diff --git a/modules/compliance-supported-profiles.adoc b/modules/compliance-supported-profiles.adoc index 77e6b1203c..6376315539 100644 --- a/modules/compliance-supported-profiles.adoc +++ b/modules/compliance-supported-profiles.adoc @@ -20,18 +20,18 @@ The Compliance Operator provides the following compliance profiles: |Supported architectures |ocp4-cis -|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.1.0 +|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.4.0 |Platform -|0.1.39+ +|1.2.0+ |link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[1]^ |`x86_64` `ppc64le` `s390x` |ocp4-cis-node -|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.1.0 +|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.4.0 |Node ^[2]^ -|0.1.39+ +|1.2.0+ |link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks ™] ^[1]^ |`x86_64` `ppc64le` @@ -131,5 +131,5 @@ The Compliance Operator provides the following compliance profiles: |`x86_64` |=== [.small] -1. To locate the CIS {product-title} v4 Benchmark, go to link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks] and type `Kubernetes` in the search box. Click on *Kubernetes* and then *Download Latest CIS Benchmark*, where you can then register to download the benchmark. +1. To locate the CIS {product-title} v4 Benchmark, go to link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark. 2. Node profiles must be used with the relevant Platform profile. For more information, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profile_typesunderstanding-compliance[Compliance Operator profile types]. \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc index e34f2d32a0..1b9891c58a 100644 --- a/security/compliance_operator/compliance-operator-release-notes.adoc +++ b/security/compliance_operator/compliance-operator-release-notes.adoc @@ -15,6 +15,27 @@ For an overview of the Compliance Operator, see xref:../../security/compliance_o To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator]. +[id="compliance-operator-release-notes-1-2-0"] +== OpenShift Compliance Operator 1.2.0 + +The following advisory is available for the OpenShift Compliance Operator 1.2.0: + +* link:https://access.redhat.com/errata/RHBA-2023:4245[RHBA-2023:4245 - OpenShift Compliance Operator enhancement update] + +[id="compliance-operator-1-2-0-new-features-and-enhancements"] +=== New features and enhancements + +* The CIS {product-title} 4 Benchmark v1.4.0 profile is now available for platform and node applications. To locate the CIS {product-title} v4 Benchmark, go to link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark. ++ +[IMPORTANT] +==== +Upgrading to Compliance Operator 1.2.0 will overwrite the CIS {product-title} 4 Benchmark 1.1.0 profiles. + +If your {product-title} environment contains existing `cis` and `cis-node` remediations, there might be some differences in scan results after upgrading to Compliance Operator 1.2.0. +==== + +* Additional clarity for auditing security context constraints (SCCs) is now available for the `scc-limit-container-allowed-capabilities` rule. + [id="compliance-operator-release-notes-1-1-0"] == OpenShift Compliance Operator 1.1.0