Chapter 6. Fixed issues
6.1. Security issues resolved in Red Hat Developer Hub 1.1.0 and 1.1.1
6.1.1. Security fixes in Red Hat Developer Hub 1.1.1
A number of security fixes have been applied in this release, including the following:
- NodeJS update for RHSA 128590
- CVE-2024-28176 Jose was found to have an uncontrolled resource consumption vulnerability (ocm-backend plugin).
- CVE-2024-28849 A vulnerability was found in the follow-redirects package. Follow redirects updated to 1.15.6.
6.2. Enhancements and bug fixes in Red Hat Developer Hub 1.1.0, 1.1.1, and 1.1.2
6.2.1. Enhancements and bug fixes in Red Hat Developer Hub 1.1.2
- Impossible to use custom sidecar containers
In earlier versions of Developer Hub, you could not use sidecar containers by overriding the Developer Hub image.
In Red Hat Developer Hub 1.1.2, a sidecar container image defined in the Custom Resource
spec.rawRuntimeConfigfield is not overridden by the RELATED_IMAGE_* environment variable or by thespec.application.imagefield.- Support for non-public images in a Kubernetes clulster
In earlier versions of Developer Hub, there was no option to configure image pull secrets for a PostgreSQL pod when installing Red Hat Developer Hub using the Operator.
Consequently, for a local PostgreSQL database, this issue prevented a user from using non-public images in non-OpenShift Container Platform clusters such as Amazon Elastic Kubernetes Service (EKS) or Microsoft Azure Kubernetes Service (AKS).
In Red Hat Developer Hub 1.1.2, you can configure the image pull secrets for both the Developer Hub and PostgreSQL pods in
spec.application.imagePullSecrets.- Cannot use the Helm CLI to install Red Hat Developer Hub 1.1.1
After the Developer Hub 1.1.0 release, OpenShift Helm charts were renamed, creating an incompatibility with the Developer Hub 1.1.0 naming convention for secrets.
As a consequence, in Developer Hub 1.1.1, the container fails to start if installed by the Helm CLI.
This regression, introduced in Developer Hub 1.1.1, is fixed in Developer Hub 1.1.2.
- Operator pod may encounter an out of memory error
In a cluster with a significant number of objects such as deployments and services, the Developer Hub operator pod may fail and show an
OOMKilledstatus, due to insufficient memory allocation.In Developer Hub 1.1.2, this issue is resolved by allocating 1Gi of memory to the pod.
6.2.2. Enhancements and bug fixes in Red Hat Developer Hub 1.1.1
- ArgoCD plugin downgraded to 2.4.1 from 2.6.2
- The EntityArgoCDHistoryCard does not work when the ArgoCD backend plugin is used. This issue has been fixed by reverting the ArgoCD plugin version to 2.4.1. For more information, see https://github.com/RoadieHQ/roadie-backstage-plugins/issues/1238
- Helm Chart deployment issue
In Red Hat Developer Hub 1.1.0, due to the inability to get resource "ingresses" in the config.openshift.io API group, a user without cluster administrator rights was unable to deploy the Red Hat Developer Hub 1.1.0 Helm Chart in hosted OpenShift Container Platform instances. This issue has been fixed by not automatically querying the OpenShift Container Platform cluster ingress for the domain to use for the
clusterRouterBase, as regular users do not have access to this resource, only cluster admins.As a result, when installing Red Hat Developer Hub using the 1.1.1 Helm Chart, you will need to set a
clusterRouterBasevalue. For more details, see the Installing Red Hat Developer Hub using Helm Chart section of the Administration guide for Red Hat Developer Hub guide for more details.- RBAC Backend cleanup
- In Developer Hub 1.1.0 when you remove all administration users from the application, administration metadata and policies are still present. This is issue is resolved in Developer Hub 1.1.1 so that user data is removed correctly. For more information, see https://github.com/janus-idp/backstage-plugins/pull/1314.
- Tekton UI improvement
- The Roxctl image check sometimes does not contain the response in the expected format and causes the UI to break. This issue is fixed in Red Hat Developer Hub 1.1.1. For more information, see https://issues.redhat.com/browse/RHTAPBUGS-1175 and https://github.com/janus-idp/backstage-plugins/issues/1355.
- Routes in the Toplogy view show an incorrect mapping
- In Red Hat Developer Hub 1.1.1. a check is added to services and routes to match the same namespace as workloads when resources are fetched across namespaces. For more information, see https://issues.redhat.com/browse/RHTAPBUGS-1166 and https://github.com/janus-idp/backstage-plugins/pull/1389.
- Logout issue with OAuth2 Proxy (OIDC)
- In Developer Hub 1.1.0 there is a sign-out issue for users that use OAuth2 Proxy with Keycloak. To resolve this sign-out issue, a forked version of auth-backend-module-oidc-provider is provided in 1.1.1 which enables switching to the OIDC provider with Keycloak. For more information, see https://issues.redhat.com/browse/RHDHBUGS-11 and https://github.com/janus-idp/backstage-showcase/pull/1072.
- Plugin changes in Red Hat Developer Hub 1.1.1
| Plugin | Version in 1.1.0 | Version in 1.1.1 |
|---|---|---|
| @roadiehq/backstage-plugin-argo-cd | 2.6.2 | 2.4.1 |
| @janus-idp/backstage-plugin-keycloak-backend | 1.8.5 | 1.8.6 |
| @janus-idp/backstage-plugin-topology | 1.18.7 | 1.18.8 |
| @janus-idp/backstage-plugin-ocm-backend | 3.5.6 | 3.5.7 |
| @janus-idp/backstage-plugin-quay | 1.5.9 | 1.5.10 |
| @janus-idp/backstage-plugin-rbac | 1.15.3 | 1.15.5 |
| @janus-idp/backstage-plugin-tekton | 3.5.10 | 3.5.12 |
6.2.3. Enhancements and bug fixes in Red Hat Developer Hub 1.1.0
- Fix an inability to dynamically load several upstream backend plugins
-
Before this release, a whole category of upstream or third-party backstage backend plugins could not be loaded dynamically when converted to dynamic plugins. Impacted plugins were those using the
resolvePackagePath()backstage API method. This issue impacted most of the backend plugins using the database service and providing migration scripts. This release removes such an important limitation of the dynamic plugin feature. - Incorrect configuration in the Atlassian Auth provider
-
Before this release, the authorization URL was constructed as
${baseUrl}/oauth/authorize, which did not align with the Atlassian expected path, resulting in an authentication error. Now, the users are directed to the authorization URL to get an authorization code for successful authentication. - RBAC: CSV repopulates the database whenever there is a server restart
-
Before this release, the
policy.csv filewas used to load permissions into Developer Hub. There might be instances of overlapping permissions, and the permissions could be reloaded into the database. - Validation is not working for the
Create RoleAPI -
Before this release, the validation process in the
Create RoleAPI was ineffective, allowing the creation of roles that were invalid. This resulted in input errors when attempting to update or delete these roles. - RBAC backend plugin: policy change requires server restart
-
Before this release, manually manipulating the
policy.csvfile led to inconsistent behavior, causing the manipulated permission or role to not apply correctly within the RBAC plugin. - No support for monitoring Red Hat Developer Hub plugins
- Before this release, no support was provided to administrators for monitoring Red Hat Developer Hub plugins. With this release, administrators can generate a list of Developer Hub plugins and their versions for monitoring purposes.
