Skip to content

OBSDOCS-3393: Align OpenTelemetry and distributed tracing release notes #111711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
max-cx wants to merge 1 commit into
base: standalone-distributed-tracing-docs-main
Choose a base branch
from
Open

OBSDOCS-3393: Align OpenTelemetry and distributed tracing release notes #111711

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions modules/distr-tracing-rn-3.9.0.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@

:_mod-docs-content-type: REFERENCE
[id="distr-tracing-rn-3-9_{context}"]
= Release notes for the {dt} 3.9
= Release notes for the {dt} 3.9.0

[role="_abstract"]
The {dt} 3.9 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.20.0] and based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] 2.10.0.
The {dt} 3.9.0 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.20.0] and is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] 2.10.0.

[NOTE]
====
Some linked Jira tickets are accessible only with Red Hat credentials.
====

The {dt} 3.9 release adds the following features and enhancements:
The {dt} 3.9.0 release adds the following features and enhancements:

Upgrade to UBI 9::
This release upgrades the Red Hat Universal Base Image (UBI) to version 9.
Expand All @@ -39,12 +39,12 @@ The Operator now automatically sets the `GOMEMLIMIT` soft memory limit for the G
+
link:https://issues.redhat.com/browse/TRACING-4554[TRACING-4554]

A `TempoStack` or `TempoMonolithic` instance without the gateway is not supported::
You must enable the gateway for TempoStack and TempoMonolithic instances::
This update requires a tenant configuration and an enabled gateway for `TempoStack` and `TempoMonolithic` instances. If you do not enable the gateway, the Operator displays a warning. For a `TempoStack` instance, enable the gateway by setting `.spec.template.gateway.enabled` to `true`. For a `TempoMonolithic` instance, the gateway is enabled automatically when any tenant is configured. `TempoStack` and `TempoMonolithic` instances without an enabled gateway are not supported.
+
link:https://issues.redhat.com/browse/TRACING-5750[TRACING-5750]

// The {dt} 3.9 adds the following Technology Preview features:
// The {dt} 3.9.0 adds the following Technology Preview features:
////
[IMPORTANT]
====
Expand All @@ -57,11 +57,11 @@ For more information about the support scope of Red{nbsp}Hat Technology Preview
// :FeatureName: Each of these features
// include::snippets/technology-preview.adoc[leveloffset=+1]

// The {dt} 3.9 release deprecates the following features:
// The {dt} 3.9.0 release deprecates the following features:

// The {dt} 3.9 release removes the following features:
// The {dt} 3.9.0 release removes the following features:

The {dt} 3.9 release has the following known issue:
The {dt} 3.9.0 release has the following known issue:

Gateway fails to forward OTLP HTTP traffic when receiver TLS is enabled::
When Tempo Monolithic is configured with `multitenancy.enabled: true` and `ingestion.otlp.http.tls.enabled: true`, the gateway forwards OTLP HTTP traffic to the Tempo receiver using plain HTTP instead of HTTPS. As a consequence, the connection fails with a `connection reset by peer` error because the receiver expects TLS connections. OTLP gRPC ingestion through the gateway is not affected.
Expand All @@ -70,24 +70,24 @@ To work around this problem, disable TLS on the OTLP HTTP receiver by setting `i
+
link:https://issues.redhat.com/browse/TRACING-5973[TRACING-5973]

The {dt} 3.9 release fixes the following issues:
The {dt} 3.9.0 release fixes the following issues:

Fixed network policies for managed OpenShift services::
Network policies for managed OpenShift services are fixed::
Before this update, the Operator network policies used a hard-coded port 6443 for the API server. As a consequence, the Operator failed to connect to managed OpenShift services that expose the API on port 443. With this update, the Operator dynamically retrieves the control plane address from service endpoints. As a result, network policies work correctly on all OpenShift environments.
+
link:https://issues.redhat.com/browse/TRACING-5974[TRACING-5974]

CVE-2025-61726::
Denial-of-service vulnerability in the `net/url` package is fixed::
Before this update, a flaw existed in the `net/url` package in the Go standard library. As a consequence, a denial-of-service HTTP request with a massive number of query parameters could cause the application to consume an excessive amount of memory and eventually become unresponsive. This release eliminates this flaw.
+
link:https://access.redhat.com/security/cve/cve-2025-61726[CVE-2025-61726]

CVE-2025-61729::
Denial-of-service vulnerability in the `crypto/x509` package is fixed::
Before this update, the `HostnameError.Error()` function in the Go `crypto/x509` package used string concatenation in a loop without limiting the number of printed hostnames. As a consequence, processing a malicious certificate with many hostnames could cause excessive CPU and memory consumption, leading to a denial-of-service condition. This release includes the fix for this flaw.
+
link:https://access.redhat.com/security/cve/CVE-2025-61729[CVE-2025-61729]

CVE-2025-68121::
Certificate validation bypass vulnerability in the `crypto/tls` package is fixed::
Before this update, a flaw existed in the `crypto/tls` package in the Go standard library. As a consequence, during TLS session resumption, unauthorized clients or servers could bypass certificate validation if CA pools were mutated between handshakes. This release includes the fix for this flaw.
+
link:https://access.redhat.com/security/cve/CVE-2025-68121[CVE-2025-68121]
10 changes: 5 additions & 5 deletions modules/distr-tracing-rn-3.9.1.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
= Release notes for the {dt} 3.9.1

[role="_abstract"]
The {dt} 3.9.1 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.20.0] and based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] 2.10.3.
The {dt} 3.9.1 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.20.0] and is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo] 2.10.3.

[NOTE]
====
Expand Down Expand Up @@ -44,12 +44,12 @@ link:https://issues.redhat.com/browse/TRACING-5973[TRACING-5973]

The {dt} 3.9.1 release fixes the following issues:

Network policies blocked Jaeger gRPC Query API::
Previously, network policies for TempoStack deployments did not include port 16685 for the Jaeger gRPC Query API. As a consequence, cluster components could not access the Jaeger gRPC Query API when JaegerQuery was enabled. With this fix, the cluster ingress rules include the missing port 16685 for the query-frontend component. As a result, the Jaeger gRPC Query API is accessible through network policies.
Missing Jaeger gRPC Query API port in TempoStack network policies is fixed::
Before this update, network policies for TempoStack deployments did not include port 16685 for the Jaeger gRPC Query API. As a consequence, cluster components could not access the Jaeger gRPC Query API when JaegerQuery was enabled. With this fix, the cluster ingress rules include the missing port 16685 for the query-frontend component. As a result, the Jaeger gRPC Query API is accessible through network policies.
+
link:https://redhat.atlassian.net/browse/TRACING-6061[TRACING-6061]

Network policy blocked gateway health endpoint, causing *TargetDown* alert::
Previously, the network policy for the TempoStack gateway component did not include port 8081, which is required for the gateway internal HTTP server. As a consequence, after upgrading the Tempo Operator, the *TargetDown* alert appeared because gateway health checks were unreachable. With this fix, the network policy includes port 8081 in the ingress rules for the gateway component. As a result, gateway health checks succeed and the *TargetDown* alert no longer appears.
Missing port 8081 in the TempoStack gateway network policy is fixed::
Before this update, the network policy for the TempoStack gateway component did not include port 8081, which is required for the gateway internal HTTP server. As a consequence, after upgrading the Tempo Operator, the *TargetDown* alert appeared because gateway health checks were unreachable. With this fix, the network policy includes port 8081 in the ingress rules for the gateway component. As a result, gateway health checks succeed and the *TargetDown* alert no longer appears.
+
link:https://redhat.atlassian.net/browse/TRACING-6073[TRACING-6073]
Loading