Merge pull request #62725 from sheriff-rh/CMP-2090

sheriff-rh · web-flow · commit 16eef29e26c6 · 2023-08-21T10:48:49.000-04:00
diff --git a/modules/compliance-supported-profiles.adoc b/modules/compliance-supported-profiles.adoc
@@ -20,18 +20,18 @@ The Compliance Operator provides the following compliance profiles:
 |Supported architectures
 
 |ocp4-cis
-|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.1.0
+|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.4.0
 |Platform
-|0.1.39+
+|1.2.0+
 |link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks &#8482;] ^[1]^
 |`x86_64`
  `ppc64le`
  `s390x`
 
 |ocp4-cis-node
-|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.1.0
+|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.4.0
 |Node ^[2]^
-|0.1.39+
+|1.2.0+
 |link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks &#8482;] ^[1]^
 |`x86_64`
  `ppc64le`
@@ -131,5 +131,5 @@ The Compliance Operator provides the following compliance profiles:
 |`x86_64`
 |===
 [.small]
-1. To locate the CIS {product-title} v4 Benchmark, go to  link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks] and type `Kubernetes` in the search box. Click on *Kubernetes* and then *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
+1. To locate the CIS {product-title} v4 Benchmark, go to  link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
 2. Node profiles must be used with the relevant Platform profile. For more information, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profile_typesunderstanding-compliance[Compliance Operator profile types].
diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc
@@ -15,6 +15,27 @@ For an overview of the Compliance Operator, see xref:../../security/compliance_o
 
 To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
 
+[id="compliance-operator-release-notes-1-2-0"]
+== OpenShift Compliance Operator 1.2.0
+
+The following advisory is available for the OpenShift Compliance Operator 1.2.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:4245[RHBA-2023:4245 - OpenShift Compliance Operator enhancement update]
+
+[id="compliance-operator-1-2-0-new-features-and-enhancements"]
+=== New features and enhancements
+
+* The CIS {product-title} 4 Benchmark v1.4.0 profile is now available for platform and node applications. To locate the CIS {product-title} v4 Benchmark, go to  link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
++
+[IMPORTANT]
+====
+Upgrading to Compliance Operator 1.2.0 will overwrite the CIS {product-title} 4 Benchmark 1.1.0 profiles.
+
+If your {product-title} environment contains existing `cis` and `cis-node` remediations, there might be some differences in scan results after upgrading to Compliance Operator 1.2.0.
+====
+
+* Additional clarity for auditing security context constraints (SCCs) is now available for the `scc-limit-container-allowed-capabilities` rule.
+
 [id="compliance-operator-release-notes-1-1-0"]
 == OpenShift Compliance Operator 1.1.0
 
