[RHIDP-6398] Release notes: static content for the _Fixed security issues_ chapter

Type: Task
Resolution: Done
Priority: Critical
Fix Version/s: 1.5.0
Affects Version/s: 1.5.0
Component/s: Documentation
Labels:
- must-have

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Captured from: https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/pull/980/files#r1991925892

The whole process for documenting CVEs is changing as of 1.5. We don't intend to put CVEs in the release notes anymore as customers do not look there first; instead they will appear in the security pages under access.redhat.com/security/security-updates/cve

For example, here's a CVE we fixed in 1.4.2 & 1.3.5:

CVE fixed in 1.3.5: issues.redhat.com/browse/RHIDP-5739
CVE fixed in 1.4.2: issues.redhat.com/browse/RHIDP-5740
CVE listed as fixed for 1.3 and 1.4: access.redhat.com/security/cve/CVE-2025-22150 (search for RHDH):

So we no longer need to collect CVEs into the Release Notes. Instead they're collected into the Release CR when pushing the GA bits via Konflux. Process documented here:

gitlab.cee.redhat.com/rhidp/rhdh/-/blob/rhdh-1-rhel-9/docs/RELEASE_GUIDE.adoc?ref_type=heads#user-content-begin-start-the-container-image-release-15-20-mins

Therefore:

Replace the generated fixed-security issues content with static content containing a link: https://access.redhat.com/security/security-updates/cve?q=red+hat+developer+hub&p=1&sort=cve_publicDate+desc,allTitle+desc&rows=10&documentKind=Cve
Remove the single-source-fixed-security-issues.sh script and the associated `list-fixed-security-issues*` files.

links to

https://access.redhat.com/security/security-updates/cve?q=red+hat+developer+hub&p=1&sort=cve_publicDate+desc,allTitle+desc&rows=10&documentKind=Cve

https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/pull/980/files#r1991925892

Heena Manwani added a comment - 2025/03/21 11:14 AM

This is being addressed with 1.5 RN PR: https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/pull/979

Heena Manwani added a comment - 2025/03/21 11:14 AM This is being addressed with 1.5 RN PR: https://github.com/redhat-developer/red-hat-developers-documentation-rhdh/pull/979

Assignee:: Heena Manwani

Reporter:: Fabrice Flore-Thébault

Team:: RHIDP - Documentation

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/03/13 10:29 AM

Updated:: 2025/03/21 11:14 AM

Resolved:: 2025/03/21 11:14 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Heena Manwani added a comment - 2025/03/21 11:14 AM

Expand comment: Heena Manwani added a comment - 2025/03/21 11:14 AM

People

Dates