RHIDP-5822 Release notes for Red Hat Developer Hub 1.3.5

themr0c · themr0c · commit 834d5354491d · 2025-02-06T15:02:09.000+01:00
Signed-off-by: Fabrice Flore-Thébault &lt;ffloreth@redhat.com&gt;
diff --git a/artifacts/attributes.adoc b/artifacts/attributes.adoc
@@ -11,8 +11,8 @@
 :product-short: Developer Hub
 :product-very-short: RHDH
 :product-version: 1.3
-:product-bundle-version: 1.3.4
-:product-chart-version: 1.3.4
+:product-bundle-version: 1.3.5
+:product-chart-version: 1.3.5
 :product-backstage-version: 1.29.2
 :rhdeveloper-name: Red Hat Developer
 :rhel: Red Hat Enterprise Linux
diff --git a/assemblies/assembly-release-notes-fixed-security-issues.adoc b/assemblies/assembly-release-notes-fixed-security-issues.adoc
@@ -7,7 +7,14 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
-include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.4.adoc[leveloffset=+2]
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.5.adoc[leveloffset=+2]
+
+// Empty content, therefore commented out.
+// include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.5.adoc[leveloffset=+2]
+
+== {product} 1.3.4
+
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.5.adoc[leveloffset=+2]
 
 include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.4.adoc[leveloffset=+2]
 
diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.3.5.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.3.5.txt
@@ -0,0 +1 @@
+CVE-2025-22150
diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.5.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.5.txt
diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.3.5.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.3.5.adoc
@@ -0,0 +1,4 @@
+= {product} dependency updates
+
+link:https://access.redhat.com/security/cve/CVE-2025-22150[CVE-2025-22150]::
+A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.
diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.5.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.5.adoc
@@ -0,0 +1 @@
+= RHEL 9 platform RPM updates
