[CMP-2336]Compliance Operator 1.4.1 Bugs

Author: GroceryBoyJr

security/compliance_operator/compliance-operator-release-notes.adoc

@@ -15,6 +15,39 @@ For an overview of the Compliance Operator, see xref:../../security/compliance_o
 
 To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
 
+[id="compliance-operator-release-notes-1-4-1"]
+== OpenShift Compliance Operator 1.4.1
+
+The following advisory is available for the OpenShift Compliance Operator 1.4.1:
+
+* link:https://access.redhat.com/errata/RHBA-2024:1830[RHBA-2024:1830 - OpenShift Compliance Operator bug fix and enhancement update]
+
+[id="compliance-operator-1-4-1-new-features-and-enhancements"]
+=== New features and enhancements
+
+* With this update, Compliance Operator now provides `OCP4 STIG ID` and `SRG` with the profile rules. (link:https://issues.redhat.com/browse/CMP-2401[*CMP-2401*])
+
+* With this update, obsolete rules being applied to `s390x` have been removed. (link:https://issues.redhat.com/browse/CMP-2471[*CMP-2471*])
+
+[id="compliance-operator-1-4-1-bug-fixes"]
+=== Bug fixes
+
+* Previously, for RHCOS systems using RHEL9, application of the `ocp4-kubelet-enable-protect-kernel-sysctl-file-exist` rule failed. This update replaces the rule with `ocp4-kubelet-enable-protect-kernel-sysctl`. Now, after auto remediation is applied, RHEL9-based RHCOS systems will show `PASS` upon the application of this rule. (link:https://issues.redhat.com/browse/OCPBUGS-13589[*OCPBUGS-13589*])
+
+* Previously, after applying compliance remediations using profile `rhcos4-e8`, the nodes were no longer accessible using SSH to the core user account. With this update, nodes remain accessible through SSH using sshkey. (link:https://issues.redhat.com/browse/OCPBUGS-1833[*OCPBUGS-1833*])
+
+* Previously, the `STIG` profile was missing rules from CaC that fulfill requirements on the published `STIG` for {product-title}. With this update, upon remediation, the cluster satisfies `STIG` requirements that can be remediated using Compliance Operator. (link:https://issues.redhat.com/browse/OCPBUGS-26193[*OCPBUGS-26193*])
+
+* Previously, creating a `ScanSettingBinding` with profiles of different types for multiple products bypassed a restriction against multiple products types in a binding. With this update, the product validation now allows multiple products regardless of the of profile types in the `ScanSettingBinding`. (link:https://issues.redhat.com/browse/OCPBUGS-26229[*OCPBUGS-26229*])
+
+* Previously, running the `rhcos4-service-debug-shell-disabled` rule showed as `FAIL` even after auto-remediation was applied. With this update, running the `rhcos4-service-debug-shell-disabled` rule now shows `PASS` after auto-remediation is applied. (link:https://issues.redhat.com/browse/OCPBUGS-28242[*OCPBUGS-28242*])
+
+* With this update, instructions for the use of the `rhcos4-banner-etc-issue` rule are enhanced to provide more detail. (link:https://issues.redhat.com/browse/OCPBUGS-28797[*OCPBUGS-28797*])
+
+* Previously the `api_server_api_priority_flowschema_catch_all` rule provided `FAIL` status on {product-title} 4.16 clusters. With this update, the `api_server_api_priority_flowschema_catch_all` rule provides `PASS` status on {product-title} 4.16 clusters. (link:https://issues.redhat.com/browse/OCPBUGS-28918[*OCPBUGS-28918*])
+
+* Previously, when a profile was removed from a completed scan shown in `ScanSettingBinding` (SSB), Compliance Operator did not remove the old scan. Afterward, when launching a new SSB using the deleted profile, Compliance Operator failed to update the result. With this release of Compliance Operator, the new SSB now shows the new compliance check result. (link:https://issues.redhat.com/browse/OCPBUGS-29272[*OCPBUGS-29272*])
+
 [id="compliance-operator-release-notes-1-4-0"]
 == OpenShift Compliance Operator 1.4.0