From 57e80ddafb7feaf0a7e3b01a325ed26e3f74278e Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 09:10:13 -0700
Subject: [PATCH] sync non-code with origin/main (#7437)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 documentation/configuration/metrics-configuration.md   | 3 +++
 documentation/releaseNotes/releaseNotes.v6.3.9.md      | 7 +++++++
 documentation/releaseNotes/releaseNotes.v8.0.5.md      | 8 ++++++++
 documentation/releaseNotes/releaseNotes.v9.0.0-rc.2.md | 9 +++++++++
 documentation/security-considerations.md               | 7 +++----
 5 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 documentation/releaseNotes/releaseNotes.v6.3.9.md
 create mode 100644 documentation/releaseNotes/releaseNotes.v8.0.5.md
 create mode 100644 documentation/releaseNotes/releaseNotes.v9.0.0-rc.2.md

diff --git a/documentation/configuration/metrics-configuration.md b/documentation/configuration/metrics-configuration.md
index 49c85fd44e0..6087b4ec6bf 100644
--- a/documentation/configuration/metrics-configuration.md
+++ b/documentation/configuration/metrics-configuration.md
@@ -1,5 +1,8 @@
 # Metrics Configuration
 
+> [!IMPORTANT]
+> See [Security Considerations](../security-considerations.md#prometheus-metrics) for important information regarding security for the metrics endpoint.
+
 ## Default Providers
 
 The `/metrics` route (and starting in 8.0, the `/livemetrics` route and `CollectLiveMetrics` actions) will collect metrics from the default providers. The default providers are:
diff --git a/documentation/releaseNotes/releaseNotes.v6.3.9.md b/documentation/releaseNotes/releaseNotes.v6.3.9.md
new file mode 100644
index 00000000000..0ae50f54cf4
--- /dev/null
+++ b/documentation/releaseNotes/releaseNotes.v6.3.9.md
@@ -0,0 +1,7 @@
+Today we are releasing the 6.3.9 build of the `dotnet monitor` tool. This release includes:
+
+- Updated dependencies
+
+
+
+If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn).
\ No newline at end of file
diff --git a/documentation/releaseNotes/releaseNotes.v8.0.5.md b/documentation/releaseNotes/releaseNotes.v8.0.5.md
new file mode 100644
index 00000000000..86855a86fb9
--- /dev/null
+++ b/documentation/releaseNotes/releaseNotes.v8.0.5.md
@@ -0,0 +1,8 @@
+Today we are releasing the 8.0.5 build of the `dotnet monitor` tool. This release includes:
+
+- Fixed an issue that could sometimes result in exceptions having incomplete stack information reported in exception history. ([#7395](https://github.com/dotnet/dotnet-monitor/pull/7395))
+- Fixed an issue that could sometimes result in exceptions not being reported in exception history. ([#7302](https://github.com/dotnet/dotnet-monitor/pull/7302))
+
+
+
+If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn).
\ No newline at end of file
diff --git a/documentation/releaseNotes/releaseNotes.v9.0.0-rc.2.md b/documentation/releaseNotes/releaseNotes.v9.0.0-rc.2.md
new file mode 100644
index 00000000000..e6b110b5be3
--- /dev/null
+++ b/documentation/releaseNotes/releaseNotes.v9.0.0-rc.2.md
@@ -0,0 +1,9 @@
+Today we are releasing the official 9.0.0 Release Candidate of the `dotnet monitor` tool. This release includes:
+
+- ⚠️ The `TenantId` property is now required when configuring `AzureAd` authentication. ([#7365](https://github.com/dotnet/dotnet-monitor/pull/7365))
+- Fixed an issue that could sometimes result in exceptions having incomplete stack information reported in exception history. ([#7342](https://github.com/dotnet/dotnet-monitor/pull/7342))
+- Fixed an issue that could sometimes result in exceptions not being reported in exception history. ([#7301](https://github.com/dotnet/dotnet-monitor/pull/7301))
+
+\*⚠️ **_indicates a breaking change_**
+
+If you would like to provide additional feedback to the team [please fill out this survey](https://aka.ms/dotnet-monitor-survey?src=rn).
\ No newline at end of file
diff --git a/documentation/security-considerations.md b/documentation/security-considerations.md
index 13e2d37f67f..c2242494809 100644
--- a/documentation/security-considerations.md
+++ b/documentation/security-considerations.md
@@ -1,6 +1,3 @@
-> [!IMPORTANT]
-> This document is currently a work in progress.
-
 # Security Considerations
 
 ## Azure Active Directory Authentication (Entra ID)
@@ -33,4 +30,6 @@ $env:Egress__AzureBlobStorage__monitorBlob__AccountKey = "accountKey"; dotnet-mo
 
 For Kubernetes, a preferred alternative is to mount your secrets in the file system with restricted access - for more information and an example of how to do this, view the [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume). For additional information on how secrets work in Kubernetes, view the following [documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-secret).
 
-## Item 3
+## Prometheus Metrics
+
+By default, `dotnet-monitor` exposes [Prometheus](https://prometheus.io/docs/introduction/overview) metrics using http with an unauthenticated endpoint and no other artifacts are available on this unauthenticated endpoint. This is to support the default [scraping configuration](https://learn.microsoft.com/azure/azure-monitor/containers/container-insights-prometheus-logs?tabs=pod#tabpanel_1_pod). If your application contains custom metrics or tags, ensure that no sensitive data is being emitted in your metrics.