chore: release notes for 1.4.1 (removing content from 1.3.0 too)

Signed-off-by: Nick Boldt <[email protected]>

fix queries

Signed-off-by: Nick Boldt <[email protected]>

put content in JIRA instead of overriding content after generation

Signed-off-by: Nick Boldt <[email protected]>

put back deleted content (why do people keep forgetting to put RN content in JIRA?)

Signed-off-by: Nick Boldt <[email protected]>

regen from jira

Signed-off-by: Nick Boldt <[email protected]>

regen more

Signed-off-by: Nick Boldt <[email protected]>

Remove empty lines

Signed-off-by: Nick Boldt <[email protected]>

artifacts/attributes.adoc

@@ -11,8 +11,9 @@
 :product-short: Developer Hub
 :product-very-short: RHDH
 :product-version: 1.4
-:product-bundle-version: 1.4.0
-:product-chart-version: 1.4.0
+:product-version-next: 1.5.0
+:product-bundle-version: 1.4.1
+:product-chart-version: 1.4.1
 :product-backstage-version: 1.32.6
 :product-custom-resource-type: Backstage
 :rhdeveloper-name: Red Hat Developer

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -6,7 +6,13 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
-include::modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.4.1.adoc[leveloffset=+2]
 
-include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]
+// nothing yet so don't include this 
+// include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.1.adoc[leveloffset=+2]
 
+== {product} 1.4.0
+
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+
+include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]

modules/release-notes/list-fixed-security-issues-in-product-1.4.1.txt

@@ -0,0 +1,8 @@
+CVE-2024-45338, rhdh/rhdh-rhel9-operator: Non-linear parsing of case-insensitive content in golang.org/x/net/html
+CVE-2024-56201, rhdh/rhdh-hub-rhel9: Jinja has a sandbox breakout through malicious filenames
+CVE-2024-56326, rhdh/rhdh-hub-rhel9: Jinja has a sandbox breakout through indirect reference to format method
+CVE-2024-55565, rhdh-hub-container: nanoid mishandles non-integer values
+CVE-2024-52798, rhdh-hub-container: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
+
+# not yet fixed for 1.4.z
+# CVE-2024-56334, rhdh/rhdh-hub-rhel9: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

modules/release-notes/ref-release-notes-breaking-changes.adoc

@@ -8,84 +8,84 @@ This section lists breaking changes in {product} {product-version}.
 == Updated monitoring and logging metrics
 
 Prom-client metrics have been removed and replaced with OpenTelemetry metrics. As a result, the metrics port has changed from `7007` to `9464`. Deprecated metrics have also been removed. If you had dependencies on these, ensure your prometheus queries are updated. For further information, see link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3/html-single/monitoring_and_logging/index#assembly-rhdh-observability[Monitoring and logging]
-
-
 .Additional resources
 * link:https://issues.redhat.com/browse/RHIDP-4572[RHIDP-4572]
-
-[id="feature-rhidp-4853"]
-== Plugins with updated scope
-
-To upgrade from {product-very-short} 1.3 to 1.4, you must update your configuration to use the latest versions of the following plugins from the new scope.
-
-With this update, the following plugins, previously under the `@janus-idp` scope, have now been moved to the `@backstage-community` scope:
-
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
-|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
-|`@janus-idp/backstage-plugin-analytics-provider-segment`|`@backstage-community/plugin-analytics-provider-segment`
-|`@janus-idp/backstage-plugin-jfrog-artifactory`|`@backstage-community/plugin-jfrog-artifactory`
-|`@janus-idp/backstage-plugin-keycloak-backend`|`@backstage-community/plugin-catalog-backend-module-keycloak`
-|`@janus-idp/backstage-plugin-nexus-repository-manager`|`@backstage-community/plugin-nexus-repository-manager`
-|`@janus-idp/backstage-plugin-ocm`|`@backstage-community/plugin-ocm`
-|`@janus-idp/backstage-plugin-ocm-backend`|`@backstage-community/plugin-ocm-backend`
-|`@janus-idp/backstage-plugin-quay`|`@backstage-community/plugin-quay`
-|`@janus-idp/backstage-plugin-rbac`|`@backstage-community/plugin-rbac`
-|`@janus-idp/backstage-plugin-tekton`|`@backstage-community/plugin-tekton`
-|`@janus-idp/backstage-plugin-topology`|`@backstage-community/plugin-topology`
-|`@janus-idp/backstage-scaffolder-backend-module-quay`|`@backstage-community/plugin-scaffolder-backend-module-quay`
-|`@janus-idp/backstage-scaffolder-backend-module-regex`|`@backstage-community/plugin-scaffolder-backend-module-regex`
-|`@janus-idp/backstage-scaffolder-backend-module-servicenow`|`@backstage-community/plugin-scaffolder-backend-module-servicenow`
-|`@janus-idp/backstage-scaffolder-backend-module-sonarqube`|`@backstage-community/plugin-scaffolder-backend-module-sonarqube`
-|===
-
-The following plugins, previously under the `@backstage` scope, have now been moved to the `@backstage-community` scope:
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-|`@backstage/plugin-azure-devops`|`@backstage-community/plugin-azure-devops`
-|`@backstage/plugin-azure-devops-backend`|`@backstage-community/plugin-azure-devops-backend`
-|`@backstage/plugin-dynatrace`|`@backstage-community/plugin-dynatrace`
-|`@backstage/plugin-github-actions`|`@backstage-community/plugin-github-actions`
-|`@backstage/plugin-github-issues`|`@backstage-community/plugin-github-issues`
-|`@backstage/plugin-jenkins`|`@backstage-community/plugin-jenkins`
-|`@backstage/plugin-jenkins-backend`|`@backstage-community/plugin-jenkins-backend`
-|`@backstage/plugin-lighthouse`|`@backstage-community/plugin-lighthouse`
-|`@backstage/plugin-sonarqube`|`@backstage-community/plugin-sonarqube`
-|`@backstage/plugin-sonarqube-backend`|`@backstage-community/plugin-sonarqube-backend`
-|`@backstage/plugin-tech-radar`|`@backstage-community/plugin-tech-radar`
-|===
-
-Two plugins previously under the `@janus-idp` scope have moved to `@red-hat-developer-hub` scope:
-
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-
-| `@janus-idp/backstage-plugin-bulk-import`
-| `@red-hat-developer-hub/backstage-plugin-bulk-import`
-
-| `@janus-idp/backstage-plugin-bulk-import-backend`
-| `@red-hat-developer-hub/backstage-plugin-bulk-import-backend`
-|===
-
-With the update to the plugin scope, the dynamic plugin configuration has also been modified.
-
-[cols=2,%header]
-|===
-|*RHDH 1.3 Configuration*|*RHDH 1.4 Configuration*
-|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.3/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.4/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]
-|===
-
-.Procedure
-* To upgrade from {product-very-short} 1.3 to {product-very-short} 1.4, you must update your configuration to use the latest versions of the plugins listed previously from the new scope.
-
-[NOTE]
-====
-In addition to the previously provided tables, you can compare the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.4/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.4 CSV file] with the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.3/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.3 CSV file] to identify the changes in dynamic plugins.
+[id="removed-functionality-rhidp-4853"]
+==  Plugins with updated scope
+
+To upgrade from {product-very-short} 1.3 to 1.4, you must update your configuration to use the latest versions of the following plugins from the new scope.
+
+With this update, the following plugins, previously under the `@janus-idp` scope, have now been moved to the `@backstage-community` scope:
+
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
+|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
+|`@janus-idp/backstage-plugin-analytics-provider-segment`|`@backstage-community/plugin-analytics-provider-segment`
+|`@janus-idp/backstage-plugin-jfrog-artifactory`|`@backstage-community/plugin-jfrog-artifactory`
+|`@janus-idp/backstage-plugin-keycloak-backend`|`@backstage-community/plugin-catalog-backend-module-keycloak`
+|`@janus-idp/backstage-plugin-nexus-repository-manager`|`@backstage-community/plugin-nexus-repository-manager`
+|`@janus-idp/backstage-plugin-ocm`|`@backstage-community/plugin-ocm`
+|`@janus-idp/backstage-plugin-ocm-backend`|`@backstage-community/plugin-ocm-backend`
+|`@janus-idp/backstage-plugin-quay`|`@backstage-community/plugin-quay`
+|`@janus-idp/backstage-plugin-rbac`|`@backstage-community/plugin-rbac`
+|`@janus-idp/backstage-plugin-tekton`|`@backstage-community/plugin-tekton`
+|`@janus-idp/backstage-plugin-topology`|`@backstage-community/plugin-topology`
+|`@janus-idp/backstage-scaffolder-backend-module-quay`|`@backstage-community/plugin-scaffolder-backend-module-quay`
+|`@janus-idp/backstage-scaffolder-backend-module-regex`|`@backstage-community/plugin-scaffolder-backend-module-regex`
+|`@janus-idp/backstage-scaffolder-backend-module-servicenow`|`@backstage-community/plugin-scaffolder-backend-module-servicenow`
+|`@janus-idp/backstage-scaffolder-backend-module-sonarqube`|`@backstage-community/plugin-scaffolder-backend-module-sonarqube`
+|===
+
+The following plugins, previously under the `@backstage` scope, have now been moved to the `@backstage-community` scope:
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+|`@backstage/plugin-azure-devops`|`@backstage-community/plugin-azure-devops`
+|`@backstage/plugin-azure-devops-backend`|`@backstage-community/plugin-azure-devops-backend`
+|`@backstage/plugin-dynatrace`|`@backstage-community/plugin-dynatrace`
+|`@backstage/plugin-github-actions`|`@backstage-community/plugin-github-actions`
+|`@backstage/plugin-github-issues`|`@backstage-community/plugin-github-issues`
+|`@backstage/plugin-jenkins`|`@backstage-community/plugin-jenkins`
+|`@backstage/plugin-jenkins-backend`|`@backstage-community/plugin-jenkins-backend`
+|`@backstage/plugin-lighthouse`|`@backstage-community/plugin-lighthouse`
+|`@backstage/plugin-sonarqube`|`@backstage-community/plugin-sonarqube`
+|`@backstage/plugin-sonarqube-backend`|`@backstage-community/plugin-sonarqube-backend`
+|`@backstage/plugin-tech-radar`|`@backstage-community/plugin-tech-radar`
+|===
+
+Two plugins previously under the `@janus-idp` scope have moved to `@red-hat-developer-hub` scope:
+
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+
+| `@janus-idp/backstage-plugin-bulk-import`
+| `@red-hat-developer-hub/backstage-plugin-bulk-import`
+
+| `@janus-idp/backstage-plugin-bulk-import-backend`
+| `@red-hat-developer-hub/backstage-plugin-bulk-import-backend`
+|===
+
+With the update to the plugin scope, the dynamic plugin configuration has also been modified.
+
+[cols=2,%header]
+|===
+|*RHDH 1.3 Configuration*|*RHDH 1.4 Configuration*
+|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.3/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.4/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]
+|===
+
+.Procedure
+* To upgrade from {product-very-short} 1.3 to {product-very-short} 1.4, you must update your configuration to use the latest versions of the plugins listed previously from the new scope.
+
+[NOTE]
+====
+In addition to the previously provided tables, you can compare the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.4/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.4 CSV file] with the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.3/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.3 CSV file] to identify the changes in dynamic plugins.
 ====
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4853[RHIDP-4853]
+

modules/release-notes/ref-release-notes-deprecated-functionalities.adoc

@@ -8,25 +8,18 @@ This section lists deprecated functionalities in {product} {product-version}.
 == `./dynamic-plugins/dist/janus-idp-backstage-plugin-aap-backend-dynamic` plugin is deprecated
 
 The `./dynamic-plugins/dist/janus-idp-backstage-plugin-aap-backend-dynamic` plugin has been deprecated and will be removed in the next release. You can link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html-single/using_ansible_plug-ins_for_red_hat_developer_hub/index[use Ansible plug-ins for {product-very-short}] instead.
-
-
 .Additional resources
 * link:https://issues.redhat.com/browse/RHIDP-3545[RHIDP-3545]
-
 [id="deprecated-functionality-rhidp-4913"]
 == Audit log rotation is deprecated
 
-With this update, you can evaluate your platform's log forwarding solutions to align with your security and compliance needs. Most of these solutions offer configurable options to minimize the loss of logs in the event of an outage.
-
-
+With this update, you can evaluate your platform's log forwarding solutions to align with your security and compliance needs. Most of these solutions offer configurable options to minimize the loss of logs in the event of an outage.
 .Additional resources
 * link:https://issues.redhat.com/browse/RHIDP-4913[RHIDP-4913]
-
 [id="deprecated-functionality-rhidp-5218"]
 == {rhsso-brand-name} `7.6` is deprecated as an authentication provider
 
 {rhsso-brand-name} ({rhsso}) `7.6` is deprecated as an authentication provider. You can continue to use {rhsso} until the end of maintenance support. For details, see link:https://access.redhat.com/support/policy/updates/jboss_notes/#p_sso[RHSSO lifecycle dates]. As an alternative, migrate to {rhbk-brand-name} `v24`.
-
-
 .Additional resources
-* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]
+* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]
+