This bug was created to ensure that one or more security vulnerabilities are fixed in affected versions of oVirt.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
expat-2.2.5-8.el8 (https://koji.mbox.centos.org/koji/buildinfo?buildID=21436) shipped to CentOS Stream 8 and is already on mirrors: http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/expat-2.2.5-8.el8.x86_64.rpm
#rpm -qa | grep expat
ovirt-node includes the correct expat package, so the bug is fixed, change bug status to VERIFIED.
This bugzilla is included in oVirt 4.5.0 release, published on April 20th 2022.
Since the problem described in this bug report should be resolved in oVirt 4.5.0 release, it has been closed with a resolution of CURRENT RELEASE.
If the solution does not work for you, please open a new bug report.