Merge pull request #113004 from GroceryBoyJr/co-191z

lahinson · web-flow · commit b5d76c7a1fb6 · 2026-06-18T11:29:47.000-04:00
OSDOCS-20088: Compliance Operator 1.9.1 z-stream release notes
diff --git a/modules/compliance-rn-1-9-1.adoc b/modules/compliance-rn-1-9-1.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * security/compliance_operator/compliance-operator-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="compliance-operator-release-notes-1-9-1_{context}"]
+= Release notes for OpenShift Compliance Operator 1.9.1
+
+[role="_abstract"]
+Release notes for OpenShift Compliance Operator 1.9.1.
+
+
+The following Red Hat Security Advisory (RHSA) is available for the OpenShift Compliance Operator 1.9.1:
+
+* link:https://access.redhat.com/errata/RHSA-2026:26571[RHSA-2026:26571 - OpenShift Compliance Operator 1.9.1 bug fix and enhancement update]
+
+[id="compliance-operator-1-9-1-bug-fixes_{context}"]
+== Bug fixes
+
+* Before this release, when you created a `TailoredProfile` object that extended a base profile, you could only enable rules that were available in the XCCDF groups in the base profile. With this release, `TailoredProfile` objects can enable any rule available. For more information, see (link:https://redhat.atlassian.net/browse/CMP-4283[CMP-4283]).
+
+* Before this release, the Compliance Operator rule, `ocp4-cis-file-permissions-cni-conf`, checked file permissions for every file under the `/etc/cni/net.d/` directory, including the runtime `cni.lock` file, which could cause incorrect fail results. With this release, the rule checks permissions only for CNI configuration files (`.conf`, `.conflist`, `.json`). For more information, see (link:https://redhat.atlassian.net/browse/CMP-4323[CMP-4323]).
+
+* Before this release, the Compliance Operator defaulted to an `imagePullPolicy` of `Always`, which could cause unnecessary container image pulls from the registry on every pod start. With this release, the default is `IfNotPresent`. For more information, see (link:https://redhat.atlassian.net/browse/CMP-4313[CMP-4313]).
+
+* Before this release, updated DISA STIG reference URLs caused the profile parser to omit STIG reference annotations on `Rule` custom resources. With this release, the parser recognizes the updated URLs and restores those annotations. For more information, see (link:https://redhat.atlassian.net/browse/CMP-4333[CMP-4333]).
+
+* Before this release, updated NERC-CIP reference URLs caused the profile parser to omit NERC-CIP annotations on `Rule` custom resources. With this release, the parser recognizes the updated URLs and restores those annotations. For more information, see (link:https://redhat.atlassian.net/browse/CMP-4349[CMP-4349]).
+
diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc
@@ -14,6 +14,8 @@ These release notes track the development of the Compliance Operator in the {pro
 
 // Release note modules (most recent first)
 
+include::modules/compliance-rn-1-9-1.adoc[leveloffset=+1]
+
 include::modules/compliance-rn-1-9-0.adoc[leveloffset=+1]
 
 include::modules/compliance-rn-1-8-2.adoc[leveloffset=+1]
