[Security Advisory] 5.2.2 Release Remediates Critical CVE-2023-32188

[NeuVector Updates for new release and security updates for the NeuVector container security platform]

To the NeuVector Technical Update subscribers<https://lists.suse.com/mailman/listinfo/neuvector-updates>,

We’re happy to inform you that the v5.2.2 release of NeuVector is now available. This release fixes a critical vulnerability (CVE-2023-32188) in the NeuVector Manager/Controller and also has several enhancements and bug fixes.

CVE-2023-32188 - JWT token compromise can allow malicious actions including Remote Code Execution (RCE) – Users are advised to upgrade immediately to v5.2.2 to auto-generate the JWT signing token and use the NeuVector Helm chart v2.6.3+ to auto-generate a new certificate for Manager/REST API. In this is not possible, users should replace the Manager and Controller certificates as documented here<https://open-docs.neuvector.com/configuration/console/replacecert>. For more information, please see this NeuVector security advisory<https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x> on github.

Please see the 5.2.2 release notes<https://open-docs.neuvector.com/releasenotes/5x> for a complete list of enhancements and bug fixes.

If you are a subscriber to SUSE Support Services for NeuVector, you may contact your support team for assistance with upgrading.

Best regards,
The NeuVector team

You are receiving this email because you are a member of the NeuVector Technical Updates mailing list. To unsubscribe or manage your subscription please go to https://lists.suse.com/mailman/listinfo/neuvector-updates


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/neuvector-updates/attachments/20231006/b619c49e/attachment-0001.htm>