openshift · max-cx · Mar 31, 2025
diff --git a/modules/distr-tracing-tempo-config-query-frontend.adoc b/modules/distr-tracing-tempo-config-query-frontend.adoc
@@ -96,7 +96,7 @@ The query frontend component is responsible for sharding the search space for an
 |type: boolean
 
 |`jaegerQuery.monitorTab.prometheusEndpoint`
-|The endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics. For example, `+https://thanos-querier.openshift-monitoring.svc.cluster.local:9091+`.
+|The endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics. For example, `+https://thanos-querier.openshift-monitoring.svc.cluster.local:9092+`.
 |type: string
 
 |===

diff --git a/modules/distr-tracing-tempo-config-spanmetrics.adoc b/modules/distr-tracing-tempo-config-spanmetrics.adoc
@@ -95,7 +95,7 @@ spec:
         enabled: true
         monitorTab:
           enabled: true # <1>
-          prometheusEndpoint: https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 # <2>
+          prometheusEndpoint: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092 # <2>
           redMetricsNamespace: "" <3>
         ingress:
           type: route

diff --git a/observability/distr_tracing/distr-tracing-rn.adoc b/observability/distr_tracing/distr-tracing-rn.adoc
@@ -17,6 +17,11 @@ include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-fea
 
 This release of the {DTProductName} includes the {TempoName} and the deprecated {JaegerName}.
 
+[IMPORTANT]
+====
+The {TempoName} 3.5.1 patch release has been released.
+====
+
 ////
 [id="distr-tracing_3-5_cves_{context}"]
 === CVEs
@@ -27,7 +32,7 @@ This release fixes the following CVEs:
 ////
 
 [id="distr-tracing_3-5_tempo-release-notes_{context}"]
-=== {TempoName}
+=== {TempoName} 3.5
 
 The {TempoName} 3.5 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/tempo-operator-bundle/642c3e0eacf1b5bdbba7654a/history[{TempoOperator} 0.15.3].
 
@@ -55,8 +60,49 @@ This update introduces the following bug fix:
 
 * Before this update, the {TempoOperator} failed when the `TempoStack` custom resource had the `spec.storage.tls.enabled` field set to `true` and used an Amazon S3 object store with the Security Token Service (STS) authentication. With this update, such a `TempoStack` custom resource configuration does not cause the {TempoOperator} to fail.
 
+[id="distr-tracing_3-5_tempo-release-notes_known-issues_{context}"]
+==== Known issues
+
+The {TempoName} 3.5 has the following known issue:
+
+* Currently, when the OpenShift tenancy mode is enabled, the `ServiceAccount` object of the gateway component of a `TempoStack` or `TempoMonolithic` instance requires the `TokenReview` and `SubjectAccessReview` permissions for authorization.
++
+Workaround: Deploy the instance in a dedicated namespace, and carefully audit which users have the permission to read the secrets in this namespace.
+
+[id="distr-tracing_3-5-1_tempo-release-notes_{context}"]
+=== {TempoName} 3.5.1
+
+The {TempoName} 3.5.1 is a patch release.
+
+[id="distr-tracing_3-5-1_tempo-release-notes_cves_{context}"]
+==== CVEs
+
+The {TempoName} 3.5.1 patch release fixes the following CVEs:
+
+* link:https://access.redhat.com/security/cve/CVE-2025-2786[CVE-2025-2786]
+
+* link:https://access.redhat.com/security/cve/CVE-2025-2842[CVE-2025-2842]
+
+* link:https://access.redhat.com/security/cve/CVE-2025-30204[CVE-2025-30204]
+
+[id="distr-tracing_3-5-1_tempo-release-notes_breaking-changes_{context}"]
+==== Breaking changes
+
+The {TempoName} 3.5.1 update introduces the following breaking change:
+
+* With this update, for a user to create or modify a `TempoStack` or `TempoMonolithic` custom resource with enabled multi-tenancy, the user must have permissions to create the `TokenReview` and `SubjectAccessReview` authorization objects.
+
+[id="distr-tracing_3-5-1_tempo-release-notes_known-issues_{context}"]
+==== Known issues
+
+The {TempoName} 3.5.1 has the following known issue:
+
+* Currently, when the OpenShift tenancy mode is enabled, the `ServiceAccount` object of the gateway component of a `TempoStack` or `TempoMonolithic` instance requires the `TokenReview` and `SubjectAccessReview` permissions for authorization.
++
+Workaround: Deploy the instance in a dedicated namespace, and carefully audit which users have the permission to read the secrets in this namespace.
+
 [id="distr-tracing_3-5_jaeger-release-notes_{context}"]
-=== {JaegerName}
+=== {JaegerName} 3.5
 
 The {JaegerName} 3.5 is the last release of the {JaegerName} that Red Hat plans to support.
 

diff --git a/observability/otel/otel-rn.adoc b/observability/otel/otel-rn.adoc
@@ -12,6 +12,26 @@ You can use the {OTELName} xref:../../observability/otel/otel-forwarding-telemet
 
 include::snippets/distr-tracing-and-otel-disclaimer-about-docs-for-supported-features-only.adoc[]
 
+[id="otel_3-5-1_{context}"]
+== Release notes for {OTELName} 3.5.1
+
+The {OTELName} 3.5.1 is provided through the link:https://catalog.redhat.com/software/containers/rhosdt/opentelemetry-operator-bundle/615618406feffc5384e84400/history[{OTELOperator} 0.119.0].
+
+[NOTE]
+====
+The {OTELName} 3.5.1 is based on the open source link:https://opentelemetry.io/docs/collector/[OpenTelemetry] release 0.119.0.
+====
+
+[id="distr-tracing_3-5-1_cves_{context}"]
+=== CVEs
+
+This release fixes the following CVEs:
+
+* link:https://access.redhat.com/security/cve/CVE-2025-22868[CVE-2025-22868]
+* link:https://access.redhat.com/security/cve/CVE-2025-27144[CVE-2025-27144]
+* link:https://access.redhat.com/security/cve/CVE-2025-29786[CVE-2025-29786]
+* link:https://access.redhat.com/security/cve/CVE-2025-30204[CVE-2025-30204]
+
 [id="otel_3-5_{context}"]
 == Release notes for {OTELName} 3.5