From d6932cbe4c7a3f67e6010ca3f3cdff9a275b2884 Mon Sep 17 00:00:00 2001 From: "A.Arnold" Date: Fri, 31 May 2024 12:12:25 +0100 Subject: [PATCH] OADP-3171: Release notes for OADP 1.2.5 Signed-off-by: A.Arnold --- .../release-notes/oadp-release-notes-1-2.adoc | 2 + modules/oadp-release-notes-1-2-5.adoc | 47 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 modules/oadp-release-notes-1-2-5.adoc diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc index c84f2f4ef503..872a299385c6 100644 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc +++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc @@ -9,6 +9,8 @@ toc::[] The release notes for OpenShift API for Data Protection (OADP) 1.2 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. +include::modules/oadp-release-notes-1-2-5.adoc[leveloffset=+1] + include::modules/oadp-release-notes-1-2-4.adoc[leveloffset=+1] include::modules/oadp-release-notes-1-2-3.adoc[leveloffset=+1] diff --git a/modules/oadp-release-notes-1-2-5.adoc b/modules/oadp-release-notes-1-2-5.adoc new file mode 100644 index 000000000000..c93974eea649 --- /dev/null +++ b/modules/oadp-release-notes-1-2-5.adoc @@ -0,0 +1,47 @@ +// Module included in the following assemblies: +// +// * backup_and_restore/oadp-release-notes-1-2.adoc + +:_mod-docs-content-type: REFERENCE +[id="migration-oadp-release-notes-1-2-5_{context}"] += OADP 1.2.5 release notes + +{oadp-first} 1.2.5 is a Container Grade Only (CGO) release, released to refresh the health grades of the containers, with no changes to any code in the product itself compared to that of {oadp-short} 1.2.4. + +[id="resolved-issues-1-2-5_{context}"] +== Resolved issues + +// There are no resolved issues in {oadp-short} 1.2.5. + +.CVE-2023-2431: `oadp-velero-plugin-for-microsoft-azure-container`: Bypass of seccomp profile enforcement + +A flaw was found in Kubernetes, which impacts earlier versions of {oadp-short}. This flaw arises when Kubernetes allows a local authenticated attacker to bypass security restrictions, caused by a flaw when using the localhost type for a `seccomp` profile but specifying an empty profile field. An attacker can bypass the `seccomp` profile enforcement by sending a specially crafted request. This flaw has been resolved in {oadp-short} 1.2.5. + +For more details, see link:https://access.redhat.com/security/cve/CVE-2023-2431[(CVE-2023-2431)]. + +.CSI restore ended with 'PartiallyFailed' status and PVCs not created + +CSI restore ended with `PartiallyFailed` status. PVCs are not created, pod are in `Pending` status. This issue has been resolved in {oadp-short} 1.2.5. + +link:https://issues.redhat.com/browse/OADP-1956[(OADP-1956)] + +.PodVolumeBackup fails on completed pod volumes + +In earlier versions of {oadp-short} 1.2, when there is a completed pod that mounted volumes in a namespace used by the Restic `podvolumebackup` or Velero backup, the backup does not complete successfully. This occurs when `defaultVolumesToFsBackup` is set to `true`. This issue has been resolved in {oadp-short} 1.2.5. + +link:https://issues.redhat.com/browse/OADP-1870[(OADP-1870)] + + +[id="known-issues-1-2-5_{context}"] +== Known issues + +// The {oadp-short} 1.2.5 has the following known issue: + +.Data Protection Application (DPA) does not reconcile when the credentials secret is updated + +Currently, the {oadp-short} Operator does not reconcile when you update the `cloud-credentials` secret. This occurs because there are no {oadp-short} specific labels or owner references on the `cloud-credentials` secret. If you create a `cloud-credentials` secret with incorrect credentials, such as empty data, the Operator reconciles and creates a backup storage location (BSL) and registry deployment with the empty data. As a result, when you update the `cloud-credentials` secret with the correct credentials, the {oadp-short} Operator does not immediately reconcile to catch the new credentials. + +Workaround: Update to {oadp-short} 1.3. + +link:https://issues.redhat.com/browse/OADP-3327[(OADP-3327)] +