter with the OTLP HTTP Exporter. Technology Preview features: * AWS CloudWatch Exporter * AWS EMF Exporter * AWS X-Ray Exporter Enhancements: * The following Technology Preview features reach General Availability: * Host Metrics Receiver * Kubelet Stats Receiver * With this update, the OpenTelemetry Collector uses the OTLP HTTP Exporter to push logs to the OpenShift Logging (LokiStack) 6.1 or later. * With this update, the Operator automatically creates RBAC rules for the Kubernetes Events Receiver (k8sevents), Kubernetes Cluster Receiver (k8scluster), and Kubernetes Objects Receiver (k8sobjects) if the Operator has sufficient permissions. For more information, see \"Creating the required RBAC resources automatically\": https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry/configuring-the-collector#otel-creating-required-RBAC-resources-automatically_otel-configuration-of-otel-collector Bug fixes: * Before this update, manually created routes for the Collector services were unintentionally removed when the Operator pod was restarted. With this update, restarting the Operator pod does not result in the removal of the manually created routes. Known issues: * Nothing Solution: https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators CVEs: CVE-2024-45336 References: https://access.redhat.com/security/cve/CVE-2024-45336 https://access.redhat.com/security/cve/CVE-2024-56171 https://access.redhat.com/security/cve/CVE-2025-22866 https://access.redhat.com/security/cve/CVE-2025-24528 https://access.redhat.com/security/cve/CVE-2025-24928 https://access.redhat.com/security/updates/classification/ https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry