diff --git a/release_notes/ocp-4-18-release-notes.adoc b/release_notes/ocp-4-18-release-notes.adoc index d3ff788887d6..b0b0e189ba94 100644 --- a/release_notes/ocp-4-18-release-notes.adoc +++ b/release_notes/ocp-4-18-release-notes.adoc @@ -3328,6 +3328,16 @@ $ oc adm release info 4.18.23 --pullspecs [id="ocp-4-18-23-enhancements_{context}"] ==== Enhancements +:olm-np-z-stream: 23 +* {empty} ++ +-- +include::snippets/olmv0-and-v1-rn-np-support.adoc[] +-- +(link:https://issues.redhat.com/browse/OCPBUGS-60525[OCPBUGS-60525] and link:https://issues.redhat.com/browse/OCPBUGS-60521[OCPBUGS-60521]) + +:!olm-np-z-stream: + * Before this update, deleting an `istag` resource with the `--dry-run=server` option unintentionally caused actual deletion of the image from the server. This unexpected deletion occurred due to the dry-run option being implemented incorrectly in the `oc delete istag` command. With this release, the `dry-run` option is wired to the 'oc delete istag' command. As a result, the accidental deletion of image objects is prevented and the `istag` object remains intact when using the `--dry-run=server` option. (link:https://issues.redhat.com/browse/OCPBUGS-58461[OCPBUGS-58461]) * Before this update, the `cluster-policy-controller` container was exposing the `10357` port for all networks (the bind address was set to `0.0.0.0`). The port was exposed outside the host network for the node because the KCM pod manifest set `hostNetwork` to `true`. This port is used solely for the probe of the container. With this enhancement, the bind address was updated to listen on the `localhost` only. As result, the node security is improved because the port is not exposed outside the node network. (link:https://issues.redhat.com/browse/OCPBUGS-60131[OCPBUGS-60131]) diff --git a/snippets/olmv0-and-v1-rn-np-support.adoc b/snippets/olmv0-and-v1-rn-np-support.adoc index 21adcffa8eeb..bd388e1a63ba 100644 --- a/snippets/olmv0-and-v1-rn-np-support.adoc +++ b/snippets/olmv0-and-v1-rn-np-support.adoc @@ -8,7 +8,7 @@ :_mod-docs-content-type: SNIPPET -In {product-title} {product-version}.{olm-np-z}, {olmv0-first} and {olmv1} support the inclusion of network policy manifests in the resource bundles of Operators. These tailored network policies protect against data leaks and harden against many attack vectors on {product-title} clusters. +In {product-title} {product-version}.{olm-np-z-stream}, {olmv0-first} and {olmv1} allow Operators to include network policy manifests in their resource bundles. These tailored network policies protect against data leaks and harden against many attack vectors on {product-title} clusters. [TIP] ==== diff --git a/snippets/olmv0-rn-np-support.adoc b/snippets/olmv0-rn-np-support.adoc deleted file mode 100644 index e57c06ca1438..000000000000 --- a/snippets/olmv0-rn-np-support.adoc +++ /dev/null @@ -1,28 +0,0 @@ -// Text snippet included in the following modules: -// -// * release_notes/ocp-4-17-release-notes.adoc (4.17.39) -// * release_notes/ocp-4-16-release-notes.adoc (4.16.48) -// * release_notes/ocp-4-15-release-notes.adoc (4.15.58) -// * release_notes/ocp-4-14-release-notes.adoc (4.14.57) -// * release_notes/ocp-4-13-release-notes.adoc (4.13.61) -// * release_notes/ocp-4-12-release-notes.adoc (4.12.81) - -// Similar to the technology preview admonition, set the `{olm-np-z-stream}` attritbute before including the snippet in the appropriate z-stream feature release notes. Unlike the TP snippet, close it after the include. - -:_mod-docs-content-type: SNIPPET - -In {product-title} {product-version}.{olm-np-z-stream}, {olmv0-first} supports the inclusion of network policy manifests in the resource bundles of Operators. These tailored network policies protect against data leaks and harden against many attack vectors on {product-title} clusters. - -[TIP] -==== - If your current version of OLM does not support tailored network policies, a - notification is displayed in the following locations: - - * The {hybrid-console} - * The web console of the affected cluster - - Update to {product-title} {product-version}.{olm-np-z-stream} or later to - enable OLM support for tailored network policies. -==== - -For more information, including the planned timeline for releasing Red Hat-provided Operators with tailored network policies, see link:https://access.redhat.com/articles/7133113[Operators shipping with network policies may require OCP cluster upgrade before they can be upgraded (Red Hat Knowledgebase)].