From 9eb57437f3971cc9df506ba72ec3afba6cd060d7 Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Mon, 25 Nov 2024 09:24:10 -0500 Subject: [PATCH 1/9] chore(release notes): initial draft of the 1.3.2 release notes (RHIDP-4909) Signed-off-by: Nick Boldt --- artifacts/attributes.adoc | 4 +- ...y-release-notes-fixed-security-issues.adoc | 4 ++ ...fixed-security-issues-in-product-1.3.2.txt | 5 +++ ...ist-fixed-security-issues-in-rpm-1.3.2.txt | 22 ++++++++++ ...ip-fixed-security-issues-in-rpm-1.3.2.adoc | 41 +++++++++++++++++++ 5 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt create mode 100644 modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc diff --git a/artifacts/attributes.adoc b/artifacts/attributes.adoc index 8de3d51df9..b4c81be8d2 100644 --- a/artifacts/attributes.adoc +++ b/artifacts/attributes.adoc @@ -11,8 +11,8 @@ :product-short: Developer Hub :product-very-short: RHDH :product-version: 1.3 -:product-bundle-version: 1.3.0 -:product-chart-version: 1.3.0 +:product-bundle-version: 1.3.2 +:product-chart-version: 1.3.2 :product-backstage-version: 1.29.2 :rhdeveloper-name: Red Hat Developer :rhel: Red Hat Enterprise Linux diff --git a/assemblies/assembly-release-notes-fixed-security-issues.adoc b/assemblies/assembly-release-notes-fixed-security-issues.adoc index 00f27ade7b..020a4f9124 100644 --- a/assemblies/assembly-release-notes-fixed-security-issues.adoc +++ b/assemblies/assembly-release-notes-fixed-security-issues.adoc @@ -6,6 +6,10 @@ This section lists security issues fixed in {product} {product-version}. == {product} {product-bundle-version} +include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc[leveloffset=+2] + +== {product} 1.3.1 + include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.1.adoc[leveloffset=+2] include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.1.adoc[leveloffset=+2] diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt index 4d1cc2cfe5..81568c09a0 100644 --- a/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt +++ b/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt @@ -1,3 +1,8 @@ # CVE number, affected package, fixed in version(s), JIRA +# none yet # not yet fixed, built, or ready for release +# NOTE: CVE is empty at the usual RH location so must manually edit generated .adoc file +# to link to https://nvd.nist.gov/vuln/detail/CVE-2024-21538 +# once this is actually fixed in 1.3.z +# CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864 diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt new file mode 100644 index 0000000000..b10d678e3b --- /dev/null +++ b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt @@ -0,0 +1,22 @@ +# CVE number, Errata details, Bugzilla + +# high prio fix in krb5-1.21.1-4.el9_5 (RHEL 9.5 update) reported by Prograde - see https://issues.redhat.com/browse/RHIDP-4891 +CVE-2024-3596, freeradius: forgery attack, https://bugzilla.redhat.com/show_bug.cgi?id=2263240 + +# moderate prio fixes reported by Prograde - see https://issues.redhat.com/browse/RHIDP-4891 +CVE-2024-30203, emacs: Gnus treats inline MIME contents as trusted, https://bugzilla.redhat.com/show_bug.cgi?id=2280296 +CVE-2024-30204, emacs: LaTeX preview is enabled by default for e-mail attachments, https://bugzilla.redhat.com/show_bug.cgi?id=2280297 +CVE-2024-30205, emacs: Org mode considers contents of remote files to be trusted, https://bugzilla.redhat.com/show_bug.cgi?id=2280298 +CVE-2024-50602, libexpat: expat: DoS via XML_ResumeParser, https://bugzilla.redhat.com/show_bug.cgi?id=2321987 +CVE-2024-2236, libgcrypt: vulnerable to Marvin Attack, https://bugzilla.redhat.com/show_bug.cgi?id=2245218 +CVE-2024-0450, python: The zipfile module is vulnerable to zip-bombs leading to denial of service, https://bugzilla.redhat.com/show_bug.cgi?id=2276525 +CVE-2024-8088, python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service, https://bugzilla.redhat.com/show_bug.cgi?id=2307370 + +# https://errata.engineering.redhat.com/advisory/129215 contains 4 issues +CVE-2024-3727, containers/image: digest type does not guarantee valid type +CVE-2024-24788, golang: net: malformed DNS message can cause infinite loop +CVE-2024-6104, go-retryablehttp: url might write sensitive information to log file +CVE-2024-24791, net/http: Denial of service due to improper 100-continue handling in net/http + +# https://errata.engineering.redhat.com/advisory/128795 includes 478 bugs fixed in RHEL 9.5 with kernel-5.14.0-503.11.1.el9_5 - only listing one of them here +CVE-2024-45005, kernel: KVM: s390: fix validity interception issue when gisa is switched off, https://bugzilla.redhat.com/show_bug.cgi?id=2309868 diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc new file mode 100644 index 0000000000..1fb13fb871 --- /dev/null +++ b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc @@ -0,0 +1,41 @@ += RHEL 9 platform RPM updates + +link:https://access.redhat.com/security/cve/CVE-2024-0450[CVE-2024-0450]:: +A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed. + +link:https://access.redhat.com/security/cve/CVE-2024-2236[CVE-2024-2236]:: +A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. + +link:https://access.redhat.com/security/cve/CVE-2024-3596[CVE-2024-3596]:: +A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process. + +link:https://access.redhat.com/security/cve/CVE-2024-3727[CVE-2024-3727]:: +A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. + +link:https://access.redhat.com/security/cve/CVE-2024-6104[CVE-2024-6104]:: +A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information. + +link:https://access.redhat.com/security/cve/CVE-2024-8088[CVE-2024-8088]:: +A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability. + +link:https://access.redhat.com/security/cve/CVE-2024-24788[CVE-2024-24788]:: +A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions. + +link:https://access.redhat.com/security/cve/CVE-2024-24791[CVE-2024-24791]:: +A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service. + +link:https://access.redhat.com/security/cve/CVE-2024-30203[CVE-2024-30203]:: +A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. + +link:https://access.redhat.com/security/cve/CVE-2024-30204[CVE-2024-30204]:: +A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. + +link:https://access.redhat.com/security/cve/CVE-2024-30205[CVE-2024-30205]:: +A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution. + +link:https://access.redhat.com/security/cve/CVE-2024-45005[CVE-2024-45005]:: +In the Linux kernel, the following vulnerability has been resolved: +KVM: s390: fix validity interception issue when gisa is switched off + +link:https://access.redhat.com/security/cve/CVE-2024-50602[CVE-2024-50602]:: +A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service. From 390a439f22de07158fccba92f7738c8baf56c255 Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Mon, 25 Nov 2024 09:39:31 -0500 Subject: [PATCH 2/9] more CVEs already fixed (freshmaker issues) Signed-off-by: Nick Boldt --- .../list-fixed-security-issues-in-rpm-1.3.2.txt | 5 +++++ .../snip-fixed-security-issues-in-rpm-1.3.2.adoc | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt index b10d678e3b..f31c61e2cf 100644 --- a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt +++ b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt @@ -7,6 +7,7 @@ CVE-2024-3596, freeradius: forgery attack, https://bugzilla.redhat.com/show_bug. CVE-2024-30203, emacs: Gnus treats inline MIME contents as trusted, https://bugzilla.redhat.com/show_bug.cgi?id=2280296 CVE-2024-30204, emacs: LaTeX preview is enabled by default for e-mail attachments, https://bugzilla.redhat.com/show_bug.cgi?id=2280297 CVE-2024-30205, emacs: Org mode considers contents of remote files to be trusted, https://bugzilla.redhat.com/show_bug.cgi?id=2280298 +# https://errata.engineering.redhat.com/advisory/142796 -> https://access.redhat.com/errata/RHSA-2024:9541 CVE-2024-50602, libexpat: expat: DoS via XML_ResumeParser, https://bugzilla.redhat.com/show_bug.cgi?id=2321987 CVE-2024-2236, libgcrypt: vulnerable to Marvin Attack, https://bugzilla.redhat.com/show_bug.cgi?id=2245218 CVE-2024-0450, python: The zipfile module is vulnerable to zip-bombs leading to denial of service, https://bugzilla.redhat.com/show_bug.cgi?id=2276525 @@ -20,3 +21,7 @@ CVE-2024-24791, net/http: Denial of service due to improper 100-continue handlin # https://errata.engineering.redhat.com/advisory/128795 includes 478 bugs fixed in RHEL 9.5 with kernel-5.14.0-503.11.1.el9_5 - only listing one of them here CVE-2024-45005, kernel: KVM: s390: fix validity interception issue when gisa is switched off, https://bugzilla.redhat.com/show_bug.cgi?id=2309868 +# https://errata.engineering.redhat.com/advisory/142823 -> https://access.redhat.com/errata/RHSA-2024:9605 +CVE-2024-42283, kernel +CVE-2024-46824, kernel +CVE-2024-46858, kernel diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc index 1fb13fb871..2f9466e59e 100644 --- a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc +++ b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc @@ -33,9 +33,21 @@ A flaw was found in Emacs. When Emacs is used as an email client, a preview of a link:https://access.redhat.com/security/cve/CVE-2024-30205[CVE-2024-30205]:: A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution. +link:https://access.redhat.com/security/cve/CVE-2024-42283[CVE-2024-42283]:: +In the Linux kernel, the following vulnerability has been resolved: +net: nexthop: Initialize all fields in dumped nexthops + link:https://access.redhat.com/security/cve/CVE-2024-45005[CVE-2024-45005]:: In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off +link:https://access.redhat.com/security/cve/CVE-2024-46824[CVE-2024-46824]:: +In the Linux kernel, the following vulnerability has been resolved: +iommufd: Require drivers to supply the cache_invalidate_user ops + +link:https://access.redhat.com/security/cve/CVE-2024-46858[CVE-2024-46858]:: +In the Linux kernel, the following vulnerability has been resolved: +mptcp: pm: Fix uaf in __timer_delete_sync + link:https://access.redhat.com/security/cve/CVE-2024-50602[CVE-2024-50602]:: A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service. From 62d08c6e3ef95c5ff38900a13aa2b2e62f58dd9c Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Fri, 29 Nov 2024 19:33:40 -0500 Subject: [PATCH 3/9] add CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864 to fixed payload Signed-off-by: Nick Boldt --- .../assembly-release-notes-fixed-security-issues.adoc | 2 ++ .../list-fixed-security-issues-in-product-1.3.2.txt | 8 +------- .../snip-fixed-security-issues-in-product-1.3.2.adoc | 4 ++++ 3 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc diff --git a/assemblies/assembly-release-notes-fixed-security-issues.adoc b/assemblies/assembly-release-notes-fixed-security-issues.adoc index 020a4f9124..3d3d3f6d1c 100644 --- a/assemblies/assembly-release-notes-fixed-security-issues.adoc +++ b/assemblies/assembly-release-notes-fixed-security-issues.adoc @@ -6,6 +6,8 @@ This section lists security issues fixed in {product} {product-version}. == {product} {product-bundle-version} +include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc[leveloffset=+2] + include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc[leveloffset=+2] == {product} 1.3.1 diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt index 81568c09a0..68eea79f08 100644 --- a/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt +++ b/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt @@ -1,8 +1,2 @@ # CVE number, affected package, fixed in version(s), JIRA -# none yet - -# not yet fixed, built, or ready for release -# NOTE: CVE is empty at the usual RH location so must manually edit generated .adoc file -# to link to https://nvd.nist.gov/vuln/detail/CVE-2024-21538 -# once this is actually fixed in 1.3.z -# CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864 +CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864 diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc new file mode 100644 index 0000000000..40682d210e --- /dev/null +++ b/modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc @@ -0,0 +1,4 @@ += {product} dependency updates + +link:https://access.redhat.com/security/cve/CVE-2024-21538[CVE-2024-21538]:: +A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string. From f1e087349e91ca82cb1c87086a2fdda36620d8c3 Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Fri, 29 Nov 2024 19:39:20 -0500 Subject: [PATCH 4/9] regen other fixed issues Signed-off-by: Nick Boldt --- modules/release-notes/snip-known-issue-rhidp-3931.adoc | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 modules/release-notes/snip-known-issue-rhidp-3931.adoc diff --git a/modules/release-notes/snip-known-issue-rhidp-3931.adoc b/modules/release-notes/snip-known-issue-rhidp-3931.adoc deleted file mode 100644 index 8057f17bc0..0000000000 --- a/modules/release-notes/snip-known-issue-rhidp-3931.adoc +++ /dev/null @@ -1,10 +0,0 @@ -[id="known-issue-rhidp-3931"] -= Entities of repositories under a configured org in catalog-backend-module-github-org plugin are not deleted from the catalog when the imported repository is deleted from bulk imports - -Repositories might be added to Developer Hub from various sources (like statically in an app-config file or dynamically when enabling GitHub discovery). By design, the bulk import plugin will only track repositories that are accessible from the configured GitHub integrations. -When both the Bulk Import and the GitHub Discovery plugins are enabled, the repositories the latter discovers might be listed in the Bulk Import pages. -However, attempting to delete a repository added by the discovery plugin from the Bulk Import Jobs may have no effect, as any entities registered from this repository might still be present in the Developer Hub catalog. -There is unfortunately no known workaround yet. - -.Additional resources -* link:https://issues.redhat.com/browse/RHIDP-3931[RHIDP-3931] From 86fe011100ae5310167f524d9830c86d83fcd52b Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Tue, 3 Dec 2024 10:15:29 -0500 Subject: [PATCH 5/9] re-add the KI for RHID-3931 Signed-off-by: Nick Boldt --- assemblies/assembly-release-notes-known-issues.adoc | 6 +++--- modules/release-notes/snip-known-issue-rhidp-3931.adoc | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 modules/release-notes/snip-known-issue-rhidp-3931.adoc diff --git a/assemblies/assembly-release-notes-known-issues.adoc b/assemblies/assembly-release-notes-known-issues.adoc index 2fd8496592..6ea36946f2 100644 --- a/assemblies/assembly-release-notes-known-issues.adoc +++ b/assemblies/assembly-release-notes-known-issues.adoc @@ -10,9 +10,9 @@ include::modules/release-notes/snip-known-issue-rhidp-4378.adoc[leveloffset=+1] include::modules/release-notes/snip-known-issue-rhidp-4067.adoc[leveloffset=+1] +# fixed in 1.4, present in 1.3 +include::modules/release-notes/snip-known-issue-rhidp-3931.adoc[leveloffset=+1] +# fixed in 1.5, present in 1.3 include::modules/release-notes/snip-known-issue-rhidp-3396.adoc[leveloffset=+1] - -include::modules/release-notes/snip-known-issue-rhidp-3931.adoc[leveloffset=+1] - diff --git a/modules/release-notes/snip-known-issue-rhidp-3931.adoc b/modules/release-notes/snip-known-issue-rhidp-3931.adoc new file mode 100644 index 0000000000..8057f17bc0 --- /dev/null +++ b/modules/release-notes/snip-known-issue-rhidp-3931.adoc @@ -0,0 +1,10 @@ +[id="known-issue-rhidp-3931"] += Entities of repositories under a configured org in catalog-backend-module-github-org plugin are not deleted from the catalog when the imported repository is deleted from bulk imports + +Repositories might be added to Developer Hub from various sources (like statically in an app-config file or dynamically when enabling GitHub discovery). By design, the bulk import plugin will only track repositories that are accessible from the configured GitHub integrations. +When both the Bulk Import and the GitHub Discovery plugins are enabled, the repositories the latter discovers might be listed in the Bulk Import pages. +However, attempting to delete a repository added by the discovery plugin from the Bulk Import Jobs may have no effect, as any entities registered from this repository might still be present in the Developer Hub catalog. +There is unfortunately no known workaround yet. + +.Additional resources +* link:https://issues.redhat.com/browse/RHIDP-3931[RHIDP-3931] From 06246c5d046b739771be20d83ec659224a76098d Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Tue, 3 Dec 2024 10:19:10 -0500 Subject: [PATCH 6/9] fix comment syntax Signed-off-by: Nick Boldt --- assemblies/assembly-release-notes-known-issues.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-release-notes-known-issues.adoc b/assemblies/assembly-release-notes-known-issues.adoc index 6ea36946f2..5c881ada41 100644 --- a/assemblies/assembly-release-notes-known-issues.adoc +++ b/assemblies/assembly-release-notes-known-issues.adoc @@ -10,7 +10,7 @@ include::modules/release-notes/snip-known-issue-rhidp-4378.adoc[leveloffset=+1] include::modules/release-notes/snip-known-issue-rhidp-4067.adoc[leveloffset=+1] -# fixed in 1.4, present in 1.3 +// fixed in 1.4, present in 1.3 include::modules/release-notes/snip-known-issue-rhidp-3931.adoc[leveloffset=+1] # fixed in 1.5, present in 1.3 From bfda354522bc0ed43fdfce254f3263e6d4462656 Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Tue, 3 Dec 2024 15:59:06 -0500 Subject: [PATCH 7/9] add another missing bug fix; change formatting so that the fixed issues are per z-stream release Signed-off-by: Nick Boldt --- .../assembly-release-notes-fixed-issues.adoc | 50 ++++++++++--------- .../snip-bug-fix-rhidp-5121.adoc | 11 ++++ 2 files changed, 38 insertions(+), 23 deletions(-) create mode 100644 modules/release-notes/snip-bug-fix-rhidp-5121.adoc diff --git a/assemblies/assembly-release-notes-fixed-issues.adoc b/assemblies/assembly-release-notes-fixed-issues.adoc index 5d187d82d0..33b753a3c7 100644 --- a/assemblies/assembly-release-notes-fixed-issues.adoc +++ b/assemblies/assembly-release-notes-fixed-issues.adoc @@ -2,73 +2,77 @@ [id="fixed-issues"] = Fixed issues -This section lists issues fixed in {product} {product-version}. +== Fixed issues in {product} 1.3.2 +include::modules/release-notes/snip-bug-fix-rhidp-5121.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-1334.adoc[leveloffset=+1] +== Fixed issues in {product} 1.3.1 +include::modules/release-notes/snip-bug-fix-rhidp-4069.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2139.adoc[leveloffset=+1] +== Fixed issues in {product} 1.3.0 +include::modules/release-notes/snip-bug-fix-rhidp-1334.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2374.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2139.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2412.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2374.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2438.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2412.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2529.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2438.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2716.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2529.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-2728.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2716.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3159.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-2728.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3217.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3159.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3260.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3217.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3458.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3260.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3471.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3458.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3580.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3471.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3601.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3580.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3612.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3601.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3735.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3612.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-3896.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3735.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-4013.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-3896.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-4046.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-4013.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-4069.adoc[leveloffset=+1] +include::modules/release-notes/snip-bug-fix-rhidp-4046.adoc[leveloffset=+2] -include::modules/release-notes/snip-bug-fix-rhidp-4200.adoc[leveloffset=+1] + +include::modules/release-notes/snip-bug-fix-rhidp-4200.adoc[leveloffset=+2] diff --git a/modules/release-notes/snip-bug-fix-rhidp-5121.adoc b/modules/release-notes/snip-bug-fix-rhidp-5121.adoc new file mode 100644 index 0000000000..76c6417732 --- /dev/null +++ b/modules/release-notes/snip-bug-fix-rhidp-5121.adoc @@ -0,0 +1,11 @@ +[id="bug-fix-rhidp-5121"] += Huge icon when techdoc text is selected, and broken reporting feature + +Previously, the feature to report a documentation (techdoc) issue didn't work. + +When the user selects a text in a techdoc it shows a huge icon instead of a tooltip-button. + +The latest version contains a fix for this so the user can select some content in their documentation to report an issue there. + +.Additional resources +* link:https://issues.redhat.com/browse/RHIDP-5121[RHIDP-5121] From d99c312c5d26c1d41b8584f49de881124506bbc5 Mon Sep 17 00:00:00 2001 From: "RHDH Build (rhdh-bot)" Date: Fri, 13 Dec 2024 13:51:23 -0500 Subject: [PATCH 8/9] rename 1.3.2 -> 1.3.3 to be consistent with the CSV and chart version Signed-off-by: RHDH Build (rhdh-bot) --- artifacts/attributes.adoc | 4 ++-- assemblies/assembly-release-notes-fixed-issues.adoc | 2 +- assemblies/assembly-release-notes-fixed-security-issues.adoc | 4 ++-- ....2.txt => list-fixed-security-issues-in-product-1.3.3.txt} | 0 ...-1.3.2.txt => list-fixed-security-issues-in-rpm-1.3.3.txt} | 0 ....adoc => snip-fixed-security-issues-in-product-1.3.3.adoc} | 0 ....3.2.adoc => snip-fixed-security-issues-in-rpm-1.3.3.adoc} | 0 7 files changed, 5 insertions(+), 5 deletions(-) rename modules/release-notes/{list-fixed-security-issues-in-product-1.3.2.txt => list-fixed-security-issues-in-product-1.3.3.txt} (100%) rename modules/release-notes/{list-fixed-security-issues-in-rpm-1.3.2.txt => list-fixed-security-issues-in-rpm-1.3.3.txt} (100%) rename modules/release-notes/{snip-fixed-security-issues-in-product-1.3.2.adoc => snip-fixed-security-issues-in-product-1.3.3.adoc} (100%) rename modules/release-notes/{snip-fixed-security-issues-in-rpm-1.3.2.adoc => snip-fixed-security-issues-in-rpm-1.3.3.adoc} (100%) diff --git a/artifacts/attributes.adoc b/artifacts/attributes.adoc index b4c81be8d2..5973e3df02 100644 --- a/artifacts/attributes.adoc +++ b/artifacts/attributes.adoc @@ -11,8 +11,8 @@ :product-short: Developer Hub :product-very-short: RHDH :product-version: 1.3 -:product-bundle-version: 1.3.2 -:product-chart-version: 1.3.2 +:product-bundle-version: 1.3.3 +:product-chart-version: 1.3.3 :product-backstage-version: 1.29.2 :rhdeveloper-name: Red Hat Developer :rhel: Red Hat Enterprise Linux diff --git a/assemblies/assembly-release-notes-fixed-issues.adoc b/assemblies/assembly-release-notes-fixed-issues.adoc index 33b753a3c7..dbbd83d44f 100644 --- a/assemblies/assembly-release-notes-fixed-issues.adoc +++ b/assemblies/assembly-release-notes-fixed-issues.adoc @@ -2,7 +2,7 @@ [id="fixed-issues"] = Fixed issues -== Fixed issues in {product} 1.3.2 +== Fixed issues in {product} 1.3.3 include::modules/release-notes/snip-bug-fix-rhidp-5121.adoc[leveloffset=+2] diff --git a/assemblies/assembly-release-notes-fixed-security-issues.adoc b/assemblies/assembly-release-notes-fixed-security-issues.adoc index 3d3d3f6d1c..73c5d32c14 100644 --- a/assemblies/assembly-release-notes-fixed-security-issues.adoc +++ b/assemblies/assembly-release-notes-fixed-security-issues.adoc @@ -6,9 +6,9 @@ This section lists security issues fixed in {product} {product-version}. == {product} {product-bundle-version} -include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc[leveloffset=+2] +include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.3.adoc[leveloffset=+2] -include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc[leveloffset=+2] +include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.3.adoc[leveloffset=+2] == {product} 1.3.1 diff --git a/modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt b/modules/release-notes/list-fixed-security-issues-in-product-1.3.3.txt similarity index 100% rename from modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt rename to modules/release-notes/list-fixed-security-issues-in-product-1.3.3.txt diff --git a/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt b/modules/release-notes/list-fixed-security-issues-in-rpm-1.3.3.txt similarity index 100% rename from modules/release-notes/list-fixed-security-issues-in-rpm-1.3.2.txt rename to modules/release-notes/list-fixed-security-issues-in-rpm-1.3.3.txt diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.3.3.adoc similarity index 100% rename from modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc rename to modules/release-notes/snip-fixed-security-issues-in-product-1.3.3.adoc diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.3.adoc similarity index 100% rename from modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc rename to modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.3.adoc From 6c3c562ba3be6ae384e4c04c63fb530dc8e51322 Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Fri, 13 Dec 2024 13:52:43 -0500 Subject: [PATCH 9/9] Update assemblies/assembly-release-notes-known-issues.adoc --- assemblies/assembly-release-notes-known-issues.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-release-notes-known-issues.adoc b/assemblies/assembly-release-notes-known-issues.adoc index 5c881ada41..0db9333fe4 100644 --- a/assemblies/assembly-release-notes-known-issues.adoc +++ b/assemblies/assembly-release-notes-known-issues.adoc @@ -13,6 +13,6 @@ include::modules/release-notes/snip-known-issue-rhidp-4067.adoc[leveloffset=+1] // fixed in 1.4, present in 1.3 include::modules/release-notes/snip-known-issue-rhidp-3931.adoc[leveloffset=+1] -# fixed in 1.5, present in 1.3 +// fixed in 1.5, present in 1.3 include::modules/release-notes/snip-known-issue-rhidp-3396.adoc[leveloffset=+1]