RHOAI 3.4 vulnerabilities

[tisnik]

Description

RHOAI 3.4 vulnerabilities

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Summary by CodeRabbit

• Documentation
  • Added a new demo page showcasing vulnerabilities in the RHOAI 3.4 package index.
  • The page includes visual summaries for CVE severity, packages with the most CVEs, and new CVE trends over time.

[coderabbitai]

Walkthrough

A new static HTML file docs/demos/vulnerabilities/rhoai_3_4.htm is added. It links to stylesheet.css and displays three SVG-based visualizations: CVE severity distribution, packages with the most CVEs, and new CVE frequency over time, all scoped to RHOAI 3.4.

Changes

RHOAI 3.4 Vulnerability Report Page

Layer / File(s)	Summary
Static HTML report page with SVG embeds docs/demos/vulnerabilities/rhoai_3_4.htm	New 29-line HTML document with page title, metadata, stylesheet.css link, and three embedded SVG images for CVE severity (RHOAI_3.4_severity.svg), top CVE packages (RHOAI_3.4_packages.svg), and CVE timeline (RHOAI_3.4_timeline.svg).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly matches the PR’s main change: adding RHOAI 3.4 vulnerability documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/demos/vulnerabilities/rhoai_3_4.htm`:
- Line 17: The chart images in the HTML page are missing accessibility text, so
add meaningful alt attributes to each affected img element. Update the img tags
for the report charts in rhoai_3_4.htm to include concise descriptive alt text
that identifies the chart content, and apply the same fix to the other
referenced img instances in this file.
- Line 2: The opening HTML element is missing a language declaration, so update
the top-level html tag in this document to include a lang attribute. Use the
html element as the anchor for the change and set the page language
appropriately to improve accessibility and text pronunciation.
- Line 7: The meta charset declaration is invalid in the HTML document; update
the charset value in the existing meta tag to the correct UTF-8 encoding so the
page renders consistently. Locate the meta http-equiv tag in the document and
fix the charset attribute value there, keeping the rest of the head markup
unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0e778620-47ce-4afe-aed1-4ed0f7b15259

📥 Commits

Reviewing files that changed from the base of the PR and between d27d52d and 71fb528.

⛔ Files ignored due to path filters (3)

• docs/demos/vulnerabilities/RHOAI_3.4_packages.svg is excluded by !**/*.svg
• docs/demos/vulnerabilities/RHOAI_3.4_severity.svg is excluded by !**/*.svg
• docs/demos/vulnerabilities/RHOAI_3.4_timeline.svg is excluded by !**/*.svg

📒 Files selected for processing (1)

• docs/demos/vulnerabilities/rhoai_3_4.htm

📜 Review details

⏰ Context from checks skipped due to timeout. (11)

• GitHub Check: build-pr
• GitHub Check: integration_tests (3.12)
• GitHub Check: integration_tests (3.13)
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-0-6-on-pull-request
• GitHub Check: E2E: server mode / ci / group 2
• GitHub Check: E2E: library mode / ci / group 1
• GitHub Check: E2E: server mode / ci / group 1
• GitHub Check: E2E: library mode / ci / group 2
• GitHub Check: E2E: server mode / ci / group 3
• GitHub Check: E2E: library mode / ci / group 3

[coderabbitai]

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Set document language on Line 2.

Add lang to improve accessibility and correct text pronunciation.

Suggested fix

-<html>
+<html lang="en">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<html>
	<html lang="en">

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/demos/vulnerabilities/rhoai_3_4.htm` at line 2, The opening HTML element
is missing a language declaration, so update the top-level html tag in this
document to include a lang attribute. Use the html element as the anchor for the
change and set the page language appropriately to improve accessibility and text
pronunciation.

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Fix invalid charset declaration on Line 7.

charset=urf-8 is invalid; use UTF-8 to avoid encoding/rendering issues.

Suggested fix

-        <meta http-equiv="content-type" content="text/html; charset=urf-8">
+        <meta http-equiv="content-type" content="text/html; charset=utf-8">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<meta http-equiv="content-type" content="text/html; charset=urf-8">
	<meta http-equiv="content-type" content="text/html; charset=utf-8">

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/demos/vulnerabilities/rhoai_3_4.htm` at line 7, The meta charset
declaration is invalid in the HTML document; update the charset value in the
existing meta tag to the correct UTF-8 encoding so the page renders
consistently. Locate the meta http-equiv tag in the document and fix the charset
attribute value there, keeping the rest of the head markup unchanged.

[coderabbitai]

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Add alt text for chart images.

These images carry report content; without alt, the page is not accessible to screen-reader users.

Suggested fix

-        <img src="RHOAI_3.4_severity.svg">
+        <img src="RHOAI_3.4_severity.svg" alt="Bar chart showing CVE severities for RHOAI 3.4">
...
-        <img src="RHOAI_3.4_packages.svg">
+        <img src="RHOAI_3.4_packages.svg" alt="Bar chart of packages with most CVEs in RHOAI 3.4">
...
-        <img src="RHOAI_3.4_timeline.svg">
+        <img src="RHOAI_3.4_timeline.svg" alt="Timeline chart of new CVE frequency over time for RHOAI 3.4">

Also applies to: 21-21, 25-25

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/demos/vulnerabilities/rhoai_3_4.htm` at line 17, The chart images in the
HTML page are missing accessibility text, so add meaningful alt attributes to
each affected img element. Update the img tags for the report charts in
rhoai_3_4.htm to include concise descriptive alt text that identifies the chart
content, and apply the same fix to the other referenced img instances in this
file.