Skip to content

Commit 51ae93a

Browse files
ShaunaDiazShaunaDiaz
authored
Merge pull request #74903 from GroceryBoyJr/cmp-2336-hold
Comment out release note update until Apr 25
2 parents d1395d9 + ee59460 commit 51ae93a

File tree

1 file changed

+33
-33
lines changed

1 file changed

+33
-33
lines changed

security/compliance_operator/compliance-operator-release-notes.adoc

Lines changed: 33 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -15,39 +15,39 @@ For an overview of the Compliance Operator, see xref:../../security/compliance_o
1515

1616
To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
1717

18-
[id="compliance-operator-release-notes-1-4-1"]
19-
== OpenShift Compliance Operator 1.4.1
20-
21-
The following advisory is available for the OpenShift Compliance Operator 1.4.1:
22-
23-
* link:https://access.redhat.com/errata/RHBA-2024:1830[RHBA-2024:1830 - OpenShift Compliance Operator bug fix and enhancement update]
24-
25-
[id="compliance-operator-1-4-1-new-features-and-enhancements"]
26-
=== New features and enhancements
27-
28-
* With this update, Compliance Operator now provides `OCP4 STIG ID` and `SRG` with the profile rules. (link:https://issues.redhat.com/browse/CMP-2401[*CMP-2401*])
29-
30-
* With this update, obsolete rules being applied to `s390x` have been removed. (link:https://issues.redhat.com/browse/CMP-2471[*CMP-2471*])
31-
32-
[id="compliance-operator-1-4-1-bug-fixes"]
33-
=== Bug fixes
34-
35-
* Previously, for RHCOS systems using RHEL9, application of the `ocp4-kubelet-enable-protect-kernel-sysctl-file-exist` rule failed. This update replaces the rule with `ocp4-kubelet-enable-protect-kernel-sysctl`. Now, after auto remediation is applied, RHEL9-based RHCOS systems will show `PASS` upon the application of this rule. (link:https://issues.redhat.com/browse/OCPBUGS-13589[*OCPBUGS-13589*])
36-
37-
* Previously, after applying compliance remediations using profile `rhcos4-e8`, the nodes were no longer accessible using SSH to the core user account. With this update, nodes remain accessible through SSH using sshkey. (link:https://issues.redhat.com/browse/OCPBUGS-1833[*OCPBUGS-1833*])
38-
39-
* Previously, the `STIG` profile was missing rules from CaC that fulfill requirements on the published `STIG` for {product-title}. With this update, upon remediation, the cluster satisfies `STIG` requirements that can be remediated using Compliance Operator. (link:https://issues.redhat.com/browse/OCPBUGS-26193[*OCPBUGS-26193*])
40-
41-
* Previously, creating a `ScanSettingBinding` with profiles of different types for multiple products bypassed a restriction against multiple products types in a binding. With this update, the product validation now allows multiple products regardless of the of profile types in the `ScanSettingBinding`. (link:https://issues.redhat.com/browse/OCPBUGS-26229[*OCPBUGS-26229*])
42-
43-
* Previously, running the `rhcos4-service-debug-shell-disabled` rule showed as `FAIL` even after auto-remediation was applied. With this update, running the `rhcos4-service-debug-shell-disabled` rule now shows `PASS` after auto-remediation is applied. (link:https://issues.redhat.com/browse/OCPBUGS-28242[*OCPBUGS-28242*])
44-
45-
* With this update, instructions for the use of the `rhcos4-banner-etc-issue` rule are enhanced to provide more detail. (link:https://issues.redhat.com/browse/OCPBUGS-28797[*OCPBUGS-28797*])
46-
47-
* Previously the `api_server_api_priority_flowschema_catch_all` rule provided `FAIL` status on {product-title} 4.16 clusters. With this update, the `api_server_api_priority_flowschema_catch_all` rule provides `PASS` status on {product-title} 4.16 clusters. (link:https://issues.redhat.com/browse/OCPBUGS-28918[*OCPBUGS-28918*])
48-
49-
* Previously, when a profile was removed from a completed scan shown in `ScanSettingBinding` (SSB), Compliance Operator did not remove the old scan. Afterward, when launching a new SSB using the deleted profile, Compliance Operator failed to update the result. With this release of Compliance Operator, the new SSB now shows the new compliance check result. (link:https://issues.redhat.com/browse/OCPBUGS-29272[*OCPBUGS-29272*])
50-
18+
//[id="compliance-operator-release-notes-1-4-1"]
19+
//== OpenShift Compliance Operator 1.4.1
20+
//
21+
//The following advisory is available for the OpenShift Compliance Operator 1.4.1:
22+
//
23+
//* link:https://access.redhat.com/errata/RHBA-2024:1830[RHBA-2024:1830 - OpenShift Compliance Operator bug fix and enhancement update]
24+
//
25+
//[id="compliance-operator-1-4-1-new-features-and-enhancements"]
26+
//=== New features and enhancements
27+
//
28+
//* With this update, Compliance Operator now provides `OCP4 STIG ID` and `SRG` with the profile rules. (link:https://issues.redhat.com/browse/CMP-2401[*CMP-2401*])
29+
//
30+
//* With this update, obsolete rules being applied to `s390x` have been removed. (link:https://issues.redhat.com/browse/CMP-2471[*CMP-2471*])
31+
//
32+
//[id="compliance-operator-1-4-1-bug-fixes"]
33+
//=== Bug fixes
34+
//
35+
//* Previously, for RHCOS systems using RHEL9, application of the `ocp4-kubelet-enable-protect-kernel-sysctl-file-exist` rule failed. This update replaces the rule with `ocp4-kubelet-enable-protect-kernel-sysctl`. Now, after auto remediation is applied, RHEL9-based RHCOS systems will show `PASS` upon the application of this rule. (link:https://issues.redhat.com/browse/OCPBUGS-13589[*OCPBUGS-13589*])
36+
//
37+
//* Previously, after applying compliance remediations using profile `rhcos4-e8`, the nodes were no longer accessible using SSH to the core user account. With this update, nodes remain accessible through SSH using sshkey. (link:https://issues.redhat.com/browse/OCPBUGS-1833[*OCPBUGS-1833*])
38+
//
39+
//* Previously, the `STIG` profile was missing rules from CaC that fulfill requirements on the published `STIG` for {product-title}. With this update, upon remediation, the cluster satisfies `STIG` requirements that can be remediated using Compliance Operator. (link:https://issues.redhat.com/browse/OCPBUGS-26193[*OCPBUGS-26193*])
40+
//
41+
//* Previously, creating a `ScanSettingBinding` with profiles of different types for multiple products bypassed a restriction against multiple products types in a binding. With this update, the product validation now allows multiple products regardless of the of profile types in the `ScanSettingBinding`. (link:https://issues.redhat.com/browse/OCPBUGS-26229[*OCPBUGS-26229*])
42+
//
43+
//* Previously, running the `rhcos4-service-debug-shell-disabled` rule showed as `FAIL` even after auto-remediation was applied. With this update, running the `rhcos4-service-debug-shell-disabled` rule now shows `PASS` after auto-remediation is applied. (link:https://issues.redhat.com/browse/OCPBUGS-28242[*OCPBUGS-28242*])
44+
//
45+
//* With this update, instructions for the use of the `rhcos4-banner-etc-issue` rule are enhanced to provide more detail. (link:https://issues.redhat.com/browse/OCPBUGS-28797[*OCPBUGS-28797*])
46+
//
47+
//* Previously the `api_server_api_priority_flowschema_catch_all` rule provided `FAIL` status on {product-title} 4.16 clusters. With this update, the `api_server_api_priority_flowschema_catch_all` rule provides `PASS` status on {product-title} 4.16 clusters. (link:https://issues.redhat.com/browse/OCPBUGS-28918[*OCPBUGS-28918*])
48+
//
49+
//* Previously, when a profile was removed from a completed scan shown in `ScanSettingBinding` (SSB), Compliance Operator did not remove the old scan. Afterward, when launching a new SSB using the deleted profile, Compliance Operator failed to update the result. With this release of Compliance Operator, the new SSB now shows the new compliance check result. (link:https://issues.redhat.com/browse/OCPBUGS-29272[*OCPBUGS-29272*])
50+
//
5151
[id="compliance-operator-release-notes-1-4-0"]
5252
== OpenShift Compliance Operator 1.4.0
5353

0 commit comments

Comments
 (0)