You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security/compliance_operator/compliance-operator-release-notes.adoc
+33-33Lines changed: 33 additions & 33 deletions
Original file line number
Diff line number
Diff line change
@@ -15,39 +15,39 @@ For an overview of the Compliance Operator, see xref:../../security/compliance_o
15
15
16
16
To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
17
17
18
-
[id="compliance-operator-release-notes-1-4-1"]
19
-
== OpenShift Compliance Operator 1.4.1
20
-
21
-
The following advisory is available for the OpenShift Compliance Operator 1.4.1:
* With this update, Compliance Operator now provides `OCP4 STIG ID` and `SRG` with the profile rules. (link:https://issues.redhat.com/browse/CMP-2401[*CMP-2401*])
29
-
30
-
* With this update, obsolete rules being applied to `s390x` have been removed. (link:https://issues.redhat.com/browse/CMP-2471[*CMP-2471*])
31
-
32
-
[id="compliance-operator-1-4-1-bug-fixes"]
33
-
=== Bug fixes
34
-
35
-
* Previously, for RHCOS systems using RHEL9, application of the `ocp4-kubelet-enable-protect-kernel-sysctl-file-exist` rule failed. This update replaces the rule with `ocp4-kubelet-enable-protect-kernel-sysctl`. Now, after auto remediation is applied, RHEL9-based RHCOS systems will show `PASS` upon the application of this rule. (link:https://issues.redhat.com/browse/OCPBUGS-13589[*OCPBUGS-13589*])
36
-
37
-
* Previously, after applying compliance remediations using profile `rhcos4-e8`, the nodes were no longer accessible using SSH to the core user account. With this update, nodes remain accessible through SSH using sshkey. (link:https://issues.redhat.com/browse/OCPBUGS-1833[*OCPBUGS-1833*])
38
-
39
-
* Previously, the `STIG` profile was missing rules from CaC that fulfill requirements on the published `STIG` for {product-title}. With this update, upon remediation, the cluster satisfies `STIG` requirements that can be remediated using Compliance Operator. (link:https://issues.redhat.com/browse/OCPBUGS-26193[*OCPBUGS-26193*])
40
-
41
-
* Previously, creating a `ScanSettingBinding` with profiles of different types for multiple products bypassed a restriction against multiple products types in a binding. With this update, the product validation now allows multiple products regardless of the of profile types in the `ScanSettingBinding`. (link:https://issues.redhat.com/browse/OCPBUGS-26229[*OCPBUGS-26229*])
42
-
43
-
* Previously, running the `rhcos4-service-debug-shell-disabled` rule showed as `FAIL` even after auto-remediation was applied. With this update, running the `rhcos4-service-debug-shell-disabled` rule now shows `PASS` after auto-remediation is applied. (link:https://issues.redhat.com/browse/OCPBUGS-28242[*OCPBUGS-28242*])
44
-
45
-
* With this update, instructions for the use of the `rhcos4-banner-etc-issue` rule are enhanced to provide more detail. (link:https://issues.redhat.com/browse/OCPBUGS-28797[*OCPBUGS-28797*])
46
-
47
-
* Previously the `api_server_api_priority_flowschema_catch_all` rule provided `FAIL` status on {product-title} 4.16 clusters. With this update, the `api_server_api_priority_flowschema_catch_all` rule provides `PASS` status on {product-title} 4.16 clusters. (link:https://issues.redhat.com/browse/OCPBUGS-28918[*OCPBUGS-28918*])
48
-
49
-
* Previously, when a profile was removed from a completed scan shown in `ScanSettingBinding` (SSB), Compliance Operator did not remove the old scan. Afterward, when launching a new SSB using the deleted profile, Compliance Operator failed to update the result. With this release of Compliance Operator, the new SSB now shows the new compliance check result. (link:https://issues.redhat.com/browse/OCPBUGS-29272[*OCPBUGS-29272*])
50
-
18
+
//[id="compliance-operator-release-notes-1-4-1"]
19
+
//== OpenShift Compliance Operator 1.4.1
20
+
//
21
+
//The following advisory is available for the OpenShift Compliance Operator 1.4.1:
//* With this update, Compliance Operator now provides `OCP4 STIG ID` and `SRG` with the profile rules. (link:https://issues.redhat.com/browse/CMP-2401[*CMP-2401*])
29
+
//
30
+
//* With this update, obsolete rules being applied to `s390x` have been removed. (link:https://issues.redhat.com/browse/CMP-2471[*CMP-2471*])
31
+
//
32
+
//[id="compliance-operator-1-4-1-bug-fixes"]
33
+
//=== Bug fixes
34
+
//
35
+
//* Previously, for RHCOS systems using RHEL9, application of the `ocp4-kubelet-enable-protect-kernel-sysctl-file-exist` rule failed. This update replaces the rule with `ocp4-kubelet-enable-protect-kernel-sysctl`. Now, after auto remediation is applied, RHEL9-based RHCOS systems will show `PASS` upon the application of this rule. (link:https://issues.redhat.com/browse/OCPBUGS-13589[*OCPBUGS-13589*])
36
+
//
37
+
//* Previously, after applying compliance remediations using profile `rhcos4-e8`, the nodes were no longer accessible using SSH to the core user account. With this update, nodes remain accessible through SSH using sshkey. (link:https://issues.redhat.com/browse/OCPBUGS-1833[*OCPBUGS-1833*])
38
+
//
39
+
//* Previously, the `STIG` profile was missing rules from CaC that fulfill requirements on the published `STIG` for {product-title}. With this update, upon remediation, the cluster satisfies `STIG` requirements that can be remediated using Compliance Operator. (link:https://issues.redhat.com/browse/OCPBUGS-26193[*OCPBUGS-26193*])
40
+
//
41
+
//* Previously, creating a `ScanSettingBinding` with profiles of different types for multiple products bypassed a restriction against multiple products types in a binding. With this update, the product validation now allows multiple products regardless of the of profile types in the `ScanSettingBinding`. (link:https://issues.redhat.com/browse/OCPBUGS-26229[*OCPBUGS-26229*])
42
+
//
43
+
//* Previously, running the `rhcos4-service-debug-shell-disabled` rule showed as `FAIL` even after auto-remediation was applied. With this update, running the `rhcos4-service-debug-shell-disabled` rule now shows `PASS` after auto-remediation is applied. (link:https://issues.redhat.com/browse/OCPBUGS-28242[*OCPBUGS-28242*])
44
+
//
45
+
//* With this update, instructions for the use of the `rhcos4-banner-etc-issue` rule are enhanced to provide more detail. (link:https://issues.redhat.com/browse/OCPBUGS-28797[*OCPBUGS-28797*])
46
+
//
47
+
//* Previously the `api_server_api_priority_flowschema_catch_all` rule provided `FAIL` status on {product-title} 4.16 clusters. With this update, the `api_server_api_priority_flowschema_catch_all` rule provides `PASS` status on {product-title} 4.16 clusters. (link:https://issues.redhat.com/browse/OCPBUGS-28918[*OCPBUGS-28918*])
48
+
//
49
+
//* Previously, when a profile was removed from a completed scan shown in `ScanSettingBinding` (SSB), Compliance Operator did not remove the old scan. Afterward, when launching a new SSB using the deleted profile, Compliance Operator failed to update the result. With this release of Compliance Operator, the new SSB now shows the new compliance check result. (link:https://issues.redhat.com/browse/OCPBUGS-29272[*OCPBUGS-29272*])
0 commit comments