RS: 7.8.4 release docs (#1005)

rrelledge · web-flow · commit 07b897d19324 · 2024-12-23T09:15:09.000-06:00
* DOC-4629 Prepare RS 7.8 release notes landing page for minor releases * DOC-4630 DOC-4629 RS 7.8.4 release notes draft * DOC-4630 RS: Add cert-based auth fields to cluster REST API object reference * DOC-4630 RS: Add certificate_subject_line to user REST API object reference * DOC-4630 DOC-4629 Feedback updates to fix cert-based auth steps in release notes * DOC-4630 RS: Fix mtls_authorized_subjects type in cluster REST API object reference * DOC-4630 RS: Fix mtls_certificate_authentication type in release notes example * DOC-4629 Copy HFE known limitation to RS 7.8.4 release notes & remove patch version number from modules * DOC-4628 Added build number & checksums to RS 7.8.4 release notes * DOC-4629 Added one more resolved issue to release notes * Changed punctuation for consistency
diff --git a/content/operate/rs/references/rest-api/objects/cluster/_index.md b/content/operate/rs/references/rest-api/objects/cluster/_index.md
@@ -19,52 +19,55 @@ An API object that represents the cluster.
 | bigstore_driver | 'speedb'<br />'rocksdb' | Storage engine for Auto Tiering |
 | cluster_ssh_public_key | string | Cluster's autogenerated SSH public key |
 | cm_port | integer, (range:&nbsp;1024-65535) | UI HTTPS listening port |
-| cm_session_timeout_minutes | integer (default:&nbsp;15) | The timeout (in minutes) for the session to the CM |
-| cnm_http_max_threads_per_worker | integer (default: 10) | Maximum number of threads per worker in the `cnm_http` service (deprecated) |
+| <span class="break-all">cm_session_timeout_minutes</span> | integer (default:&nbsp;15) | The timeout (in minutes) for the session to the CM |
+| <span class="break-all">cnm_http_max_threads_per_worker</span> | integer (default: 10) | Maximum number of threads per worker in the `cnm_http` service (deprecated) |
 | cnm_http_port | integer, (range:&nbsp;1024-65535) | API HTTP listening port |
 | cnm_http_workers | integer (default: 1) | Number of workers in the `cnm_http` service |
 | cnm_https_port | integer, (range:&nbsp;1024-65535) | API HTTPS listening port |
 | control_cipher_suites | string | Specifies the enabled ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. |
-| control_cipher_suites_tls_1_3 | string | Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only) |
+| <span class="break-all">control_cipher_suites_tls_1_3</span> | string | Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only) |
 | crdb_coordinator_port | integer, (range:&nbsp;1024-65535) (default:&nbsp;9081) | CRDB coordinator port |
 | crdt_rest_client_retries | integer | Maximum number of retries for the REST client used by the Active-Active management API |
 | crdt_rest_client_timeout | integer | Timeout for REST client used by the Active-Active management API |
 | created_time | string | Cluster creation date (read-only) |
 | data_cipher_list | string | Specifies the enabled ciphers for the data plane. The ciphers are specified in the format understood by the OpenSSL library. |
-| data_cipher_suites_tls_1_3 | string | Specifies the enabled TLS 1.3 ciphers for the data plane. |
+| <span class="break-all">data_cipher_suites_tls_1_3</span> | string | Specifies the enabled TLS 1.3 ciphers for the data plane. |
 | debuginfo_path | string | Path to a local directory used when generating support packages |
-| default_non_sharded_proxy_policy | string (default:&nbsp;single) | Default proxy_policy for newly created non-sharded databases' endpoints (read-only) |
-| default_sharded_proxy_policy | string (default:&nbsp;all-master-shards) | Default proxy_policy for newly created sharded databases' endpoints (read-only) |
+| <span class="break-all">default_non_sharded_proxy_policy</span> | string (default:&nbsp;single) | Default proxy_policy for newly created non-sharded databases' endpoints (read-only) |
+| <span class="break-all">default_sharded_proxy_policy</span> | string (default:&nbsp;all-master-shards) | Default proxy_policy for newly created sharded databases' endpoints (read-only) |
 | email_alerts | boolean (default:&nbsp;false) | Send node/cluster email alerts (requires valid SMTP and email_from settings) |
 | email_from | string | Sender email for automated emails |
 | encrypt_pkeys | boolean (default:&nbsp;false) | Enable or turn off encryption of private keys |
 | envoy_admin_port | integer, (range:&nbsp;1024-65535) | Envoy admin port. Changing this port during runtime might result in an empty response because envoy serves as the cluster gateway.|
-| envoy_max_downstream_connections | integer, (range:&nbsp;100-2048) | The max downstream connections envoy is allowed to open |
+| <span class="break-all">envoy_max_downstream_connections</span> | integer, (range:&nbsp;100-2048) | The max downstream connections envoy is allowed to open |
 | envoy_mgmt_server_port | integer, (range:&nbsp;1024-65535) | Envoy management server port|
 | gossip_envoy_admin_port | integer, (range:&nbsp;1024-65535) | Gossip envoy admin port|
 | handle_redirects | boolean (default:&nbsp;false) | Handle API HTTPS requests and redirect to the master node internally |
 | http_support | boolean (default:&nbsp;false) | Enable or turn off HTTP support |
 | min_control_TLS_version | '1.2'<br />'1.3' | The minimum version of TLS protocol which is supported at the control path |
 | min_data_TLS_version | '1.2'<br />'1.3' | The minimum version of TLS protocol which is supported at the data path |
 | min_sentinel_TLS_version | '1.2'<br />'1.3' | The minimum version of TLS protocol which is supported at the data path |
+| mtls_authorized_subjects | array | {{<code>}}[{<br />  "CN": string,<br />  "O": string,<br />  "OU": [array of strings],<br />  "L": string,<br />  "ST": string,<br />  "C": string<br />}, ...]{{</code>}} A list of valid subjects used for additional certificate validations during TLS client authentication. All subject attributes are case-sensitive.<br />**Required subject fields**:<br />"CN" for Common Name<br />**Optional subject fields:**<br />"O" for Organization<br />"OU" for Organizational Unit (array of strings)<br />"L" for Locality (city)<br />"ST" for State/Province<br />"C" for 2-letter country code |
+| <span class="break-all">mtls_certificate_authentication</span> | boolean | Require authentication of client certificates for mTLS connections to the cluster. The API_CA certificate should be configured as a prerequisite. |
+| <span class="break-all">mtls_client_cert_subject_validation_type</span> | `disabled`<br />`san_cn`<br />`full_subject` | Enables additional certificate validations that further limit connections to clients with valid certificates during TLS client authentication.<br />Values:<br />**disabled**: Authenticates clients with valid certificates. No additional validations are enforced.<br />**san_cn**: A client certificate is valid only if its Common Name (CN) matches an entry in the list of valid subjects. Ignores other Subject attributes.<br />**full_subject**: A client certificate is valid only if its Subject attributes match an entry in the list of valid subjects. |
 | name | string | Cluster's fully qualified domain name (read-only) |
 | password_complexity | boolean (default:&nbsp;false) | Enforce password complexity policy |
-| password_expiration_duration | integer (default:&nbsp;0) | The number of days a password is valid until the user is required to replace it |
+| <span class="break-all">password_expiration_duration</span> | integer (default:&nbsp;0) | The number of days a password is valid until the user is required to replace it |
 | password_min_length | integer, (range: 8-256) (default: 8) | The minimum length required for a password. |
 | proxy_certificate | string | Cluster's proxy certificate |
-| proxy_max_ccs_disconnection_time | integer | Cluster-wide proxy timeout policy between proxy and CCS |
+| <span class="break-all">proxy_max_ccs_disconnection_time</span> | integer | Cluster-wide proxy timeout policy between proxy and CCS |
 | rack_aware | boolean | Cluster operates in a rack-aware mode (read-only) |
 | reserved_ports | array of strings | List of reserved ports and/or port ranges to avoid using for database endpoints (for example `"reserved_ports": ["11000", "13000-13010"]`) |
 | s3_url | string | Specifies the URL for S3 export and import |
 | saslauthd_ldap_conf | string | saslauthd LDAP configuration |
 | sentinel_cipher_suites | array | Specifies the list of enabled ciphers for the sentinel service. The supported ciphers are those implemented by the [cipher_suites.go](<https://golang.org/src/crypto/tls/cipher_suites.go>) package. |
-| sentinel_cipher_suites_tls_1_3 | string | Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the [cipher_suites.go](<https://golang.org/src/crypto/tls/cipher_suites.go>) package.(read-only) |
+| <span class="break-all">sentinel_cipher_suites_tls_1_3<span> | string | Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the [cipher_suites.go](<https://golang.org/src/crypto/tls/cipher_suites.go>) package.(read-only) |
 | sentinel_tls_mode | 'allowed'<br />'disabled' <br />'required' | Determines whether the discovery service allows, blocks, or requires TLS connections (previously named `sentinel_ssl_policy`)<br />**allowed**: Allows both TLS and non-TLS connections<br />**disabled**: Allows only non-TLS connections<br />**required**: Allows only TLS connections |
 | slave_ha | boolean (default:&nbsp;false) | Enable the replica high-availability mechanism (read-only) |
-| slave_ha_bdb_cooldown_period | integer (default:&nbsp;86400) | Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only) |
-| slave_ha_cooldown_period | integer (default:&nbsp;3600) | Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only) |
-| slave_ha_grace_period | integer (default:&nbsp;900) | Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only) |
-| slowlog_in_sanitized_support | boolean | Whether to include slowlogs in the sanitized support package |
+| <span class="break-all">slave_ha_bdb_cooldown_period</span> | integer (default:&nbsp;86400) | Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only) |
+| <span class="break-all">slave_ha_cooldown_period</span> | integer (default:&nbsp;3600) | Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only) |
+| <span class="break-all">slave_ha_grace_period</span> | integer (default:&nbsp;900) | Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only) |
+| <span class="break-all">slowlog_in_sanitized_support</span> | boolean | Whether to include slowlogs in the sanitized support package |
 | smtp_host | string | SMTP server for automated emails |
 | smtp_password | string | SMTP server password |
 | smtp_port | integer | SMTP server port for automated emails |
diff --git a/content/operate/rs/references/rest-api/objects/user.md b/content/operate/rs/references/rest-api/objects/user.md
@@ -17,6 +17,7 @@ weight: $weight
 | action_uid | string | Action UID. If it exists, progress can be tracked by the `GET`&nbsp;`/actions/{uid}` API request (read-only) |
 | auth_method | **'regular'**<br />'certificate'<br />'entraid' | User's authentication method |
 | bdbs_email_alerts | complex object | UIDs of databases that user will receive alerts for |
+| certificate_subject_line | string | The certificate’s subject line as defined by RFC2253. Used for certificate-based authentication users only. |
 | cluster_email_alerts | boolean | Activate cluster email alerts for a user |
 | email | string | User's email (pattern matching only ASCII characters) |
 | email_alerts | boolean (default:&nbsp;true) | Activate email alerts for a user |
diff --git a/content/operate/rs/release-notes/rs-7-8-releases/_index.md b/content/operate/rs/release-notes/rs-7-8-releases/_index.md
@@ -1,5 +1,5 @@
 ---
-Title: Redis Software release notes 7.8.2
+Title: Redis Software release notes 7.8.x
 alwaysopen: false
 categories:
 - docs
@@ -8,12 +8,12 @@ categories:
 compatibleOSSVersion: Redis 7.4.0
 description: Redis Community Edition 7.4 features. Hash field expiration. Client-side caching support. Metrics stream engine preview. New APIs to check database availability, rebalance shards, fail over shards, and control database traffic. Cluster Manager UI enhancements for node actions, database tags, and database configuration. User manager role. Log rotation based on both size and time. Module management enhancements. Configurable minimum password length. Configurable license expiration alert threshold.
 hideListLinks: true
-linkTitle: 7.8.2 releases
+linkTitle: 7.8.x releases
 toc: 'true'
 weight: 69
 ---
 
-​[​Redis Software version 7.8.2](https://redis.io/downloads/#software) is now available!
+​[​Redis Software version 7.8](https://redis.io/downloads/#software) is now available!
 
 ## Highlights
 
diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-4-18.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-4-18.md
