Merge pull request #66767 from anarnold97/MIG-1476-MTC-1-8.1-Release-Notes

jeana-redhat · web-flow · commit ac90b48aafb0 · 2023-10-24T10:52:59.000-04:00
MIG-1476: release notes for MTC 1.8.1
diff --git a/migration_toolkit_for_containers/mtc-release-notes.adoc b/migration_toolkit_for_containers/mtc-release-notes.adoc
@@ -17,6 +17,7 @@ You can migrate from xref:../migrating_from_ocp_3_to_4/about-migrating-from-3-to
 
 For information on the support policy for {mtc-short}, see link:https://access.redhat.com/support/policy/updates/openshift#app_migration[OpenShift Application and Cluster Migration Solutions], part of the _Red Hat {product-title} Life Cycle Policy_.
 
+include::modules/migration-mtc-release-notes-1-8-1.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-8.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-7-13.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-7-12.adoc[leveloffset=+1]
diff --git a/modules/migration-mtc-release-notes-1-8-1.adoc b/modules/migration-mtc-release-notes-1-8-1.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_content-type: REFERENCE
+[id="migration-mtc-release-notes-1-8-1_{context}"]
+= {mtc-full} 1.8.1 release notes
+
+[id="resolved-issues-1-8-1_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work
+
+A flaw was found in handling multiplexed streams in the HTTP/2 protocol, which is used by {mtc-full} ({mtc-short}). A client could repeatedly make a request for a new multiplex stream and immediately send an `RST_STREAM` frame to cancel it. This creates additional workload for the server in terms of setting up and dismantling streams, while avoiding any server-side limitations on the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. link:https://bugzilla.redhat.com/show_bug.cgi?id=2245079[(BZ#2245079)]
+
+It is advised to update to {mtc-short} 1.8.1 or later, which resolve this issue.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2023-39325[(CVE-2023-39325)] and link:https://access.redhat.com/security/cve/cve-2023-44487[(CVE-2023-44487)]
+
+
+
+[id="known-issues-1-8-1_{context}"]
+== Known issues
+
+There are no major known issues in this release.
