chore: release notes for 1.4.1 (replace custom/manual content with JIRA-driven RN content too) (#848)

* chore: release notes for 1.4.1 (removing content from 1.3.0 too)

Signed-off-by: Nick Boldt <[email protected]>

fix queries

Signed-off-by: Nick Boldt <[email protected]>

put content in JIRA instead of overriding content after generation

Signed-off-by: Nick Boldt <[email protected]>

put back deleted content (why do people keep forgetting to put RN content in JIRA?)

Signed-off-by: Nick Boldt <[email protected]>

regen from jira

Signed-off-by: Nick Boldt <[email protected]>

regen more

Signed-off-by: Nick Boldt <[email protected]>

Remove empty lines

Signed-off-by: Nick Boldt <[email protected]>

* CVE-2024-56334 now fixed in 1.4.1

Signed-off-by: Nick Boldt <[email protected]>

add CVE-2024-56334 to snip-fixed-security-issues-in-product-1.4.1.adoc

Signed-off-by: Nick Boldt <[email protected]>

add spaces back into the generated RN

Signed-off-by: Nick Boldt <[email protected]>

more fixes from JIRA updates

Signed-off-by: Nick Boldt <[email protected]>

* add 3 or 4 bug fixes that were previously not included in the RN because Release Note Status was not set to Done

Signed-off-by: Nick Boldt <[email protected]>

remove dupe RN issue (https://issues.redhat.com/browse/RHIDP-5319 is a subset of https://issues.redhat.com/browse/RHIDP-5308; some reformatting and language cleanup

Signed-off-by: Nick Boldt <[email protected]>

* apply Gerry's latest changes from 2 JIRAs

Signed-off-by: Nick Boldt <[email protected]>

---------

Signed-off-by: Nick Boldt <[email protected]>

Author: nickboldt

artifacts/attributes.adoc

@@ -11,8 +11,9 @@
 :product-short: Developer Hub
 :product-very-short: RHDH
 :product-version: 1.4
-:product-bundle-version: 1.4.0
-:product-chart-version: 1.4.0
+:product-version-next: 1.5.0
+:product-bundle-version: 1.4.1
+:product-chart-version: 1.4.1
 :product-backstage-version: 1.32.6
 :product-custom-resource-type: Backstage
 :rhdeveloper-name: Red Hat Developer

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -6,7 +6,13 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
-include::modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.4.1.adoc[leveloffset=+2]
 
-include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]
+// nothing yet so don't include this 
+// include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.1.adoc[leveloffset=+2]
 
+== {product} 1.4.0
+
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+
+include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]

modules/release-notes/list-fixed-security-issues-in-product-1.4.1.txt

@@ -0,0 +1,6 @@
+CVE-2024-45338, rhdh/rhdh-rhel9-operator: Non-linear parsing of case-insensitive content in golang.org/x/net/html
+CVE-2024-56201, rhdh/rhdh-hub-rhel9: Jinja has a sandbox breakout through malicious filenames
+CVE-2024-56326, rhdh/rhdh-hub-rhel9: Jinja has a sandbox breakout through indirect reference to format method
+CVE-2024-55565, rhdh-hub-container: nanoid mishandles non-integer values
+CVE-2024-52798, rhdh-hub-container: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
+CVE-2024-56334, rhdh/rhdh-hub-rhel9: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

modules/release-notes/list-fixed-security-issues-in-rpm-1.4.1.txt

@@ -13,79 +13,86 @@ Prom-client metrics have been removed and replaced with OpenTelemetry metrics. A
 .Additional resources
 * link:https://issues.redhat.com/browse/RHIDP-4572[RHIDP-4572]
 
-[id="feature-rhidp-4853"]
-== Plugins with updated scope
-
-To upgrade from {product-very-short} 1.3 to 1.4, you must update your configuration to use the latest versions of the following plugins from the new scope.
-
-With this update, the following plugins, previously under the `@janus-idp` scope, have now been moved to the `@backstage-community` scope:
-
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
-|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
-|`@janus-idp/backstage-plugin-analytics-provider-segment`|`@backstage-community/plugin-analytics-provider-segment`
-|`@janus-idp/backstage-plugin-jfrog-artifactory`|`@backstage-community/plugin-jfrog-artifactory`
-|`@janus-idp/backstage-plugin-keycloak-backend`|`@backstage-community/plugin-catalog-backend-module-keycloak`
-|`@janus-idp/backstage-plugin-nexus-repository-manager`|`@backstage-community/plugin-nexus-repository-manager`
-|`@janus-idp/backstage-plugin-ocm`|`@backstage-community/plugin-ocm`
-|`@janus-idp/backstage-plugin-ocm-backend`|`@backstage-community/plugin-ocm-backend`
-|`@janus-idp/backstage-plugin-quay`|`@backstage-community/plugin-quay`
-|`@janus-idp/backstage-plugin-rbac`|`@backstage-community/plugin-rbac`
-|`@janus-idp/backstage-plugin-tekton`|`@backstage-community/plugin-tekton`
-|`@janus-idp/backstage-plugin-topology`|`@backstage-community/plugin-topology`
-|`@janus-idp/backstage-scaffolder-backend-module-quay`|`@backstage-community/plugin-scaffolder-backend-module-quay`
-|`@janus-idp/backstage-scaffolder-backend-module-regex`|`@backstage-community/plugin-scaffolder-backend-module-regex`
-|`@janus-idp/backstage-scaffolder-backend-module-servicenow`|`@backstage-community/plugin-scaffolder-backend-module-servicenow`
-|`@janus-idp/backstage-scaffolder-backend-module-sonarqube`|`@backstage-community/plugin-scaffolder-backend-module-sonarqube`
-|===
-
-The following plugins, previously under the `@backstage` scope, have now been moved to the `@backstage-community` scope:
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-|`@backstage/plugin-azure-devops`|`@backstage-community/plugin-azure-devops`
-|`@backstage/plugin-azure-devops-backend`|`@backstage-community/plugin-azure-devops-backend`
-|`@backstage/plugin-dynatrace`|`@backstage-community/plugin-dynatrace`
-|`@backstage/plugin-github-actions`|`@backstage-community/plugin-github-actions`
-|`@backstage/plugin-github-issues`|`@backstage-community/plugin-github-issues`
-|`@backstage/plugin-jenkins`|`@backstage-community/plugin-jenkins`
-|`@backstage/plugin-jenkins-backend`|`@backstage-community/plugin-jenkins-backend`
-|`@backstage/plugin-lighthouse`|`@backstage-community/plugin-lighthouse`
-|`@backstage/plugin-sonarqube`|`@backstage-community/plugin-sonarqube`
-|`@backstage/plugin-sonarqube-backend`|`@backstage-community/plugin-sonarqube-backend`
-|`@backstage/plugin-tech-radar`|`@backstage-community/plugin-tech-radar`
-|===
-
-Two plugins previously under the `@janus-idp` scope have moved to `@red-hat-developer-hub` scope:
-
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-
-| `@janus-idp/backstage-plugin-bulk-import`
-| `@red-hat-developer-hub/backstage-plugin-bulk-import`
+[id="removed-functionality-rhidp-4853"]
+==  Plugins with updated scope
+
+To upgrade from {product-very-short} 1.3 to 1.4, you must update your configuration to use the latest versions of the following plugins from the new scope.
+
+With this update, the following plugins, previously under the `@janus-idp` scope, have now been moved to the `@backstage-community` scope:
+
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
+|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
+|`@janus-idp/backstage-plugin-analytics-provider-segment`|`@backstage-community/plugin-analytics-provider-segment`
+|`@janus-idp/backstage-plugin-jfrog-artifactory`|`@backstage-community/plugin-jfrog-artifactory`
+|`@janus-idp/backstage-plugin-keycloak-backend`|`@backstage-community/plugin-catalog-backend-module-keycloak`
+|`@janus-idp/backstage-plugin-nexus-repository-manager`|`@backstage-community/plugin-nexus-repository-manager`
+|`@janus-idp/backstage-plugin-ocm`|`@backstage-community/plugin-ocm`
+|`@janus-idp/backstage-plugin-ocm-backend`|`@backstage-community/plugin-ocm-backend`
+|`@janus-idp/backstage-plugin-quay`|`@backstage-community/plugin-quay`
+|`@janus-idp/backstage-plugin-rbac`|`@backstage-community/plugin-rbac`
+|`@janus-idp/backstage-plugin-tekton`|`@backstage-community/plugin-tekton`
+|`@janus-idp/backstage-plugin-topology`|`@backstage-community/plugin-topology`
+|`@janus-idp/backstage-scaffolder-backend-module-quay`|`@backstage-community/plugin-scaffolder-backend-module-quay`
+|`@janus-idp/backstage-scaffolder-backend-module-regex`|`@backstage-community/plugin-scaffolder-backend-module-regex`
+|`@janus-idp/backstage-scaffolder-backend-module-servicenow`|`@backstage-community/plugin-scaffolder-backend-module-servicenow`
+|`@janus-idp/backstage-scaffolder-backend-module-sonarqube`|`@backstage-community/plugin-scaffolder-backend-module-sonarqube`
+|===
+
+The following plugins, previously under the `@backstage` scope, have now been moved to the `@backstage-community` scope:
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+|`@backstage/plugin-azure-devops`|`@backstage-community/plugin-azure-devops`
+|`@backstage/plugin-azure-devops-backend`|`@backstage-community/plugin-azure-devops-backend`
+|`@backstage/plugin-dynatrace`|`@backstage-community/plugin-dynatrace`
+|`@backstage/plugin-github-actions`|`@backstage-community/plugin-github-actions`
+|`@backstage/plugin-github-issues`|`@backstage-community/plugin-github-issues`
+|`@backstage/plugin-jenkins`|`@backstage-community/plugin-jenkins`
+|`@backstage/plugin-jenkins-backend`|`@backstage-community/plugin-jenkins-backend`
+|`@backstage/plugin-lighthouse`|`@backstage-community/plugin-lighthouse`
+|`@backstage/plugin-sonarqube`|`@backstage-community/plugin-sonarqube`
+|`@backstage/plugin-sonarqube-backend`|`@backstage-community/plugin-sonarqube-backend`
+|`@backstage/plugin-tech-radar`|`@backstage-community/plugin-tech-radar`
+|===
+
+Two plugins previously under the `@janus-idp` scope have moved to `@red-hat-developer-hub` scope:
+
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+
+| `@janus-idp/backstage-plugin-bulk-import`
+| `@red-hat-developer-hub/backstage-plugin-bulk-import`
+
+| `@janus-idp/backstage-plugin-bulk-import-backend`
+| `@red-hat-developer-hub/backstage-plugin-bulk-import-backend`
+|===
+
+With the update to the plugin scope, the dynamic plugin configuration has also been modified.
+
+[cols=2,%header]
+|===
+|*RHDH 1.3 Configuration*|*RHDH 1.4 Configuration*
+|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.3/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.4/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]
+|===
+
+.Procedure
+* To upgrade from {product-very-short} 1.3 to {product-very-short} 1.4, you must update your configuration to use the latest versions of the plugins listed previously from the new scope.
+
+[NOTE]
+====
+In addition to the previously provided tables, you can compare the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.4/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.4 CSV file] with the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.3/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.3 CSV file] to identify the changes in dynamic plugins.
+====
 
-| `@janus-idp/backstage-plugin-bulk-import-backend`
-| `@red-hat-developer-hub/backstage-plugin-bulk-import-backend`
-|===
 
-With the update to the plugin scope, the dynamic plugin configuration has also been modified.
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4853[RHIDP-4853]
 
-[cols=2,%header]
-|===
-|*RHDH 1.3 Configuration*|*RHDH 1.4 Configuration*
-|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.3/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.4/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]
-|===
 
-.Procedure
-* To upgrade from {product-very-short} 1.3 to {product-very-short} 1.4, you must update your configuration to use the latest versions of the plugins listed previously from the new scope.
 
-[NOTE]
-====
-In addition to the previously provided tables, you can compare the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.4/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.4 CSV file] with the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.3/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.3 CSV file] to identify the changes in dynamic plugins.
-====

modules/release-notes/ref-release-notes-breaking-changes.adoc

@@ -16,7 +16,7 @@ The `./dynamic-plugins/dist/janus-idp-backstage-plugin-aap-backend-dynamic` plug
 [id="deprecated-functionality-rhidp-4913"]
 == Audit log rotation is deprecated
 
-With this update, you can evaluate your platform's log forwarding solutions to align with your security and compliance needs. Most of these solutions offer configurable options to minimize the loss of logs in the event of an outage.
+With this update, you can evaluate your platform's log forwarding solutions to align with your security and compliance needs. Most of these solutions offer configurable options to minimize the loss of logs in the event of an outage.
 
 
 .Additional resources
@@ -29,4 +29,7 @@ With this update, you can evaluate your platform's log forwarding solutions to a
 
 
 .Additional resources
-* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]
+* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]
+
+
+