------------------------------------------------------------------------------- Fix Number: CG-7.1.0 Fujitsu Enterprise Postgres with Cryptographic Module 15 Operator for Kubernetes * Release date - November 27, 2024 ------------------------------------------------------------------------------- [High Risk Activity] The Customer acknowledges and agrees that the Product is designed, developed and manufactured as contemplated for general use, including without limitation, general office use, personal use, household use, and ordinary industrial use, but is not designed, developed and manufactured as contemplated for use accompanying fatal risks or dangers that, unless extremely high safety is secured, could lead directly to death, personal injury, severe physical damage or other loss (hereinafter "High Safety Required Use"), including without limitation, nuclear reaction control in nuclear facility, aircraft flight control, air traffic control, mass transport control, medical life support system, missile launch control in weapon system. The Customer, shall not use the Product without securing the sufficient safety required for the High Safety Required Use. In addition, Fujitsu (or other affiliate's name) shall not be liable against the Customer and/or any third party for any claims or damages arising in connection with the High Safety Required Use of the Product. Product and company names mentioned in this manual are the trademarks or registered trademarks of their respective owners. Copyright 2024 FUJITSU LIMITED ------------------------------------------------------------------------------- * Purpose - Populating Container's Base OS Image Vulnerability Patches * Target of correction(image tag name) - Operator Container(v7.1.0) - Database Server Container(ubi9-15-1.8) - Backup Container(ubi9-15-1.8) - Restore Container(ubi9-15-1.8) - PGPool2 Container(ubi9-15-1.8) - Exporter Container(ubi9-17-1.0) - Fluentd Container(ubi9-17-1.0) - Fluentbit Container(ubi9-17-1.0) - Cronjob Container(ubi9-17-1.0) - Upgrade Container(ubi9-15-1.8) - Utils Container(ubi9-15-1.8) ------------------------------------------------------------------------------- [Accumulated Patches] The following fixes are included in this patch: Fix Number: CG-5.1.1 01 PH23800 [ ]Security failure [*]Serious failure ([ ]Degradation) [*]Incompatibility does not exist / [ ]Incompatibility exists - Frequency ([*]Always / [ ]Rarely / [ ]Irregularly) - Description After deploying the FEPCluster custom resource, the FEP server container is not created and the FEPCluster custom resource displays the following error message: Message: Failed to create object: b'{""kind"":""Status"",""apiVersion"":""v1"",""metadata"": {},""status"":""Failure"",""message"":""admission webhook \\""webhook.cert-manager.io\\"" denied the request: json: cannot unmarshal string into Go struct field CertificateSpec.spec.dnsNames of type []string"",""reason"":""BadRequest"",""code"":400}\n' - Requirements to reproduce this issue 1)cert-manager is installed. and 2)Install Operator v5.1.8 or later. and 3)Apply FEPCluster Custom Resources - Action Changing the definition location so that the Role is created with the correct name. - Compatibility Information None. 02 PH23705 [ ]Security failure [*]Serious failure ([ ]Degradation) [*]Incompatibility does not exist / [ ]Incompatibility exists - Frequency ([*]Always / [ ]Rarely / [ ]Irregularly) - Description If the restart option of the FEPAction custom resource causes the database to restart, the following message is printed to the database container log and the restart fails: FATAL: data directory ""/database/userdata/data"" has invalid permissions DETAIL: Permissions should be u=rwx (0700) or u=rwx,g=rx (0750). - Requirements to reproduce this issue 1)Apply the FEPCluster custom resource to create the FEP server container. and 2)Restart kubelet on the Kubernetes node where the FEP server container is deployed. and 3)Run the restart option for the FEPAction custom resource - Action By changing the DB pod volume permission and ownership change policy to a policy that changes only when the permissions set for the volume do not match, the data folder permission change is suppressed during volume mount processing. - Compatibility Information None. -------------------------------------------------------------------------------