chore: generate release notes for 1.3.1 CVEs; add optional extra metadata in the list-fixed*.txt files which we can use in other ways

Signed-off-by: Nick Boldt <[email protected]>

Author: nickboldt

artifacts/attributes.adoc

@@ -11,8 +11,8 @@
 :product-short: Developer Hub
 :product-very-short: RHDH
 :product-version: 1.3
-:product-bundle-version: 1.3.0
-:product-chart-version: 1.3.0
+:product-bundle-version: 1.3.1
+:product-chart-version: 1.3.1
 :product-backstage-version: 1.29.2
 :rhdeveloper-name: Red Hat Developer
 :rhel: Red Hat Enterprise Linux

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -6,6 +6,12 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.1.adoc[leveloffset=+2]
+
+include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.1.adoc[leveloffset=+2]
+
+== {product} 1.3.0
+
 include::modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
 
 include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]

modules/release-notes/list-fixed-security-issues-in-product-1.3.1.txt

@@ -0,0 +1,5 @@
+# CVE number, affected package, fixed in version(s), JIRA
+CVE-2024-21534,jsonpath-plus,10.0.0,RHIDP-4440
+CVE-2024-47762,@backstage/plugin-app-backend,0.3.75,RHIDP-4321
+CVE-2024-45816,@backstage/plugin-techdocs-backend,1.10.13,RHIDP-4116
+CVE-2024-37890,ws,8.17.1||7.5.10||6.2.3||5.2.4,RHIDP-2733

modules/release-notes/list-fixed-security-issues-in-rpm-1.3.1.txt

@@ -0,0 +1,15 @@
+CVE-2024-34156 
+CVE-2023-28746
+CVE-2024-27403
+CVE-2023-52658
+CVE-2024-35989
+CVE-2021-47385
+CVE-2024-36889
+CVE-2024-36978
+CVE-2024-38556
+CVE-2024-39483
+CVE-2024-39502
+CVE-2024-40959 
+CVE-2024-42079 
+CVE-2024-42272
+CVE-2024-42284

modules/release-notes/single-source-fixed-security-issues.sh

@@ -31,7 +31,7 @@ single_source_from_security_data () {
   echo -e "= ${title}" > "$destination"
   while IFS="" read -r cve || [ -n "$cve" ]; do
     if [[ ${cve} != "#"* ]] && [[ $cve != "" ]]; then # skip commented and blank lines
-      list_cleaned="${list_cleaned}\n${cve}"
+      list_cleaned="${list_cleaned}\n${cve%%,*}" # trim csv content after the CVE number
     fi
   done < "$list"
   list_cleaned=$(echo -e "$list_cleaned" | sort -uV)

modules/release-notes/snip-bug-fix-rhidp-2139.adoc

@@ -1,9 +1,9 @@
 [id="bug-fix-rhidp-2139"]
 = Filtering for permissions policies that do not exist leads to an error being thrown
 
-Before this update, permission checks by the permission framework would throw an error if a matching permission policy was not previously defined.
-Therefore, {product-short} denied the request with an error.
-
+Before this update, permission checks by the permission framework would throw an error if a matching permission policy was not previously defined.
+Therefore, {product-short} denied the request with an error.
+
 With this update, {product-short} denies the request without throwing an error.
 
 .Additional resources

modules/release-notes/snip-bug-fix-rhidp-2374.adoc

@@ -1,8 +1,8 @@
 [id="bug-fix-rhidp-2374"]
 = Added missing plugin name in the RBAC administration interface
 
-Before this update, the RBAC administration user interface *Permission Policies*  table did not display the plugin name.
-
+Before this update, the RBAC administration user interface *Permission Policies*  table did not display the plugin name.
+
 With this update, the RBAC administration user interface *Permission Policies* table displays the plugin name.
 
 .Additional resources

modules/release-notes/snip-bug-fix-rhidp-2412.adoc

@@ -1,10 +1,10 @@
 [id="bug-fix-rhidp-2412"]
 = HTTP error code 431 when an user is member of many groups
 
-Before this update, {product-short} API became unresponsive when a user was member of a high number of groups (more than 150) with aggregated relations.
-Therefore, the user might have failed to authenticate.
-Also, {product-short} might have shown an error when opening the user entity in the UI.
-
+Before this update, {product-short} API became unresponsive when a user was member of a high number of groups (more than 150) with aggregated relations.
+Therefore, the user might have failed to authenticate.
+Also, {product-short} might have shown an error when opening the user entity in the UI.
+
 With this update, {product-short} can handle a user member of a high number of groups (more than 150) with aggregated relations.
 
 .Additional resources

modules/release-notes/snip-bug-fix-rhidp-2438.adoc

@@ -1,8 +1,8 @@
 [id="bug-fix-rhidp-2438"]
 = OCM calls are not scoped to the OCM page
 
-Before this update, when the OCM plugin is installed, navigating to non-OCM pages triggered unnecessary failed OCM API calls.
-
+Before this update, when the OCM plugin is installed, navigating to non-OCM pages triggered unnecessary failed OCM API calls.
+
 With this update, {product-short} restricts OCM API calls to OCM-related pages.
 
 .Additional resources

modules/release-notes/snip-bug-fix-rhidp-2529.adoc

@@ -1,10 +1,10 @@
 [id="bug-fix-rhidp-2529"]
 = When login using azure entra sso, it will use id to match the user entity, which will fail to match with user entity imported by msgraph.
 
-Before this update, {product-short} failed to resolve user entities with Azure authentication provider to entities ingested by the  MsGraph catalog provider.
-Therefore, a user authentication with Microsoft Azure could not open a session in {product-short}.
-
-With this update, {product-short} resolves user entities with Azure authentication provider to entities ingested by the MsGraph catalog provider.
+Before this update, {product-short} failed to resolve user entities with Azure authentication provider to entities ingested by the  MsGraph catalog provider.
+Therefore, a user authentication with Microsoft Azure could not open a session in {product-short}.
+
+With this update, {product-short} resolves user entities with Azure authentication provider to entities ingested by the MsGraph catalog provider.
 Therefore, a user authentication with Microsoft Azure can open a session in {product-short}.
 
 .Additional resources