Merge commit '57e80ddafb7feaf0a7e3b01a325ed26e3f74278e'

documentation/configuration/metrics-configuration.md

@@ -1,5 +1,8 @@
 # Metrics Configuration
 
+> [!IMPORTANT]
+> See [Security Considerations](../security-considerations.md#prometheus-metrics) for important information regarding security for the metrics endpoint.
+
 ## Default Providers
 
 The `/metrics` route (and starting in 8.0, the `/livemetrics` route and `CollectLiveMetrics` actions) will collect metrics from the default providers. The default providers are:

documentation/releaseNotes/releaseNotes.v6.3.9.md

@@ -0,0 +1,7 @@
+Today we are releasing the 6.3.9 build of the `dotnet monitor` tool. This release includes:
+
+- Updated dependencies
+
+
+
+If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn).

documentation/releaseNotes/releaseNotes.v8.0.5.md

@@ -0,0 +1,8 @@
+Today we are releasing the 8.0.5 build of the `dotnet monitor` tool. This release includes:
+
+- Fixed an issue that could sometimes result in exceptions having incomplete stack information reported in exception history. ([#7395](https://github.com/dotnet/dotnet-monitor/pull/7395))
+- Fixed an issue that could sometimes result in exceptions not being reported in exception history. ([#7302](https://github.com/dotnet/dotnet-monitor/pull/7302))
+
+
+
+If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn).

documentation/releaseNotes/releaseNotes.v9.0.0-rc.2.md

@@ -0,0 +1,9 @@
+Today we are releasing the official 9.0.0 Release Candidate of the `dotnet monitor` tool. This release includes:
+
+- ⚠️ The `TenantId` property is now required when configuring `AzureAd` authentication. ([#7365](https://github.com/dotnet/dotnet-monitor/pull/7365))
+- Fixed an issue that could sometimes result in exceptions having incomplete stack information reported in exception history. ([#7342](https://github.com/dotnet/dotnet-monitor/pull/7342))
+- Fixed an issue that could sometimes result in exceptions not being reported in exception history. ([#7301](https://github.com/dotnet/dotnet-monitor/pull/7301))
+
+\*⚠️ **_indicates a breaking change_**
+
+If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn).

documentation/security-considerations.md

@@ -1,6 +1,3 @@
-> [!IMPORTANT]
-> This document is currently a work in progress.
-
 # Security Considerations
 
 ## Azure Active Directory Authentication (Entra ID)
@@ -33,4 +30,6 @@ $env:Egress__AzureBlobStorage__monitorBlob__AccountKey = "accountKey"; dotnet-mo
 
 For Kubernetes, a preferred alternative is to mount your secrets in the file system with restricted access - for more information and an example of how to do this, view the [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume). For additional information on how secrets work in Kubernetes, view the following [documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-secret).
 
-## Item 3
+## Prometheus Metrics
+
+By default, `dotnet-monitor` exposes [Prometheus](https://prometheus.io/docs/introduction/overview) metrics using http with an unauthenticated endpoint and no other artifacts are available on this unauthenticated endpoint. This is to support the default [scraping configuration](https://learn.microsoft.com/azure/azure-monitor/containers/container-insights-prometheus-logs?tabs=pod#tabpanel_1_pod). If your application contains custom metrics or tags, ensure that no sensitive data is being emitted in your metrics.