From f6e6175fabf3cab68100eaa44791318b3ec010bb Mon Sep 17 00:00:00 2001
From: GroceryBoyJr <75502996+GroceryBoyJr@users.noreply.github.com>
Date: Wed, 14 May 2025 23:06:33 -0400
Subject: [PATCH] FIO 1.3.6 release notes

---
 ...file-integrity-operator-release-notes.adoc | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
index 1d1954f9e3..5aa5f531a8 100644
--- a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
@@ -15,6 +15,26 @@ For an overview of the File Integrity Operator, see xref:../../security/file_int
 
 To access the latest release, see xref:../../security/file_integrity_operator/file-integrity-operator-updating.adoc#olm-preparing-upgrade_file-integrity-operator-updating[Updating the File Integrity Operator].
 
+[id="file-integrity-operator-release-notes-1-3-6"]
+== OpenShift File Integrity Operator 1.3.6
+
+The following advisory is available for the OpenShift File Integrity Operator 1.3.6:
+
+* link:https://access.redhat.com/errata/RHBA-2025:11535[RHBA-2025:11535 OpenShift File Integrity Operator Bug Fix Update]
+
+[id="file-integrity-operator-1-3-6-bug-fixes"]
+=== Bug fixes
+
+* Previously, running the `oc annotate fileintegrities/<fileintegrity-name> file-integrity.openshift.io/re-init-on-failed=` command would trigger a reinitialization on all nodes. Now, it only reinitializes the nodes where failures occurred. (link:https://issues.redhat.com/browse/OCPBUGS-18933[*OCPBUGS-18933*])
+
+* Previously, resetting FIO cleared the `NodeHasIntegrityFailure` alert. This occurred because the `metric file_integrity_operator_node_failed` setting was also reset. With this release, restarting FIO does not affect the `NodeHasIntegrityFailure` alert. (link:https://issues.redhat.com/browse/OCPBUGS-42807[*OCPBUGS-42807*])
+
+* Previously, when a new node was added to a cluster by scaling up the `machineset` object, FIO marked the new node as `Failed` before the node was ready. With this release FIO waits until the new node is ready. (link:https://issues.redhat.com/browse/OCPBUGS-36483[*OCPBUGS-36483*])
+
+* Previously, the Advanced Intrusion Detection Environment (AIDE) daemonset pods would constantly force-initialize the AIDE database. With this release, FIO initializes the AIDE database only once. (link:https://issues.redhat.com/browse/OCPBUGS-37300[*OCPBUGS-37300*])
+
+* Previously, some link paths in the Machine Config Operator (MCO) configuration, such as `/hostroot/etc/ipsec.d/openshift.conf` and `hostroot/etc/mco/internal-registry-pull-secret.json`, were modified during an MCO update. This led to failed file integrity checks on nodes after the update, which disrupted user experience. With this update, the modified file link paths in the MCO configuration have been updated. File integrity checks now pass after an update, helping to ensure a stable cluster. (link:https://issues.redhat.com/browse/OCPBUGS-41628[*OCPBUGS-41628*])
+
 [id="file-integrity-operator-release-notes-1-3-5"]
 == OpenShift File Integrity Operator 1.3.5