OBSDOCS-3310: Release notes for OpenTelemetry 3.9.2

modules/otel-rn-3.9.0.adoc

@@ -0,0 +1,95 @@
+// Module included in the following assemblies:
+//
+// * release-notes/otel-rn.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-rn-3-9-0_{context}"]
+= Release notes for the {otel} 3.9.0
+
+[role="_abstract"]
+The {otel} 3.9.0 is available through the link:https://catalog.redhat.com/software/containers/rhosdt/opentelemetry-operator-bundle/615618406feffc5384e84400/history[{OTelOperator} 0.144.0] and based on the open source link:https://opentelemetry.io/docs/collector/[OpenTelemetry] release 0.144.0.
+
+[NOTE]
+====
+Some linked Jira tickets are accessible only with Red Hat credentials.
+====
+
+The {otel} 3.9.0 release adds the following features and enhancements:
+
+Metric Start Time Processor::
+This update introduces the Metric Start Time Processor. You can use it to add start times to cumulative metrics after the Prometheus Receiver and benefit as follows:
+    - Improve historical data analysis by adding start time data for cumulative values.
+    - Enable the back end to accurately calculate request rates per minute.
+    - Enable threshold-based alerts.
+
+General availability of Collector components::
+The following components, available as a Technology Preview before this update, are fully supported from version 3.9.0:
+* Kubernetes Events Receiver
+* Filter Processor
+* Transform Processor
+* Prometheus Exporter
+* Prometheus Remote Write Exporter
+* Target Allocator
+
+Upgrade to UBI 9::
+This release upgrades the Red Hat Universal Base Image (UBI) to version 9.
+
+Environment variables for Operator configuration::
+This update adds support for overriding the Operator configuration by using environment variables.
+
+Prometheus scrape classes in Target Allocator::
+This update adds support for Prometheus scrape classes in the Target Allocator component.
+
+Configuration change for Kafka Receiver and Kafka Exporter::
+This update changes the configuration of the Kafka Receiver and Kafka Exporter in the OpenTelemetry Collector. The top-level encoding field is now deprecated. With this update, you must set encoding per signal type under logs, metrics, and traces. Use the raw encoding for logs only, because setting it at the top level and applying it to all signal types causes a startup failure. For examples, see "Kafka Receiver" and "Kafka Exporter".
+
+////
+The {otel} 3.9.0 release adds the following Technology Preview features:
+
+...
+
+[IMPORTANT]
+====
+[subs="attributes+"]
+Technology Preview features are not supported with Red{nbsp}Hat production service level agreements (SLAs) and might not be functionally complete. Red{nbsp}Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
+
+For more information about the support scope of Red{nbsp}Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
+====
+
+:FeatureName: Each of these features
+include::snippets/technology-preview.adoc[leveloffset=+1]
+!FeatureName
+////
+
+The {otel} 3.9.0 release deprecates the following features:
+
+Deprecated name for OTLP gRPC Exporter::
+The `otlp` name for the OTLP gRPC Exporter in the OpenTelemetry Collector custom resource (CR) is deprecated. Use the `otlp_grpc` name instead. The `otlp` name is deprecated and planned for removal in a future release.
+
+Deprecated name for OTLP HTTP Exporter::
+The `otlphttp` name for the OTLP HTTP Exporter in the OpenTelemetry Collector custom resource (CR) is deprecated. Use the `otlp_http` name instead. The `otlphttp` name is deprecated and planned for removal in a future release.
+
+The {otel} 3.9.0 release removes the following feature:
+
+OpenCensus Receiver is removed::
+The deprecated OpenCensus Receiver is removed and is no longer supported. This receiver previously provided backward compatibility with the OpenCensus project for easier migration of instrumented codebases. You can use the OpenTelemetry Protocol (OTLP) and OTLP Receiver instead.
+
+The {otel} 3.9.0 release has the following known issue:
+
+No metrics in Host Metrics Receiver scraper::
+After upgrading from Collector version 0.142.0 to 0.143.0 or later, the filesystem scraper does not produce the `system.filesystem.inodes.usage` and `system.filesystem.usage` metrics in the Host Metrics Receiver. No workaround exists.
++
+link:https://issues.redhat.com/browse/TRACING-5963[TRACING-5963]
+
+The {otel} 3.9.0 release fixes the following issues:
+
+Fixed NGINX and Apache instrumentation init containers::
+Before this update, the NGINX and Apache instrumentation init containers were created by cloning the main container's configuration. As a result, there were issues with cloned liveness and readiness probes. With this release, the NGINX and Apache instrumentation init containers are defined independently, rather than inheriting inappropriate probe settings from the main container. As a result, issues with cloned liveness and readiness probes no longer occur.
+
+Fixed `ServiceMonitor` resource for Operator metrics::
+Before this update, the `ServiceMonitor` resource for the Operator metrics was not created due to a bug. With this release, the `ServiceMonitor` resource for the Operator metrics is created.
+
+CVE-2025-61726::
+Before this update, a flaw existed in the `net/url` package in the Go standard library. As a result, a denial-of-service HTTP request with many query parameters could cause the application to consume excessive memory and eventually become unresponsive. This release eliminates this flaw.
++
+link:https://access.redhat.com/security/cve/cve-2025-61726[CVE-2025-61726]

modules/otel-rn-3.9.2.adoc

@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * release-notes/otel-rn.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-rn-3-9-2_{context}"]
+= Release notes for the {otel} 3.9.2
+
+[role="_abstract"]
+The {otel} 3.9.2 is available through the link:https://catalog.redhat.com/software/containers/rhosdt/opentelemetry-operator-bundle/615618406feffc5384e84400/history[{OTelOperator} 0.144.0] and based on the open source link:https://opentelemetry.io/docs/collector/[OpenTelemetry] release 0.144.0.
+
+[NOTE]
+====
+Some linked Jira tickets are accessible only with Red Hat credentials.
+====
+
+// The {otel} 3.9.2 release adds the following features and enhancements:
+
+////
+The {otel} 3.9.2 release adds the following Technology Preview features:
+
+...
+
+[IMPORTANT]
+====
+[subs="attributes+"]
+Technology Preview features are not supported with Red{nbsp}Hat production service level agreements (SLAs) and might not be functionally complete. Red{nbsp}Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
+
+For more information about the support scope of Red{nbsp}Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
+====
+
+:FeatureName: Each of these features
+include::snippets/technology-preview.adoc[leveloffset=+1]
+!FeatureName
+////
+
+// The {otel} 3.9.2 release deprecates the following features:
+
+// The {otel} 3.9.2 release removes the following feature:
+
+The {otel} 3.9.2 release has the following known issue:
+
+No metrics in Host Metrics Receiver scraper::
+After upgrading from Collector version 0.142.0 to 0.143.0 or later, the filesystem scraper does not produce the `system.filesystem.inodes.usage` and `system.filesystem.usage` metrics in the Host Metrics Receiver. No workaround exists.
++
+link:https://issues.redhat.com/browse/TRACING-5963[TRACING-5963]
+
+The {otel} 3.9.2 release fixes the following issues:
+
+XPath library vulnerability is fixed::
+Previously, the `github.com/antchfx/xpath` library was vulnerable to a denial of service (DoS) attack. This issue occurred because specially crafted boolean XPath expressions that evaluated to true caused an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization. With this update, the XPath library properly handles these expressions and prevents infinite loops. As a result, the system is no longer vulnerable to this DoS condition.
++
+link:https://access.redhat.com/security/cve/cve-2026-32287[CVE-2026-32287]
+
+gRPC-Go authorization bypass vulnerability is fixed::
+Previously, gRPC-Go was vulnerable to an authorization bypass attack. This issue occurred because the HTTP/2 `:path` pseudo-header was not properly validated. Remote attackers could send raw HTTP/2 frames with a malformed `:path` that omitted the mandatory leading slash to bypass defined security policies. With this update, gRPC-Go properly validates the `:path` pseudo-header and rejects malformed requests. As a result, attackers can no longer bypass security policies to gain unauthorized access to services or disclose information.
++
+link:https://access.redhat.com/security/cve/cve-2026-33186[CVE-2026-33186]
+
+Go JOSE denial of service vulnerability is fixed::
+Previously, the Go JOSE library for handling JSON Web Encryption (JWE) objects was vulnerable to a denial of service (DoS) attack. This issue occurred because the application failed when decrypting a specially crafted JWE object that specified a key wrapping algorithm but contained an empty encrypted key field. With this update, Go JOSE properly validates the encrypted key field before decryption. As a result, the application no longer crashes when processing malformed JWE objects, and the service remains available to legitimate users.
++
+link:https://access.redhat.com/security/cve/cve-2026-34986[CVE-2026-34986]

release-notes/otel-rn.adoc

@@ -6,20 +6,13 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-include::modules/otel-about-rn.adoc[leveloffset=+1]
+[role="_abstract"]
+Use the {otel} to deploy the OpenTelemetry Collector and instrument your workloads to collect, process, and forward traces, metrics, and logs from your cloud-native applications.
 
 include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-features-only.adoc[]
 
-include::modules/otel-rn-enhancements.adoc[leveloffset=+1]
+include::modules/otel-rn-3.9.2.adoc[leveloffset=+1]
 
-// include::modules/otel-rn-technology-preview-features.adoc[leveloffset=+1]
-
-include::modules/otel-rn-deprecated-features.adoc[leveloffset=+1]
-
-include::modules/otel-rn-removed-features.adoc[leveloffset=+1]
-
-include::modules/otel-rn-known-issues.adoc[leveloffset=+1]
-
-include::modules/otel-rn-bug-fixes.adoc[leveloffset=+1]
+include::modules/otel-rn-3.9.0.adoc[leveloffset=+1]
 
 include::modules/support.adoc[leveloffset=+1]