[enterprise-4.16] OADP-3171: Release notes for OADP 1.2.5

backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc

@@ -9,6 +9,8 @@ toc::[]
 
 The release notes for OpenShift API for Data Protection (OADP) 1.2 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
 
+include::modules/oadp-release-notes-1-2-5.adoc[leveloffset=+1]
+
 include::modules/oadp-release-notes-1-2-4.adoc[leveloffset=+1]
 
 include::modules/oadp-release-notes-1-2-3.adoc[leveloffset=+1]

modules/oadp-release-notes-1-2-5.adoc

@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-2-5_{context}"]
+= OADP 1.2.5 release notes
+
+{oadp-first} 1.2.5 is a Container Grade Only (CGO) release, released to refresh the health grades of the containers, with no changes to any code in the product itself compared to that of {oadp-short} 1.2.4.
+
+[id="resolved-issues-1-2-5_{context}"]
+== Resolved issues
+
+// There are no resolved issues in {oadp-short} 1.2.5.
+
+.CVE-2023-2431: `oadp-velero-plugin-for-microsoft-azure-container`: Bypass of seccomp profile enforcement
+
+A flaw was found in Kubernetes, which impacts earlier versions of {oadp-short}. This flaw arises when Kubernetes allows a local authenticated attacker to bypass security restrictions, caused by a flaw when using the localhost type for a `seccomp` profile but specifying an empty profile field. An attacker can bypass the `seccomp` profile enforcement by sending a specially crafted request. This flaw has been resolved in {oadp-short} 1.2.5.
+
+For more details, see link:https://access.redhat.com/security/cve/CVE-2023-2431[(CVE-2023-2431)].
+
+.CSI restore ended with 'PartiallyFailed' status and PVCs not created
+
+CSI restore ended with `PartiallyFailed` status. PVCs are not created, pod are in `Pending` status. This issue has been resolved in {oadp-short} 1.2.5.
+
+link:https://issues.redhat.com/browse/OADP-1956[(OADP-1956)]
+
+.PodVolumeBackup fails on completed pod volumes
+
+In earlier versions of {oadp-short} 1.2, when there is a completed pod that mounted volumes in a namespace used by the Restic `podvolumebackup` or Velero backup, the backup does not complete successfully. This occurs when `defaultVolumesToFsBackup` is set to `true`. This issue has been resolved in {oadp-short} 1.2.5.
+
+link:https://issues.redhat.com/browse/OADP-1870[(OADP-1870)]
+
+
+[id="known-issues-1-2-5_{context}"]
+== Known issues
+
+// The {oadp-short} 1.2.5 has the following known issue:
+
+.Data Protection Application (DPA) does not reconcile when the credentials secret is updated
+
+Currently, the {oadp-short} Operator does not reconcile when you update the `cloud-credentials` secret. This occurs because there are no {oadp-short} specific labels or owner references on the `cloud-credentials` secret. If you create a `cloud-credentials` secret with incorrect credentials, such as empty data, the Operator reconciles and creates a backup storage location (BSL) and registry deployment with the empty data. As a result, when you update the `cloud-credentials` secret with the correct credentials, the {oadp-short} Operator does not immediately reconcile to catch the new credentials.
+
+Workaround: Update to {oadp-short} 1.3.
+
+link:https://issues.redhat.com/browse/OADP-3327[(OADP-3327)]
+