From 7aae61684917450b9191a79317a8a2907cbea7f5 Mon Sep 17 00:00:00 2001
From: jdowni000 <jdownie@redhat.com>
Date: Tue, 3 Mar 2026 15:45:11 -0600
Subject: [PATCH] Update OLM registry builder to v4.21 to fix CVE-2025-68121

Update ose-operator-registry-rhel9 from v4.19 to v4.21 in the
Dockerfile.olm-registry template to resolve CVE-2025-68121
(CRITICAL - CVSS 10) in Go stdlib.

The vulnerability exists in Go binaries (registry-server,
grpc_health_probe, initializer) compiled with Go v1.23.10
in the v4.19 builder image.

v4.21 was built on Feb 24, 2026 with patched Go stdlib and
does not contain CVE-2025-68121.

This affects all consuming repositories using this template
for OLM registry builds.

Related: SREP-3588
---
 .../openshift/golang-osd-operator/Dockerfile.olm-registry       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boilerplate/openshift/golang-osd-operator/Dockerfile.olm-registry b/boilerplate/openshift/golang-osd-operator/Dockerfile.olm-registry
index ca69fece..2750d914 100644
--- a/boilerplate/openshift/golang-osd-operator/Dockerfile.olm-registry
+++ b/boilerplate/openshift/golang-osd-operator/Dockerfile.olm-registry
@@ -1,4 +1,4 @@
-FROM registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.19 AS builder
+FROM registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.21 AS builder
 ARG SAAS_OPERATOR_DIR
 COPY ${SAAS_OPERATOR_DIR} manifests
 RUN initializer --permissive