releasenotes/notes/2023.1-update-packages-and-containers-q2-2024-02ed375b9c73ac75.yaml

---
features:
  - |
    Bumped pulp repo versions for Q2 2024
    Bumped Kolla image tags for Q2 2024
    Bumped prometheus server from 2.38.0 to 2.51.1
    Bumped prometheus alertmanager from 0.24.0 to 0.26.0
    Bumped prometheus blackbox exporter from 0.23.0 to 0.25.0
    Bumped prometheus cadvisor exporter from 0.48.0 to 0.49.1
    Bumped prometheus haproxy exporter from 0.13.0 to 0.15.0
    Bumped prometheus memcached exporter from 0.10.0 to 0.14.3
    Bumped prometheus msteams from 1.5.1 to 1.5.2
    Bumped prometheus mtail from 3.0.0-rc50 to 3.0.0-rc53
    Bumped prometheus mysqld exporter from 0.15.0 to 0.15.1
    Bumped prometheus node exporter from 1.4.0 to 1.7.0
    Bumped prometheus openstack exporter from 1.6.0 to 1.7.0
    Bumped prometheus ovn exporter from 1.0.6 to 1.0.7
    Bumped opensearch from 2.11.1-1 to 2.13.0-1 (Rocky Linux 9)
    Bumped opensearch from 2.12.0 to 2.13.0 (Ubuntu Jammy)
    Bumped grafana from 10.1.5-1 to 10.4.2-1 (Rocky Linux 9)
    Bumped grafana from 10.4.0 to 10.4.2 (Ubuntu Jammy)
security:
  - |
    Fixed CVE-2023-31047, CVE-2023-23969, CVE-2023-24580, CVE-2023-36053,
    CVE-2023-46695, CVE-2023-30861, CVE-2022-4899. CVE-2024-1135,
    GHSA-2m57-hf25-phgg, CVE-2023-0286, CVE-2023-50782, CVE-2024-26130
    for openstack services.

    Fixed CVE-2022-41723, CVE-2023-39325 (except prometheus-alertmanager,
    prometheus-msteams-exporter, prometheus-haproxy-exporter,
    prometheus-openstack-exporter. No patch available.), CVE-2021-43565,
    CVE-2022-27191, CVE-2022-27664, CVE-2021-38561, CVE-2022-21698,
    CVE-2021-4238, CVE-2022-40083, CVE-2022-41721, CVE-2021-33194,
    CVE-2023-2253, CVE-2023-27561, CVE-2023-28840, CVE-2024-21626,
    CVE-2022-32149, CVE-2023-45142, GHSA-m425-mq94-257g
    for prometheus server and exporters except prometheus-libvirt-exporter
    and prometheus-haproxy-exporter. (Source repository of each are archived
    and no longer maintained)

    Fixed CVE-2023-39325, CVE-2023-45142, CVE-2023-47108, CVE-2023-49568,
    CVE-2023-49569, GHSA-9763-4f94-gfch, GHSA-m425-mq94-257g
    for grafana.

    It is advised to redeploy service with current version of images from
    StackHPC Release Train.