Merge pull request #66512 from anarnold97/OADP-2939-release-notes-OADP-1.2.3

kcarmichael08 · web-flow · commit e6031e362efb · 2023-10-25T15:12:47.000-04:00
diff --git a/backup_and_restore/application_backup_and_restore/oadp-release-notes.adoc b/backup_and_restore/application_backup_and_restore/oadp-release-notes.adoc
@@ -9,6 +9,8 @@ toc::[]
 
 The release notes for OpenShift API for Data Protection (OADP) describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
 
+include::modules/oadp-release-notes-1-2-3.adoc[leveloffset=+1]
+
 include::modules/oadp-release-notes-1-2-2.adoc[leveloffset=+1]
 
 include::modules/oadp-release-notes-1-2-1.adoc[leveloffset=+1]
diff --git a/modules/oadp-release-notes-1-2-0.adoc b/modules/oadp-release-notes-1-2-0.adoc
@@ -11,16 +11,16 @@ The OADP 1.2.0 release notes include information about new features, bug fixes,
 [id="new-features_{context}"]
 == New features
 
-.link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/backup_and_restore/application-backup-and-restore#installing-oadp-aws[Resource timeouts]
-The new `resourceTimeout` option specifies the timeout duration in minutes for waiting on various Velero resources. This option applies to resources such as Velero CRD availability, `volumeSnapshot` deletion, and backup repository availability. The default duration is ten minutes.
+.Resource timeouts
+The new `resourceTimeout` option specifies the timeout duration in minutes for waiting on various Velero resources. This option applies to resources such as Velero CRD availability, `volumeSnapshot` deletion, and backup repository availability. The default duration is 10 minutes.
 
-.link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/backup_and_restore/application-backup-and-restore#oadp-s3-compatible-backup-storage-providers_about-installing-oadp[AWS S3 compatible backup storage providers]
+.AWS S3 compatible backup storage providers
 You can back up objects and snapshots on AWS S3 compatible providers.
 
 [id="new-features-tech-preview-1-2-0_{context}"]
 === Technical preview features
 
-.link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/backup_and_restore/application-backup-and-restore#installing-and-configuring-oadp[Data Mover]
+.Data Mover
 The OADP Data Mover enables you to back up Container Storage Interface (CSI) volume snapshots to a remote object store. When you enable Data Mover, you can restore stateful applications using CSI volume snapshots pulled from the object store in case of accidental cluster deletion, cluster failure, or data corruption.
 
 :FeatureName: OADP Data Mover
@@ -34,5 +34,12 @@ For a complete list of all issues resolved in this release, see the list of link
 [id="known-issues-1-2-0_{context}"]
 == Known issues
 
-This release does not have any known issues.
+The following issues have been highlighted as known issues in the release of OADP 1.2.0:
 
+.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+
+The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list].
+
+It is advised to upgrade to OADP 1.2.3, which resolves this issue.
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
diff --git a/modules/oadp-release-notes-1-2-3.adoc b/modules/oadp-release-notes-1-2-3.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes.adoc
+
+:_content-type: REFERENCE
+[id="migration-oadp-release-notes-1-2-3_{context}"]
+= OADP 1.2.3 release notes
+
+
+[id="new-features-1-2-3_{context}"]
+== New features
+
+There are no new features in the release of {oadp-first} 1.2.3.
+
+// :FeatureName: OADP Data Mover
+// include::snippets/technology-preview.adoc[]
+
+[id="resolved-issues-1-2-3_{context}"]
+== Resolved issues
+
+The following highlighted issues are resolved in OADP 1.2.3:
+
+
+.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+
+In previous releases of OADP 1.2, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list].
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
+
+
+For a complete list of all issues resolved in the release of OADP 1.2.3, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.2.3 resolved issues] in Jira.
+
+
+[id="known-issues-1-2-3_{context}"]
+== Known issues
+
+There are no known issues in the release of OADP 1.2.3.
+
