Update docs release to v1.15.3

- Built changelog from towncrier fragments [skip ci]
2026-04-05 21:24:25 -07:00 · 2026-04-05 21:24:25 -07:00 · facb803010
commit facb803010
parent f9397b7fa0
8 changed files with 16 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 <!-- towncrier release notes start -->

+## [v1.15.3] - 2026-04-05
+
+### Infrastructure
+
+- Build Tempo container from source via forge mirror; bump 2.10.1 → 2.10.3
+- Pin NixOS service versions (forgejo-runner, snowflake, k3s) via `nixpkgs-services` overlay in ringtail flake, preventing silent upgrades from `nix flake update`. Add k3s and minikube to service-versions.yaml tracking. Fix stale nix-container-builder version (was 12.6.4, actually running 12.7.2).
+- Migrate Immich from Helm chart to kustomize manifests and upgrade from v2.5.6 to v2.6.3
+- Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880).
+
+### Documentation
+
+- First compensating control review: verified `single-user-cluster` still in effect. Added aspirational how-to card for PCI DSS evidence collection.
+- Prowler `--registry` fix merged upstream (PR #10470); initContainer workaround documented as pending release.
+
+
 ## [v1.15.2] - 2026-03-30

 ### Features
--- a/argocd/manifests/docs/deployment.yaml
+++ b/argocd/manifests/docs/deployment.yaml
@ -30,7 +30,7 @@ spec:
              name: http
          env:
            - name: DOCS_RELEASE_URL
-              value: "https://forge.eblu.me/eblume/blumeops/releases/download/v1.15.2/docs-v1.15.2.tar.gz"
+              value: "https://forge.eblu.me/eblume/blumeops/releases/download/v1.15.3/docs-v1.15.3.tar.gz"
          resources:
            requests:
              memory: "64Mi"
--- a/docs/changelog.d/+prowler-registry-fix-upstream.doc.md
+++ b/docs/changelog.d/+prowler-registry-fix-upstream.doc.md
@ -1 +0,0 @@
-Prowler `--registry` fix merged upstream (PR #10470); initContainer workaround documented as pending release.
--- a/docs/changelog.d/+review-single-user-cluster.doc.md
+++ b/docs/changelog.d/+review-single-user-cluster.doc.md
@ -1 +0,0 @@
-First compensating control review: verified `single-user-cluster` still in effect. Added aspirational how-to card for PCI DSS evidence collection.
--- a/docs/changelog.d/immich-kustomize-v2.6.3.infra.md
+++ b/docs/changelog.d/immich-kustomize-v2.6.3.infra.md
@ -1 +0,0 @@
-Migrate Immich from Helm chart to kustomize manifests and upgrade from v2.5.6 to v2.6.3
--- a/docs/changelog.d/local-tempo-container.infra.md
+++ b/docs/changelog.d/local-tempo-container.infra.md
@ -1 +0,0 @@
-Build Tempo container from source via forge mirror; bump 2.10.1 → 2.10.3
--- a/docs/changelog.d/pin-nixos-service-versions.infra.md
+++ b/docs/changelog.d/pin-nixos-service-versions.infra.md
@ -1 +0,0 @@
-Pin NixOS service versions (forgejo-runner, snowflake, k3s) via `nixpkgs-services` overlay in ringtail flake, preventing silent upgrades from `nix flake update`. Add k3s and minikube to service-versions.yaml tracking. Fix stale nix-container-builder version (was 12.6.4, actually running 12.7.2).
--- a/docs/changelog.d/upgrade-grafana-12.4.2.infra.md
+++ b/docs/changelog.d/upgrade-grafana-12.4.2.infra.md
@ -1 +0,0 @@
-Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880).
				`@ -1 +0,0 @@`
				Prowler `--registry` fix merged upstream (PR #10470); initContainer workaround documented as pending release.
				`@ -1 +0,0 @@`
				First compensating control review: verified `single-user-cluster` still in effect. Added aspirational how-to card for PCI DSS evidence collection.
				`@ -1 +0,0 @@`
				`Migrate Immich from Helm chart to kustomize manifests and upgrade from v2.5.6 to v2.6.3`
				`@ -1 +0,0 @@`
				`Build Tempo container from source via forge mirror; bump 2.10.1 → 2.10.3`
				`@ -1 +0,0 @@`
				Pin NixOS service versions (forgejo-runner, snowflake, k3s) via `nixpkgs-services` overlay in ringtail flake, preventing silent upgrades from `nix flake update`. Add k3s and minikube to service-versions.yaml tracking. Fix stale nix-container-builder version (was 12.6.4, actually running 12.7.2).
				`@ -1 +0,0 @@`
				`Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880).`