Skip to content

NO-JIRA: Update registry.redhat.io/openshift4/ose-must-gather-rhel9:v4.16 Docker digest to 338aef2 [SECURITY]#2881

Open
red-hat-konflux[bot] wants to merge 1 commit into
release-4.16from
konflux/mintmaker/release-4.16/docker-registry.redhat.io-openshift4-ose-must-gather-rhel9-vulnerability
Open

NO-JIRA: Update registry.redhat.io/openshift4/ose-must-gather-rhel9:v4.16 Docker digest to 338aef2 [SECURITY]#2881
red-hat-konflux[bot] wants to merge 1 commit into
release-4.16from
konflux/mintmaker/release-4.16/docker-registry.redhat.io-openshift4-ose-must-gather-rhel9-vulnerability

Conversation

@red-hat-konflux

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
registry.redhat.io/openshift4/ose-must-gather-rhel9 final digest 3a9bb17338aef2

fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization

CVE-2026-13676

More information

Details

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode (Internationalized Domain Name - IDN) hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when applications use fast-uri to enforce these policies before passing the URL to another parser. A remote attacker could exploit this to circumvent security controls and potentially access unauthorized resources or perform malicious redirects.

Severity

Important

References


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

…4.16 Docker digest to 338aef2 [SECURITY]

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 154028d4-6fdf-41ef-b230-2b896e07fa3e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/release-4.16/docker-registry.redhat.io-openshift4-ose-must-gather-rhel9-vulnerability

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 16, 2026
@openshift-ci

openshift-ci Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign eggfoobar for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@qJkee

qJkee commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

/retest

@openshift-ci

openshift-ci Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

@red-hat-konflux[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ci-index-lvm-operator-bundle a68b5bd link true /test ci-index-lvm-operator-bundle

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant