New section advisories with per-advisory pages #6492

@knz in regards to the individual advisories, it makes sense to add a published date when the customer communication went out, possibly linked back to the advisory index page too. So for example Product Advisory 42567, should have a note stated it was published 01/22/20.

knz · 2020-02-10T22:09:39Z

The index page already has it; I'll add it to the individual pages.

jseldess

with some requests

More broadly, I'm still not clear how known limitations and tech advisories overlap or don't. Why and when would advisories be called out as known limitations? What are the differences? We don't have to answer now because I know we need this content live, but I'd like to have a follow-up conversation.

Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @dbist, @jseldess, and @knz)

_data/advisories.yml, line 6 at r1 (raw file):

  date: Feb 11, 2020
- advisory: 44166
  summary: SHOW JOBS and Jobs page can endanger cluster stability

backticks: SHOW JOBS

advisories/a30821.md, line 2 at r1 (raw file):

---
title: Product Advisory 30821

Each advisory title should be changed from Product Advisory XXX to Technical Advisory XXX since that's what we're using the sidenav and on the advisory index page.

advisories/a30821.md, line 4 at r1 (raw file):

title: Product Advisory 30821
summary: Authentication bypass for internal RPCs
toc: false

Let's use toc: true on all advisory pages.

advisories/a30821.md, line 17 at r1 (raw file):

On October 23rd, 2018, an internal review uncovered a security
vulnerability within CockroachDB's GRPC layer. This vulnerability was
prioritized for a fix and repaired in v1.1.9, v2.0.6 and

We use the v prefix here but not in many other places where we reference a version. I'd say always use the v for consistency with the rest of our docs.

advisories/a44166.md, line 9 at r1 (raw file):

## Description

When running SHOW JOBS or viewing the Jobs page in the Admin UI,

We should put backticks around SQL statement names here and throughout: SHOW JOBS

knz

added the missing advisory
performed the recommended changes, see below.

Why and when would advisories be called out as known limitations?

Known limitations are information targeting new uses of cockroachdb - when the application or the deployment is being initially set up. It says what you can or cannot expect from the product from the start and helps prepare the new usage.
Advisories are information targeting existing uses of cockroachdb, when we breach expectations set in the past. They provide information about what to do now while waiting for a fix to become available (either because we haven't fixed yet, or because the user may not be able to upgrade right away).

An advisory that reports on a regression that is not going to be addressed could become a known limitation in the next version, but I hope we won't get into that situation!

Reviewable status: complete! 0 of 0 LGTMs obtained (and 1 stale) (waiting on @dbist and @jseldess)

_data/advisories.yml, line 6 at r1 (raw file):