Change8

v3.16.4

📦 quay-ioView on GitHub →
2 features🐛 9 fixes🔧 4 symbols

Summary

This release focuses heavily on dependency updates, security fixes (including CVEs), and minor web UI improvements, specifically targeting the redhat-3.16 branch.

Migration Steps

  1. Ensure react-redux is listed in package.json to fix hermetic Konflux builds.

✨ New Features

  • Backported PatternFly v5 to v6 migration to redhat-3.16.
  • Backported Playwright tests from master to redhat-3.16.

🐛 Bug Fixes

  • Fixed CVE-2026-29074.
  • Removed malformed struct tag space on DistributedStorageArgs.Signature in config-tool.
  • Fixed CVE-2026-33894.
  • Fixed LogRotateWorker failing to archive logs due to a TypeError in distributedstorage.py.
  • Fixed OIDCUsers.has_password_set returning False to bypass fresh-login check.
  • Prevented RCE via unsafe pickle deserialization.
  • Accepted RFC 9068 at+jwt tokens in is_jwt routing.
  • Used PatternFly background token instead of hardcoded dark color in web UI.
  • Reverted change to skip sending artifact images for scanning in secscan.

Affected Symbols

DistributedStorageArgs.SignatureOIDCUsers.has_password_setdistributedstorage.pyis_jwt routing