Created version 5.3

Version 5.3 created with the following exhaustive list of upstream commits merged:
246089b
47bf069
75fc866
db7853b
04ae8aa
ee4d0bd
e046a2c
dc48512
0ee1de7
7d08908
d795211
fc94a3d
34400a6
f25a7f5
678a714

docs/01.basics/01.basics.md

@@ -13,9 +13,9 @@ slug: /
 
 The images are on the NeuVector Docker Hub registry. Use the appropriate version tag for the manager, controller, enforcer, and leave the version as 'latest' for scanner and updater. For example:
 
-+ neuvector/manager:5.2.0
-+ neuvector/controller:5.2.0
-+ neuvector/enforcer:5.2.0
++ neuvector/manager:5.3.0
++ neuvector/controller:5.3.0
++ neuvector/enforcer:5.3.0
 + neuvector/scanner:latest
 + neuvector/updater:latest
 
@@ -27,6 +27,10 @@ If deploying with the current NeuVector Helm chart (v1.8.9+), the following chan
 + Update image names/tags to the appropriate version on Docker hub, as shown above
 + Leave the imagePullSecrets empty
 
+<strong>NeuVector Images on Rancher Registry </strong>
+
+NeuVector images are also mirrored to the Rancher registry for deployment from Rancher. Please see the [Rancher Deployment](deploying/rancher) section for more information. Please allow a few days after every release for the images to be mirrored to the Rancher Registry.
+
 If upgrading from NeuVector 4.x, please see these <a href="/releasenotes/5x#upgrading-from-neuvector-4x-to-5x">instructions.</a>
 
 <table class="htmltable">	

docs/01.basics/02.requirements/02.requirements.md

@@ -20,8 +20,9 @@ slug: /basics/requirements
 #### Supported Platforms
 
 * Officially supported linux distributions, SUSE Linux, Ubuntu, CentOS/Red Hat (Including all RHEL version e.g. 6/7/8), Debian, Rancher OS, CoreOS, AWS 'Bottlerocket'(see Note below) and Photon.
+* AMD64 and Arm architectures
 * CoreOS is supported (November 2023) for CVE scanning through RHEL mapping table provided by RedHat. Once an official feed is published by RedHat for CoreOS it will be supported.
-* Officially supported Kubernetes and Docker compliant container management systems. The following platforms are tested with every release of NeuVector: Kubernetes 1.19+, SUSE Rancher (RKE, RKE2, K3s etc), RedHat OpenShift 4.6+ (3.x to 4.12 supported prior to NeuVector 5.2.x), Google GKE, Amazon EKS, Microsoft Azure AKS, IBM IKS, native docker, docker swarm. The following Kubernetes and docker compliant platforms are supported and have been verified to work with NeuVector: VMware Photon and Tanzu, SUSE CaaS, Oracle OKE, Mirantis Kubernetes Engine, Nutanix Kubernetes Engine, docker UCP/DataCenter, docker Cloud.
+* Officially supported Kubernetes and Docker compliant container management systems. The following platforms are tested with every release of NeuVector: Kubernetes 1.19-1.29, SUSE Rancher (RKE, RKE2, K3s etc), RedHat OpenShift 4.6-4.13 (3.x to 4.12 supported prior to NeuVector 5.2.x), Google GKE, Amazon EKS, Microsoft Azure AKS, IBM IKS, native docker, docker swarm. The following Kubernetes and docker compliant platforms are supported and have been verified to work with NeuVector: VMware Photon and Tanzu, SUSE CaaS, Oracle OKE, Mirantis Kubernetes Engine, Nutanix Kubernetes Engine, docker UCP/DataCenter, docker Cloud.
 * Docker run-time version: 1.9.0 and up; Docker API version: 1.21, CE and EE.
 * Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). See changes required for Containerd in the Kubernetes deployment section and CRI-O in the OpenShift deployment section.
 * NeuVector is compatible with most commercially supported CNI's. Officially tested and supported are openshift ovs (subnet/multitenant), calico, flannel, cilium, antrea and public clouds (gke, aks, iks, eks).
@@ -36,7 +37,6 @@ AWS Bottlerocket Note: Must change path of the containerd socket specific to Bot
 * AWS ECS is no longer supported. (NOTE: No functionality has been actively removed for operating NeuVector on ECS deployments. However, testing on ECS is no longer being perfromed by SUSE. While protecting ECS worlloads with Neuvector likely will operate as expected, issues will not be investigated.)
 * Docker on Mac
 * Docker on Windows
-* ARM architectire is not currently supported, but being worked on for future releases.
 * Rkt (container linux) from CoreOS
 * AppArmor on K3S / SLES environments. Certain configurations may conflict with NeuVector and cause scanner errors; AppArmor should be disabled when deploying NeuVector.
 * IPv6 is not supported

docs/02.deploying/01.production/01.configmap/01.configmap.md

@@ -13,7 +13,7 @@ The 'always_reload: true' setting can be added in any ConfigMap yaml to force re
 
 #### Complete Sample NeuVector ConfigMap (initcfg.yaml)
 
-The latest ConfigMap can be found [here](https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.2.0/initcfg.yaml).
+The latest ConfigMap can be found [here](https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.3.0/initcfg.yaml).
 
 The sample is also shown below. This contains all the settings available. Please remove the sections not needed and edit the sections needed. Note: If using configmap in a secret, see section below for formatting changes.
 

docs/02.deploying/01.production/01.production.md

@@ -17,9 +17,9 @@ If you haven’t done so, pull the images from the NeuVector Docker Hub.
 
 The images are on the NeuVector Docker Hub registry. Use the appropriate version tag for the manager, controller, enforcer, and leave the version as 'latest' for scanner and updater. For example:
 
-+ neuvector/manager:5.2.0
-+ neuvector/controller:5.2.0
-+ neuvector/enforcer:5.2.0
++ neuvector/manager:5.3.0
++ neuvector/controller:5.3.0
++ neuvector/enforcer:5.3.0
 + neuvector/scanner:latest
 + neuvector/updater:latest
 

docs/02.deploying/01.production/02.operators/02.operators.md

@@ -24,7 +24,7 @@ oc delete rolebinding -n neuvector system:openshift:scc:privileged
 ```
 
 :::warning important
-NeuVector Certified Operator versions are tied to NeuVector product versions, and each new version must go through a certification process with Red Hat before being published. Certified operator version 1.3.9 is tied to NeuVector version 5.2.0. Certified operator version 1.3.7 is tied to NeuVector version 5.1.0. Version 1.3.4 operator version is tied to NeuVector 5.0.0. If you wish to be able to change the version tags of the NeuVector containers deployed, please use the Community version.
+NeuVector Certified Operator versions are tied to NeuVector product versions, and each new version must go through a certification process with Red Hat before being published. Certified operator version for 5.3.x is tied to helm version 2.7.2 and NeuVector app version 5.3.0. Certified operator version 1.3.9 is tied to NeuVector version 5.2.0. Certified operator version 1.3.7 is tied to NeuVector version 5.1.0. Version 1.3.4 operator version is tied to NeuVector 5.0.0. If you wish to be able to change the version tags of the NeuVector containers deployed, please use the Community version.
 :::
 
 <details>

docs/02.deploying/01.production/03.details/03.details.md

@@ -44,6 +44,9 @@ slug: /deploying/production/details
 * NO_DEFAULT_ADMIN 
 > (Optional) When enabled does not create an 'admin' user in the local cluster. This is used for Rancher SSO integration as the default. If not enabled, persistently warn the user and record events to change the default admin password if it is not changed from default.
 
+* CTRL_EN_ICMP_POLICY
+> (Optional) When enabled (value=1) icmp traffic can be learned in discover mode, and policy can be generated. If there is no network policy in monitor or protect mode for the group, an implicit violation will be generated for icmp traffic.
+
 ##### Manager
 
 * CTRL_SERVER_IP