Add more OLM bug text for 4.15 RN

release_notes/ocp-4-15-release-notes.adoc

@@ -1682,7 +1682,7 @@ With this update, the image references are adjusted in the local OCI catalog to
 
 * Before this update, the install plan for an Operator displayed duplicate values in the `clusterSeviceVersionNames` field. This update removes the duplicate values. (link:https://issues.redhat.com/browse/OCPBUGS-17408[*OCPBUGS-17408*])
 
-* Before this update, if you created an Operator group with same name as a previously existing cluster role, OLM overwrote the cluster role. With this fix, OLM generates a unique cluster role name for every Operator group by using the following syntax:
+* Before this update, if you created an Operator group with same name as a previously existing cluster role, Operator Lifecycle Manager (OLM) overwrote the cluster role. With this fix, OLM generates a unique cluster role name for every Operator group by using the following syntax:
 +
 .Naming syntax
 +
@@ -1696,14 +1696,27 @@ For more information, see xref:../operators/understanding/olm/olm-understanding-
 * Previously, if an Operator installation or upgrade took longer than 10 minutes, the operation could fail with the following error:
 +
 [source,text]
-====
-Bundle unpacking failed. Reason: DeadlineExceeded, Message: Job was active longer than specified deadline".
-====
+----
+Bundle unpacking failed. Reason: DeadlineExceeded, Message: Job was active longer than specified deadline
+----
 +
-This issue occurred because OLM had a bundle unpacking job that was configured with a timeout of 600 seconds. Bundle unpacking jobs could fail because of network or configuration issues in the cluster that might be transient or resolved with user intervention. With this bug fix, OLM automates the re-creation of failed unpack jobs indefinitely by default.
+This issue occurred because Operator Lifecycle Manager (OLM) had a bundle unpacking job that was configured with a timeout of 600 seconds. Bundle unpacking jobs could fail because of network or configuration issues in the cluster that might be transient or resolved with user intervention. With this bug fix, OLM automates the re-creation of failed unpack jobs indefinitely by default.
 +
 This update adds the optional `operatorframework.io/bundle-unpack-min-retry-interval` annotation for Operator groups. This annotation sets a minimum interval to wait before attempting to re-create the failed job. (link:https://issues.redhat.com/browse/OCPBUGS-6771[*OCPBUGS-6771*])
 
+* In Operator Lifecycle Manager (OLM), the Catalog Operator was logging many errors regarding missing `OperatorGroup` objects in namespaces that had no Operators installed. With this fix, if a namespace has no `Subscription` objects in it, OLM no longer checks if an `OperatorGroup` object is present in the namespace. (link:https://issues.redhat.com/browse/OCPBUGS-25330[*OCPBUGS-25330*])
+
+* With the security context constraint (SCC) API, users are able to configure security contexts for scheduling workloads on their cluster. Because parts of core {product-title} components run as pods that are scheduled on control plane nodes, it is possible to create a SCC that prevents those core components from being properly scheduled in `openshift-*` namespaces.
++
+This bug fix reduces the role-based access control (RBAC) scope for the `openshift-operator-lifecycle-manager` service account used to run the `package-server-manager` core component. With this update, it is now significantly less likely that an SCC can be applied to the cluster that causes unexpected scheduling issues with the `package-server-manager` component.
++
+[WARNING]
+====
+The SCC API can globally affect scheduling on an {product-title} cluster. When applying such constraints to workloads on the cluster, carefully read the xref:../authentication/managing-security-context-constraints.adoc#managing-pod-security-policies[SCC documentation].
+====
++
+(link:https://issues.redhat.com/browse/OCPBUGS-20347[*OCPBUGS-20347*])
+
 [discrete]
 [id="ocp-4-15-openshift-api-server-bug-fixes"]
 ==== OpenShift API server