chore: release notes for 1.4.1 (replace custom/manual content with JIRA-driven RN content too)

artifacts/attributes.adoc

@@ -11,8 +11,9 @@
 :product-short: Developer Hub
 :product-very-short: RHDH
 :product-version: 1.4
-:product-bundle-version: 1.4.0
-:product-chart-version: 1.4.0
+:product-version-next: 1.5.0
+:product-bundle-version: 1.4.1
+:product-chart-version: 1.4.1
 :product-backstage-version: 1.32.6
 :product-custom-resource-type: Backstage
 :rhdeveloper-name: Red Hat Developer

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -6,7 +6,13 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
-include::modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.4.1.adoc[leveloffset=+2]
 
-include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]
+// nothing yet so don't include this 
+// include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.4.1.adoc[leveloffset=+2]
 
+== {product} 1.4.0
+
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+
+include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]

modules/release-notes/list-fixed-security-issues-in-product-1.4.1.txt

@@ -0,0 +1,6 @@
+CVE-2024-45338, rhdh/rhdh-rhel9-operator: Non-linear parsing of case-insensitive content in golang.org/x/net/html
+CVE-2024-56201, rhdh/rhdh-hub-rhel9: Jinja has a sandbox breakout through malicious filenames
+CVE-2024-56326, rhdh/rhdh-hub-rhel9: Jinja has a sandbox breakout through indirect reference to format method
+CVE-2024-55565, rhdh-hub-container: nanoid mishandles non-integer values
+CVE-2024-52798, rhdh-hub-container: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
+CVE-2024-56334, rhdh/rhdh-hub-rhel9: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

modules/release-notes/ref-release-notes-breaking-changes.adoc

@@ -13,79 +13,86 @@ Prom-client metrics have been removed and replaced with OpenTelemetry metrics. A
 .Additional resources
 * link:https://issues.redhat.com/browse/RHIDP-4572[RHIDP-4572]
 
-[id="feature-rhidp-4853"]
-== Plugins with updated scope
-
-To upgrade from {product-very-short} 1.3 to 1.4, you must update your configuration to use the latest versions of the following plugins from the new scope.
-
-With this update, the following plugins, previously under the `@janus-idp` scope, have now been moved to the `@backstage-community` scope:
-
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
-|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
-|`@janus-idp/backstage-plugin-analytics-provider-segment`|`@backstage-community/plugin-analytics-provider-segment`
-|`@janus-idp/backstage-plugin-jfrog-artifactory`|`@backstage-community/plugin-jfrog-artifactory`
-|`@janus-idp/backstage-plugin-keycloak-backend`|`@backstage-community/plugin-catalog-backend-module-keycloak`
-|`@janus-idp/backstage-plugin-nexus-repository-manager`|`@backstage-community/plugin-nexus-repository-manager`
-|`@janus-idp/backstage-plugin-ocm`|`@backstage-community/plugin-ocm`
-|`@janus-idp/backstage-plugin-ocm-backend`|`@backstage-community/plugin-ocm-backend`
-|`@janus-idp/backstage-plugin-quay`|`@backstage-community/plugin-quay`
-|`@janus-idp/backstage-plugin-rbac`|`@backstage-community/plugin-rbac`
-|`@janus-idp/backstage-plugin-tekton`|`@backstage-community/plugin-tekton`
-|`@janus-idp/backstage-plugin-topology`|`@backstage-community/plugin-topology`
-|`@janus-idp/backstage-scaffolder-backend-module-quay`|`@backstage-community/plugin-scaffolder-backend-module-quay`
-|`@janus-idp/backstage-scaffolder-backend-module-regex`|`@backstage-community/plugin-scaffolder-backend-module-regex`
-|`@janus-idp/backstage-scaffolder-backend-module-servicenow`|`@backstage-community/plugin-scaffolder-backend-module-servicenow`
-|`@janus-idp/backstage-scaffolder-backend-module-sonarqube`|`@backstage-community/plugin-scaffolder-backend-module-sonarqube`
-|===
-
-The following plugins, previously under the `@backstage` scope, have now been moved to the `@backstage-community` scope:
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-|`@backstage/plugin-azure-devops`|`@backstage-community/plugin-azure-devops`
-|`@backstage/plugin-azure-devops-backend`|`@backstage-community/plugin-azure-devops-backend`
-|`@backstage/plugin-dynatrace`|`@backstage-community/plugin-dynatrace`
-|`@backstage/plugin-github-actions`|`@backstage-community/plugin-github-actions`
-|`@backstage/plugin-github-issues`|`@backstage-community/plugin-github-issues`
-|`@backstage/plugin-jenkins`|`@backstage-community/plugin-jenkins`
-|`@backstage/plugin-jenkins-backend`|`@backstage-community/plugin-jenkins-backend`
-|`@backstage/plugin-lighthouse`|`@backstage-community/plugin-lighthouse`
-|`@backstage/plugin-sonarqube`|`@backstage-community/plugin-sonarqube`
-|`@backstage/plugin-sonarqube-backend`|`@backstage-community/plugin-sonarqube-backend`
-|`@backstage/plugin-tech-radar`|`@backstage-community/plugin-tech-radar`
-|===
-
-Two plugins previously under the `@janus-idp` scope have moved to `@red-hat-developer-hub` scope:
-
-[cols=2,%header]
-|===
-| *RHDH 1.3 Plugin Name* 
-| *RHDH 1.4 Plugin Name*
-
-| `@janus-idp/backstage-plugin-bulk-import`
-| `@red-hat-developer-hub/backstage-plugin-bulk-import`
+[id="removed-functionality-rhidp-4853"]
+==  Plugins with updated scope
+
+To upgrade from {product-very-short} 1.3 to 1.4, you must update your configuration to use the latest versions of the following plugins from the new scope.
+
+With this update, the following plugins, previously under the `@janus-idp` scope, have now been moved to the `@backstage-community` scope:
+
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
+|`@janus-idp/backstage-plugin-acr`|`@backstage-community/plugin-acr`
+|`@janus-idp/backstage-plugin-analytics-provider-segment`|`@backstage-community/plugin-analytics-provider-segment`
+|`@janus-idp/backstage-plugin-jfrog-artifactory`|`@backstage-community/plugin-jfrog-artifactory`
+|`@janus-idp/backstage-plugin-keycloak-backend`|`@backstage-community/plugin-catalog-backend-module-keycloak`
+|`@janus-idp/backstage-plugin-nexus-repository-manager`|`@backstage-community/plugin-nexus-repository-manager`
+|`@janus-idp/backstage-plugin-ocm`|`@backstage-community/plugin-ocm`
+|`@janus-idp/backstage-plugin-ocm-backend`|`@backstage-community/plugin-ocm-backend`
+|`@janus-idp/backstage-plugin-quay`|`@backstage-community/plugin-quay`
+|`@janus-idp/backstage-plugin-rbac`|`@backstage-community/plugin-rbac`
+|`@janus-idp/backstage-plugin-tekton`|`@backstage-community/plugin-tekton`
+|`@janus-idp/backstage-plugin-topology`|`@backstage-community/plugin-topology`
+|`@janus-idp/backstage-scaffolder-backend-module-quay`|`@backstage-community/plugin-scaffolder-backend-module-quay`
+|`@janus-idp/backstage-scaffolder-backend-module-regex`|`@backstage-community/plugin-scaffolder-backend-module-regex`
+|`@janus-idp/backstage-scaffolder-backend-module-servicenow`|`@backstage-community/plugin-scaffolder-backend-module-servicenow`
+|`@janus-idp/backstage-scaffolder-backend-module-sonarqube`|`@backstage-community/plugin-scaffolder-backend-module-sonarqube`
+|===
+
+The following plugins, previously under the `@backstage` scope, have now been moved to the `@backstage-community` scope:
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+|`@backstage/plugin-azure-devops`|`@backstage-community/plugin-azure-devops`
+|`@backstage/plugin-azure-devops-backend`|`@backstage-community/plugin-azure-devops-backend`
+|`@backstage/plugin-dynatrace`|`@backstage-community/plugin-dynatrace`
+|`@backstage/plugin-github-actions`|`@backstage-community/plugin-github-actions`
+|`@backstage/plugin-github-issues`|`@backstage-community/plugin-github-issues`
+|`@backstage/plugin-jenkins`|`@backstage-community/plugin-jenkins`
+|`@backstage/plugin-jenkins-backend`|`@backstage-community/plugin-jenkins-backend`
+|`@backstage/plugin-lighthouse`|`@backstage-community/plugin-lighthouse`
+|`@backstage/plugin-sonarqube`|`@backstage-community/plugin-sonarqube`
+|`@backstage/plugin-sonarqube-backend`|`@backstage-community/plugin-sonarqube-backend`
+|`@backstage/plugin-tech-radar`|`@backstage-community/plugin-tech-radar`
+|===
+
+Two plugins previously under the `@janus-idp` scope have moved to `@red-hat-developer-hub` scope:
+
+[cols=2,%header]
+|===
+| *RHDH 1.3 Plugin Name* 
+| *RHDH 1.4 Plugin Name*
+
+| `@janus-idp/backstage-plugin-bulk-import`
+| `@red-hat-developer-hub/backstage-plugin-bulk-import`
+
+| `@janus-idp/backstage-plugin-bulk-import-backend`
+| `@red-hat-developer-hub/backstage-plugin-bulk-import-backend`
+|===
+
+With the update to the plugin scope, the dynamic plugin configuration has also been modified.
+
+[cols=2,%header]
+|===
+|*RHDH 1.3 Configuration*|*RHDH 1.4 Configuration*
+|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.3/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.4/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]
+|===
+
+.Procedure
+* To upgrade from {product-very-short} 1.3 to {product-very-short} 1.4, you must update your configuration to use the latest versions of the plugins listed previously from the new scope.
+
+[NOTE]
+====
+In addition to the previously provided tables, you can compare the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.4/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.4 CSV file] with the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.3/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.3 CSV file] to identify the changes in dynamic plugins.
+====
 
-| `@janus-idp/backstage-plugin-bulk-import-backend`
-| `@red-hat-developer-hub/backstage-plugin-bulk-import-backend`
-|===
 
-With the update to the plugin scope, the dynamic plugin configuration has also been modified.
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4853[RHIDP-4853]
 
-[cols=2,%header]
-|===
-|*RHDH 1.3 Configuration*|*RHDH 1.4 Configuration*
-|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.3/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]|link:https://github.com/janus-idp/backstage-showcase/blob/release-1.4/dynamic-plugins.default.yaml[dynamic-plugins.default.yaml]
-|===
 
-.Procedure
-* To upgrade from {product-very-short} 1.3 to {product-very-short} 1.4, you must update your configuration to use the latest versions of the plugins listed previously from the new scope.
 
-[NOTE]
-====
-In addition to the previously provided tables, you can compare the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.4/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.4 CSV file] with the link:https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/blob/release-1.3/modules/dynamic-plugins/rhdh-supported-plugins.csv[RHDH 1.3 CSV file] to identify the changes in dynamic plugins.
-====

modules/release-notes/ref-release-notes-deprecated-functionalities.adoc

@@ -16,7 +16,7 @@ The `./dynamic-plugins/dist/janus-idp-backstage-plugin-aap-backend-dynamic` plug
 [id="deprecated-functionality-rhidp-4913"]
 == Audit log rotation is deprecated
 
-With this update, you can evaluate your platform's log forwarding solutions to align with your security and compliance needs. Most of these solutions offer configurable options to minimize the loss of logs in the event of an outage.
+With this update, you can evaluate your platform's log forwarding solutions to align with your security and compliance needs. Most of these solutions offer configurable options to minimize the loss of logs in the event of an outage.
 
 
 .Additional resources
@@ -29,4 +29,7 @@ With this update, you can evaluate your platform's log forwarding solutions to a
 
 
 .Additional resources
-* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]
+* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]
+
+
+