Changelog

Enable secure parsing of XML files performing XSL transformation (Issue NMS-16414)

Setting KAFKA_RPC_ and KAFKA_SINK_ variables insufficient to disable (Issue NMS-17756)

Update the polyfill library (Issue NMS-17865)

Sanitize user provided inputs (Issue NMS-17875)

Limit the columns for orderBy clause (Issue NMS-17876)

SpogInventoryServiceSyncIT Failed to load ApplicationContext (Issue NMS-17896)

gRPC messaging not working when Trapd is enabled on the Core server (Issue NMS-17732)

Changes in NMS-17726 are not properly merged in foundation-2023, foundation-2024 and horizon 33.x (Issue NMS-17734)

Unreachable code in Minion gRPC client (Issue NMS-17858)

incorrectly extracts the IPs during discovery (Issue NMS-17873)

Allow basic auth credentials / scv metadata in external requisition URL (Issue NMS-17318)

Add a smoke test to validate installation of grpc exporter feature (Issue NMS-17869)

Rest API for getting active Zenith registrations/connections (Issue NMS-17750)

Add service to store/retrieve ZenithConnect registration info (Issue NMS-17851)

Update Jaeger Tracing endpoint in docs. (Issue NMS-17891)

Create GRPC server Side Tests (Issue NMS-17722)

Create GRPC client Side Tests (Issue NMS-17723)

Make grpc exporter compatible to run using in process server. (Issue NMS-17746)

ALEC installation on Sentinel Meridian (Issue NMS-15396)

Deleting scheduled outage replayed by browser refresh (Issue NMS-15517)

Horizon 33.0.2-1 on CentOS9 - Alarm/Event list paging filters issue (Issue NMS-16421)

Java Heap settings are not applied when Minion is running in a container (Issue NMS-17725)

Coretex timeseries metatags broken in 33.1.4 (Issue NMS-17753)

Update cxf-core library (Issue NMS-17854)

Remove R-core Reference from Installation Instructions (Issue NMS-17856)

Update the Base image for Opennms-core, Minion and sentinel (Issue NMS-17735)

isInContainer KPI should recognize Azure, AWS, GCP container runtimes (Issue NMS-15676)

Don’t load snmp-metadata-adapter-configuration.xml by default (Issue NMS-17721)

Add Heartbeat support for SPOG (Single Pane of Glass) (Issue NMS-17738)

Grpc Exporter: SPOG doesn’t show the new nodes that are added (Issue NMS-17857)

Get Meridian system ID and return in Monitoring System API (Issue NMS-17751)

Device config backup ssh client throws key spec not recognised: class net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec (Issue NMS-16359)

Requisition file names with a colon \( : \) break resource graphs (Issue NMS-16537)

Asset table field userlastmodified length is too short (Issue NMS-17005)

Update Library com.google.protobuf:protobuf-java (Issue NMS-17033)

Update Library org.yaml:snakeyaml (Issue NMS-17048)

Not possible to post graphs via the API - server returns 500 (Issue NMS-17073)

Update Library neko-htmlunit (Issue NMS-16724)

Poller log INFO message for "Another service is currently holding the lock", change to different Log Level (Issue NMS-16963)

SCV metadata token replacement for system properties (Issue NMS-16989)

Create simple a shell script to gather and package data helpful to Client Services (Issue NMS-17077)

Add support for Heartbeat in grpc exporter \( bsm\) (Issue NMS-17377)

Grpc Exporter : Ability to disable BSM/ NMS-Inventory modules (Issue NMS-17727)

Add proto for NMS Inventory and Alarms (Issue NMS-16994)

Refactoring existing GRPC client implementation and creation of new GRPC client for Alaram and Inventory (Issue NMS-16998)

Replace Node to OnmsNode to pick up missing fields in proto (Issue NMS-17080)

Update GRPC Routing using Sub-Domains (Issue NMS-17301)

Add events updates in GRPC exporter (Issue NMS-17337)

DeviceConfig via Minion fails if sshScript output contains control characters (Issue NMS-15717)

User tries to create an Alarm filter favorite, but the filter doesn’t save the arguments of the filter (Issue NMS-16573)

Update Node label component (Issue NMS-16585)

Update owasp-java-html-sanitizer library (Issue NMS-16637)

Update com.google.code.gson-gson Library (Issue NMS-16706)

Bug between Web UI and SCVCLI Command (Issue NMS-16943)

Fix Performance regression introduced in NMS-15647 (Issue NMS-16966)

Update org.apache.mina Library (Issue NMS-17040)

Move file utils to new library (Issue NMS-17074)

Configure tenant id for gRPC Exporter (Issue NMS-17003)

Update apache-commons-io (Issue NMS-16638)

File name field in System Reports is not working (Issue NMS-16983)

Move grpc exporter to OpenNMS repository (Issue NMS-16991)

500 Server Error when sending events from GUI when OpenNMS has large number of Events configured (Issue NMS-16485)

Provisioning fails when category has been deleted (Issue NMS-16536)

With use-address-from-varbind traps are misassigned (Issue NMS-16543)

Update protobuf (Issue NMS-16636)

Update fop-core to 2.10 or higher (Issue NMS-16961)

Update cxf-core to 3.6.3 or higher (Issue NMS-16962)

DevOps: Stop including ALEC in containers (Issue NMS-16576)

Enable snmpinterface meta-data to be exposed in the time series integration layer for Pollerd metrics where possible (Issue NMS-16946)

PTP implementation: Implement poller to check for desired port state (Issue NMS-16956)

PTP implementation: add documentation (Issue NMS-16957)

Include service status Integration API (Issue NMS-16972)

Grafana reports endpoint failure (Issue NMS-16367)

Version in about page points to invalid release notes (Issue NMS-16482)

Installation instructions are broken and show an unresolved variable (Issue NMS-16490)

Search does not return any results for Asset Search string Meridian 2024.1.3 (Issue NMS-16510)

Test case failures org.opennms.features.newts.converter. numeric value is NaN (Issue NMS-16936)

Test case failures: The markup in the document preceding the root element must be well-formed (Issue NMS-16949)

Logging in TcpListener in Eventd is done with a foreign class (Issue NMS-16951)

Replace babel/polyfill with core-js 3 (foundation-2021 branch) (Issue NMS-16477)

Update dnsjava to version 3.6.0 if applicable (Issue NMS-16506)

Update proton-j to 0.34 or latest for OSGI (Issue NMS-16549)

Resolve jsoup version discrepancy seen in the dependency graph (Issue NMS-16552)

Update Snakeyaml for indirect dependencies (Issue NMS-16570)

Update linux UBI version to address security vulnerabilities (Issue NMS-16587)

Update product name version properties on meridian (Issue NMS-16947)

Add Node Labels to timeseries data for pollerd services (Issue NMS-16497)

Adding resourceLabels to TS data (Issue NMS-16498)

Update grpc to to the next version to address CVEs (Issue NMS-16180)

Update org.apache.kafka:kafka to version 3.6.2 or higher. (Issue NMS-16507)

Purge jettison 1.4.x from the system directory (Issue NMS-16513)

Update BouncyCastle bcpkix to 1.78 (Issue NMS-16514)

Usage statistics reporter throws an NPE in the stdout on startup (Issue NMS-16435)

Need to Update the Example Event Forwarder Script (Issue NMS-16501)

Meridian 2024 passwordGate page shows up incorrectly (Issue NMS-16484)

Alarm Resync (Issue NMS-16489)

Update to Netty 4 (Issue NMS-16496)

Update pgjdbc to version 42.5.5 (Postgres sql JDBC driver) (Issue NMS-16503)

Update forked version of nekohtml parser to `>= 1.9.22.noko2`version of Nokogiri if applicable (Issue NMS-16504)

Update Apache CXF to 4.0.4, 3.6.3 or 3.5.8 to fix CVE-2024-28752 (Issue NMS-16505)

Stored XSS on "Monitoring Locations" (Issue NMS-16443)

Host Header Injection (Issue NMS-16450)

[Web] - Missing Secure Flag on Session Cookie (Issue NMS-16451)

Stalled threads in telemetryd parser (Issue NMS-16243)

Cross-Frame Scripting-CWE ID : 1021 Web scan vulnerability (Issue NMS-16369)

Address CVE-2020-15522 (Issue NMS-16384)

Querying Alarms by alarmId leads to a page that loses context on refresh (Issue NMS-16417)

Stored XSS on "MIB Compiler" (Issue NMS-16444)

Stored XSS on "Scheduled Outages" (Issue NMS-16445)

Missing Access Control on "Grafana Endpoints" (Issue NMS-16446)

Missing Access Control on "Geocoder Configuration" (Issue NMS-16447)

Stored XSS on "Node Label" (Issue NMS-16448)

Detailed server configuration in the error (Issue NMS-16449)

Audit multi-version dependencies in Karaf (Sentinel Proof-of-Concept) (Issue NMS-16294)

Remove image-related defaults from Docker container makefile (Issue NMS-13583)

Add documentation for SELinux as a requirement to run OpenNMS (Issue NMS-14210)

Include Minion version on "Manage Minions" page (Issue NMS-14493)

Dependabot: leaflet from 1.7.1 to 1.8.0 (Issue NMS-14584)

Error compiling Cisco MIB (Issue NMS-14640)

Make the cloud connect plugin available in container images (Issue NMS-15012)

Data collection and graph definitions for provisiond performance (Issue NMS-15018)

Update docs to include RHEL 9 install instructions (Issue NMS-15147)

Test and Document Support for PostgreSQL 15 (Issue NMS-15151)

Make the ALEC plugin available in container images (Issue NMS-15349)

Make the Cortex TSS plugin available in container images (Issue NMS-15350)

Smoke test improvements and small tweaks to help developers (Issue NMS-15387)

Document the asynchronous datacollection engine (Issue NMS-15737)

Update install script to clear Karaf cache (Issue NMS-16226)

Add option to import-requisition command to block until import is done (Issue NMS-16343)

Rename User Data Collection feature to Product Update Enrollment (Issue NMS-16353)

Configurable option for Kafka Producer CollectionSet buffer size (Issue NMS-16366)

Docs page for Info REST service (Issue NMS-16351)

Add var-bind section into notification docs (Issue NMS-13273)

Provisiond threads description discrepancies (Issue NMS-14766)

Metadata DSL: Add metadata interpolation capability onto more threshold fields (Issue NMS-15667)

Switch our Docker base to UBI (Issue NMS-15788)

Docs: Add install note on DNS resolution (Issue NMS-15792)

Extend PageSequenceMonitor to allow basic auth credentials (Issue NMS-15802)

Expand BlueCat DNS Data Collection (Issue NMS-15865)

Add confd support to Sentinel container (Issue NMS-16149)

Docs: Remove deprecated resourcecli section (Issue NMS-16216)

Upgrade to latest Karaf 4.3 (Issue NMS-16249)

Deprecate VMware 3-5 collection/graphs (Issue NMS-16266)

Fix formatting in snmp-graph.properties.d files (Issue NMS-16269)

Docs: Update install docs for monitoring database connection (Issue NMS-16286)

Update container confd to default Postgres SSL to prefer (Issue NMS-16287)

Allow fix-permissions and update-package-permissions scripts to set ownership for customized users (Issue NMS-16406)

Geo Map: Add content to the map marker pop up (Issue NMS-13698)

Uncontrolled Resource Consumption in Jackson-databind (Issue NMS-15030)

CVE in Jolokia 1.3.3 dependency (Issue NMS-15068)

CVE-2021-37714 for jsoup (multiple versions) (Issue NMS-15069)

Vulnerable JUnit dependency (Issue NMS-15074)

RHEL9 installation documentation tab (Issue NMS-15079)

Document deviceconfig tftp maximumReceiveSize (Issue NMS-15121)

Add flow version table to Flow Introduction (Issue NMS-15158)

JAVA_KEYALIAS Variable needs to be updated (Issue NMS-15239)

JAVA_KEYSTORE Variable needs to be updated (Issue NMS-15240)

JAVA_STOREPASS Variable needs to be updated (Issue NMS-15241)

Document the breaking changes done as part of Limit script file locations for GpDetector and ScriptPolicy (Issue NMS-15288)

Release notes / wart: ALEC not installable on M2023.1.0 / H31.0.4 Sentinel (Issue NMS-15403)

Release notes / wart: dual-write TS delay on startup (Issue NMS-15404)

Release notes / wart: Geo map alarms and ROLE_REST (thank Ricardo Monteiro for the report) (Issue NMS-15406)

Metadata DSL: Elasticsearch Integration (Issue NMS-15752)

Update UI for Admin password change prompt (Issue NMS-15780)

Create Initial Node Structure Page (Issue NMS-16037)

Update UI dependencies to latest Vue3, feather, etc. (Issue NMS-16045)

Node structure page: Union/Intersection category filter switch (Issue NMS-16058)

Node structure: add unit tests (Issue NMS-16060)

Structured Node List: Add smoke test (Issue NMS-16061)

Structured node list: Export CSV/XLS (Issue NMS-16064)

Unzip command is missing from UBI images (Issue NMS-16087)

Convert Menu store to pinia (Issue NMS-16092)

Structured node list: UX Updates (Issue NMS-16103)

Structured node list: handle legacy query strings (Issue NMS-16116)

Structured node list: UX updates Part 2 (Issue NMS-16123)

Structured node list: Merge feature branch to develop (Issue NMS-16124)

Convert NodeStructure store to pinia (Issue NMS-16125)

Node structure: Add management IP address (Issue NMS-16126)

Node structure: Make preferences persistent (Issue NMS-16130)

Convert Node store to pinia (Issue NMS-16136)

Update Vue UI README with dev workflow instructions (Issue NMS-16142)

Convert more stores to pinia (Issue NMS-16144)

Convert auth, usageStats and other stores to pinia (Issue NMS-16154)

Convert deviceStore etc to pinia, remove vuex from project (Issue NMS-16156)

DOCS: Document structured node list (Issue NMS-16210)

Docs: Remove reference to 'opennms-cloud-plugin' plugin (Issue NMS-16231)

RPM packages fail to install when FIPS Enabled (Issue NMS-14628)

Link on Netflow9 to main Netflow doc is broken (Issue NMS-15144)

Missing /run/opennms on Ubuntu (Issue NMS-14650)

RRD persistence with default configs in our Horizon OCI points to wrong libjrrd2.so (Issue NMS-14778)

Chrome/Edge Web Browser : Geographical Map Node Counters are wrong (Issue NMS-14792)

OpenNMS opennms start fails on Ubuntu (Issue NMS-14838)

Multiple stored and reflected XSS in webapp (Issue NMS-14854)

horizon.oci contains more than one container image (Issue NMS-14896)

Regression: install script fails if an OpenNMS directory contains root-owned lost+found directory (Issue NMS-14919)

Form Resubmission From Cache (Issue NMS-14933)

XML Entity Expansion Injection in geolocation API (Issue NMS-14988)

Remove reference to remote pollers (Issue NMS-15017)

RHEL9/CentOS9/Rocky 9 need chkconfig package to enable service properly (Issue NMS-15093)

Default limit of 10 is not working for event queries (Issue NMS-15123)

Flows adapters don’t start on Sentinel running as a container. (Issue NMS-15161)

Jetty context startup failures are not clearly communicated to the user (Issue NMS-15179)

CVE-2017-7504 for javassist 3.18.2-ga and 3.19.0-ga (Issue NMS-15191)

CVE-2017-7504 for jboss-logging 3.1.0.cr2 (Issue NMS-15192)

CVE-2014-2228 for org.restlet 1.1.10 (Issue NMS-15193)

CVE-2019-13990 for quartz 2.2.3 (Issue NMS-15194)

CVE-2022-45047 for sshd-sftp 2.5.1 (Issue NMS-15195)

CVE-2021-21342 and 7 others for xstream 1.4.11.1 (Issue NMS-15196)

CVE-2014-9970 for jasypt 1.9.0 (Issue NMS-15197)

CVE-2021-33813 for jdom2 2.0.6 (Issue NMS-15198)

CVE-2022-40149 and CVE-2022-40150 for jettison 1.3.8 (Issue NMS-15199)

CVE-2016-5725 for jsch 0.1.51 (Issue NMS-15200)

CVE-2022-3171 for protobuf-java 3.16.1 (Issue NMS-15201)

CVE-2018-17187 for proton-j 0.14.0 (Issue NMS-15202)

CVE-2017-15288 and CVE-2020-7907 for scala-library 2.11.0 and 2.12.12 (Issue NMS-15203)

CVE-2020-13936 for velocity 1.7 (Issue NMS-15204)

CVE-2020-11988 for xmlgraphics-commons 1.4 (Issue NMS-15205)

Update docs TOC to include missing notification commands file (Issue NMS-15266)

Meridian 2023 old UI pages have Horizon Logo (Issue NMS-15281)

NPE in karaf.log when parallel TSDB writes enabled (Issue NMS-15282)

Poor contrast in navigation menu of OG UI (Issue NMS-15283)

Styling of Feather / Vue UI in Meridian does not match OG UI (Issue NMS-15284)

Stealing Cookies using Reflected XSS via graph results (Issue NMS-15292)

Sanitize request parameters in outage/list.htm (Issue NMS-15294)

Plaintext Password Present in the Web logs (Issue NMS-15305)

Upgrade Apache Kafka Dependency Beyond 3.2.0 (Issue NMS-15317)

RingBufferTimeseriesWriter.destroy can take a long time or hang due to BlockingServiceLookup.lookup in WorkProcessors (Issue NMS-15324)

Dead transaction in flow thresholding on sentinel (Issue NMS-15340)

Regular requisition editor empty state incorrectly names external requisitions (Issue NMS-15347)

When we fail to start up, we don’t exit with a non-zero exit code so failures cannot be properly reflected in containers (Issue NMS-15386)

ALEC plugin dependency update (Issue NMS-15391)

DroolsAlarmContext error - alarm facts out of sync (Issue NMS-16208)

Running the config-tester -a throws an IllegalStateException for ActiveMQ context (Issue NMS-16355)

CVE-2024-3094 investigation (Issue NMS-16396)

Container image build fails with a wrong reference to deploy-base:ubi9-3.3.0.b265-jre-17 (Issue NMS-16399)

Hikari CP leaking threads (Issue NMS-16345)

LdapMonitor does not work when a Minion is the poller (Issue NMS-16349)

The script showing the Karaf process status in our container image requires "ps" (Issue NMS-16356)

VMware credentials exposed in provisiond log file (Issue NMS-16357)

Collectd can’t persist time series data and throwing a NPE with "java.util.List.size()" because "rraList" is null (Issue NMS-16358)

Issue installing on Debian 11 Reported by Customer (Issue NMS-16309)

Missing information in downtime model docs (Issue NMS-10133)

R-Core fails to install following the Horizon 30 Install Docs (Issue NMS-14777)

Surveillance Dashboard shows acknowledged Alarms (Issue NMS-15448)

Access Denied when deleting a node with admin user (Issue NMS-15746)

Typo in Configuring Minion via confd README (Issue NMS-15901)

"Dismiss" in Usage Statistics Sharing Notice is misleading (Issue NMS-16027)

Links in node table open both in current tab and in a new tab (Issue NMS-16047)

Fix Geographical Map after vue-leaflet upgrade (Issue NMS-16065)

Top of page search displays 'Show nodes with severity' multiple times (Issue NMS-16067)

Device config upload failed with org.apache.sshd.common.SshException: EdDSA provider not supported (Issue NMS-16131)

Data choices plugin throws a NPE when user clicks on show collected data. (Issue NMS-16151)

Event parameters with <> not rendering in event/alarm views (Issue NMS-16157)

Users with ROLE_READONLY can add, modify, and delete alarm memos (Issue NMS-16162)

Docs: Meridian plugins reference wrong package names (Issue NMS-16164)

Fix resource types for default Postgres collection (Issue NMS-16165)

Service detail page displays wrong collectd package (Issue NMS-16167)

enlinkd logging hibernate errors (lack of unique index) (Issue NMS-16199)

Zookeeper 3.4.6 version mismatch in Meridian 2021 (Issue NMS-16209)

upgrade ActiveMQ to latest 5.15.x (Issue NMS-16218)

Documentation build failing: cannot find antora/xref-validator (Issue NMS-16227)

Node structure: fix sorting (Issue NMS-16246)

OpenConfig Connector parameter frequency in incorrect unit (Issue NMS-16253)

Container flag -t does not pass correct arguments (Issue NMS-16265)

Cortex plugin does not start automatically (Issue NMS-16272)

PostgreSQL monitor url parameter metadata PostgreSQL monitor url parameter metadata cannot be resolved properly and collection fails consequently (Issue NMS-16374)

Unable to display varbind’s form feed characters and other control characters in events (Issue NMS-16395)

Revive PoweredBy section in new docs (Issue NMS-14703)

Modify foreign source in HeartbeatConsumer to ignore docker interfaces and detect SNMP agent (Issue NMS-14855)

SNMP Community retrieval through SCV on Minion (Issue NMS-15008)

Add JSON support (in additional to GBP) to the Kafka producer for flows (Issue NMS-15027)

Backport deploy-base update from develop to release-31.x (upgrades JRE minor version, adds vim-tiny, less) (Issue NMS-15046)

Add KPI for Appliance count by model (Issue NMS-15051)

Velocloud plugin 1.0 is compatible with Meridian 2023 (Issue NMS-15138)

ALEC 3.0 is compatible with Meridian 2023 (Issue NMS-15139)

Cortex TSS plugin 2.0.1 is compatible with Meridian 2023 (Issue NMS-15140)

Cloud services connector plugin is compatible with Meridian 2023 (Issue NMS-15141)

Geo Map node groups should split into individual markers (Issue NMS-15150)

Distributed IPC mechanisms all work in Meridian 2023 (Issue NMS-15223)

Accessibility testing for rebranded Meridian 2023 UI (Issue NMS-15224)

Penetration testing for Meridian 2023 (Issue NMS-15225)

Meridian container images are signed (Issue NMS-15341)

Metadata DSL: Documentation for Metadata DSL updates (Issue NMS-15774)

Document change in login password behaviour (Issue NMS-15775)

Smoke test for Admin password change (Issue NMS-15866)

Admin Password Change: UX Review and Updates (Issue NMS-15867)

Admin Password Change: Merge to develop (Issue NMS-15868)

User is redirected to landing page after password change is done (Issue NMS-16036)

Use pinia instead of vuex in Vue UI (Issue NMS-16043)

Add pinia stores to UI but do not yet activate them (Issue NMS-16068)

Metadata DSL: Persist poller parameters as meta data (Issue NMS-16146)

Node structure: more query params (fs:fid, snmp, sys) (Issue NMS-16197)

Remove plugin 'opennms-cloud-plugin' from installation (Issue NMS-16219)

Geo Map: enable user-defined map to be the default one (Issue NMS-16229)

DOCS: Document Geographical Map user-defined map (Issue NMS-16230)

Add node-gyp to fix CircleCI build-ui errors (Issue NMS-16242)

News Feed: UI Panel and REST Service (Issue NMS-16282)

Web UI for User Data Collection (Issue NMS-16283)

User Data Collection: Database / Rest / CM work (Issue NMS-16284)

Publish container images to a container registry other than DockerHub (Issue NMS-15091)

Meridian 2023 release testing (Issue NMS-15137)

Visual differentiation of Meridian 2023 web UI versus Horizon 31 (Issue NMS-15265)

Opt-In User Data: Name, email and company Collection (Issue NMS-16279)

Installation of Meridian Minion, Sentinel, Core and Node. (Issue NMS-15388)

Minion routes traffic to Core. (Issue NMS-15389)

Sentinel offloads flows from Core. (Issue NMS-15405)

Metadata DSL: VMware Integration (Issue NMS-15753)

Metadata DSL: WSMAN Integration (Issue NMS-15754)

Metadata DSL: TL1D Integration (Issue NMS-15755)

Metadata DSL: JMX Data-collection (Issue NMS-15756)

Metadata DSL: XML Data-collection (Issue NMS-15757)

Metadata DSL: HTTP/HTTPS Data-collection (Issue NMS-15758)

Metadata DSL: Notification Credentials (Issue NMS-15759)

Metadata DSL: Ticketer Plugins (Issue NMS-15760)

Metadata DSL: Trapd Configuration (Issue NMS-15761)

Metadata DSL: JCIFS Monitor (Issue NMS-15762)

Metadata DSL: IFTTT Configuration (Issue NMS-15763)

Metadata DSL: Repository Configuration (Issue NMS-15764)

Metadata DSL: [OPTIONAL] Consistent *-config.xml Configurations (Issue NMS-15765)

Metadata DSL: Evaluate feasability to support metadata in Drools rules (Issue NMS-15766)

Metadata DSL: Change default poller and collectd configuration files to reflect ability to use metadata (Issue NMS-16016)

Metadata DSL: snmp-config.xml & SNMP Profiles (Issue NMS-16028)

Metadata DSL: change default opennms-datasources.xml to reflect the possibility of using metadata (Issue NMS-16029)

OpenShift: Document the impact of disabling allowPrivilegeEscalation (Issue NMS-16239)

Update wording to Product Update Sign Up (Issue NMS-16352)