Release Notes - 3.8.0

Please see our documentation page for more information on how to consume and deploy BigBang.\ This release was primarily tested on Kubernetes 1.33.4 (EKS).

Deprecations

HAProxy

• Big Bang team is planning to deprecate support for the HAProxy package in BigBang. If your team/project relies on the big bang HAProxy package, please let us know, either on the Big Bang community Slack, or P1 Mattermost or by creating an issue in the big bang backlog. This will help us ensure we account for all user needs going forward. If we do not receive any feedback, we will assume the software is no longer used, and will proceed with our plan to deprecate support and updates. As of this announcement, plans are to remove HAProxy from the Big Bang umbrella in 3.11

Fortify

• Big Bang team is planning to deprecate support for the Fortify package in Big Bang. Platform One has migrated away from using Fortify scans in pipelines in favor of GitLab SAST. If you are with a team or program actively using this package. Please reach out and let us know on the Big Bang community slack, MM IL2 or by creating an issue in the big bang backlog. As of this announcement, plans are to remove Fortify from the Big Bang umbrella in 3.11

Upgrade Notices

BigBang - MR

The passthrough helper is now disabled by default. To enable the helper, set .Values.disableAutomaticPassthroughValues to false. If you want to enable the helper globally but disable it for specific packages, set .Values.disableAutomaticPassthroughValues to false (to turn on the helper globally), then set it to true for each package where you don’t want the helper to be used.

---

Bbctl - MR

• The preflight check registry credentials have been removed from the baseConfig section of bbctl values.yaml
• Use the credentialsFile section to provide registry credentials instead
• The preflight check image is now configurable
• Provide the registry hostname in the registryOverrides config and the correct credentials, then set preflightCheck.image to the image and tag value the command will use to deploy as the pod.

---

Grafana - MR

There are two major upgrade notices 1) passthrough refactor and 2) upgrade job for redeploying immutable deployment.

Passthrough Refactor: The grafana chart has been refactored to the Big Bang “passthrough” chart pattern - please read this upgrade notice is its entirety. All upstream chart value overrides in ./chart/values.yaml will need to be shifted under the upstream key.

Example:

Previous Values:

grafana:
  values:
    image:
     registry: registry1.dso.mil
     repository: ironbank/big-bang/grafana/grafana-plugins
     tag: "12.1.0"
 ...

Current Values:

grafana:
  values:
    upstream:
      image:
      registry: registry1.dso.mil
      repository: ironbank/big-bang/grafana/grafana-plugins
      tag: "12.1.0"
 ...

Please note, this change does not apply to Big Bang-added top-level keys, including: istio, networkPolicies, serviceMonitor, monitoring, openshift, enterprise, alertmanager, sso, autoRollingUpgrade, and bbtests.

Upgrade Job for Immutable Deployment: As apart of the conversion to the Big Bang passthrough chart pattern, immutable labels/selectors have been updated and will require a recreation of the Grafana deployment resource. Big Bang has added a job to automatically handle this as a pre-upgrade helm hook but requires an additional value to be set: .Values.autoRollingUpgrade.enabled

grafana:
  enabled: true
  ...
  values:
    autoRollingUpgrade:
      enabled: true

Alternatively, you may manually delete the grafana deployment prior to upgrade using standard kubectl commands kubectl delete deploy -l app.kubernetes.io/name=grafana -n monitoring but do note that drift detection must be disabled on the monitoring helm release to avoid recreation.

---

Mimir - MR

The key mimir-distributed, will need to be changed to upstream in order to conform to new Big Bang passthrough chart standards.

Previous Values:

mimir-distributed:
 image:
 repository: registry1.dso.mil/ironbank/opensource/grafana/mimir
 tag: 2.17.0
 pullSecrets:
 - private-registry
 ...

Current Values:

upstream:
 image:
 repository: registry1.dso.mil/ironbank/opensource/grafana/mimir
 tag: 2.17.0
 pullSecrets:
 - private-registry
 ...

---

Minio - MR

This release of minio migrates the chart to the passthrough pattern.

Values overrides are now nested under the upstream key. For example:

addons:
  minio:
    values:
      tenant:
        pools:
        - name: pool-0
          servers: 3
          volumesPerServer: 4

becomes:

addons:
  minio:
    values:
      upstream:
        tenant:
          pools:
          - name: pool-0
            servers: 3
            volumesPerServer: 4

Labels have also slightly changed:

Old:

labels:
  app: minio
  app.kubernetes.io/name: minio

New:

labels:
  app.kubernetes.io/name: minio-instance

---

Minio Operator - MR

This release of Minio-Operator completely migrates the chart to pass-through pattern.

Values that were used to configure the minioOperator chart are now available under the upstream key:

addons:
  minioOperator:
    values:
      upstream:
        operator:
          env:
            - name: MINIO_OPERATOR_TLS_ENABLE
              value: "on"

---

Sonarqube - MR

The account configuration value has been deprecated in favor of using setAdminPassword. Please see upstream deprecation notice for more details and adjust your values accordingly.

---

Vault - MR

The Vault package is now using default, upstream behavior by no longer setting ha and raft to true.

If you are using ha, verify you have ha.enabled=true and raft.enabled=true in your overrides as needed. e.g.:

addons:
  vault:
    values:
      upstream:
        server:
          ha:
            enabled: true
            raft:
              enabled: true
              ...              

---

Upgrades from previous releases

If coming from a version pre-3.7.1, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-3.7.1.

Packages

Package	Type	Package Version	BB Version
Alloy	Core	v1.10.0	3.2.1-bb.2 🔗
Anchore Enterprise	Addon	5.20.2	3.14.2-bb.0
Argocd	Addon	v3.1.4	8.3.5-bb.0 🔗
Authservice	Addon	1.0.4	1.0.4-bb.5 🔗
Backstage	Addon	1.0.10	2.5.3-bb.1
Bbctl	Core	2.0.0	3.0.0-bb.0 🔗
Eck Operator	Core	3.1.0	3.1.0-bb.0
Elasticsearch Kibana	Core	Kibana: 9.1.3 Elasticsearch: 9.1.3	1.31.0-bb.0 🔗
External Secrets Operator	Addon	0.19.2	0.19.2-bb.2 🔗
Fluentbit	Core	4.0.8	0.52.0-bb.0
Fortify	Addon	25.2.1.0010	1.1.2320154-bb.34 🔗
Gatekeeper	Core	v3.19.1	3.19.1-bb.0
Gitlab	Addon	18.4.1	9.4.1-bb.0 🔗
Gitlab Runner	Addon	v18.3.0	0.80.1-bb.1 🔗
Grafana	Core	12.1.0	9.3.1-bb.2 🔗
Haproxy	Addon	v2.2.33	1.19.3-bb.10
Harbor	Addon	2.13.2	1.17.2-bb.3 🔗
Headlamp	Addon	0.35.0	0.35.0-bb.1 🔗
Istio Cni	Core	1.27.1	1.27.1-bb.0 🔗
Istio Crds	Core	1.27.1	1.27.1-bb.0 🔗
Istio Gateway	Core	1.27.1	1.27.1-bb.0 🔗
Istiod	Core	1.27.1	1.27.1-bb.0 🔗
Keycloak	Addon	26.1.4	7.0.1-bb.6
Kiali	Core	2.15.0	2.15.0-bb.0
Kyverno	Core	v1.15.1	3.5.1-bb.0
Kyverno Policies	Core	3.3.4	3.3.4-bb.13
Kyverno Reporter	Core	3.5.0	3.5.0-bb.0 🔗
Loki	Core	3.5.1	6.30.1-bb.5
Mattermost	Addon	10.12.0	10.12.0-bb.0 🔗
Mattermost Operator	Addon	1.25.1	1.25.1-bb.0 🔗
Metrics Server	Addon	v0.8.0	3.13.0-bb.0
Mimir	Addon	2.17.1	5.8.0-bb.1 🔗
Minio	Addon	RELEASE.2025-09-07T16-13-09Z	7.1.1-bb.9 🔗
Minio Operator	Addon	v7.1.1	7.1.1-bb.1 🔗
Monitoring	Core	Prometheus: 3.4.2 Grafana: 12.0.2 Alertmanager: 0.28.1	75.6.1-bb.5
Neuvector	Core	5.4.6	2.8.8-bb.1 🔗
Nexus Repository Manager	Addon	3.84.0-03	84.0.0-bb.0 🔗
Prometheus Operator Crds	Core	21.0.0	23.0.0-bb.0
Sonarqube	Addon	25.7.0.110598-community	2025.3.1-bb.0 🔗
Tempo	Core	Tempo: 2.7.2 Tempo Query: 2.7.2	1.21.1-bb.2
Thanos	Addon	v0.39.2	17.2.2-bb.0
Twistlock	Core	34.02.133	0.23.0-bb.0
Vault	Addon	1.20.3	0.30.1-bb.7 🔗
Velero	Addon	1.16.1	10.0.7-bb.1
Wrapper	Core	0.4.15	0.4.15

Changes in 3.8.0

Big Bang MRs

• !6899 Sonarqube upstream values template fix
• !6890 Grafana servicemonitor fix
• !6855 fix keycloak password templating
• !6854 Resolve “Bigbang Release 3.4.1 Vault configurations not applied.”
• !6852 (feature)Filter invalid metrics from Prometheus remote_write to Mimir
• !6849 feat: disable the helper by default
• !6848 fix(istio-gateway): disable automatic passthrough values
• !6840 SKIP UPGRADE CHECK refactor(loki tests): Test Loki SingleBinary(Monolithic) in Umbrella Pipelines
• !6778 Fix for vault prometheus

Alloy

• !6862: alloy update to 3.2.1-bb.2

  # Changelog Updates
  
  ## [3.2.1-bb.2] (2025-09-23)
  ### Added
  - Added additional runAs securityContext for alloy-operator container
  ### Changed
  - gluon updated from 0.7.0 to 0.9.1
  

Argocd

• !6822: argocd update to 8.3.5-bb.0

  # Changelog Updates
  
  ## [8.3.5-bb.0] (2025-09-05)
  ### Changed
  - Upgrade argo-cd helm chart 8.3.4 -> 8.3.5
  - ironbank/big-bang/argocd (source) 3.1.3 -> 3.1.4
  - gluon 0.8.4 -> 0.9.0
  

Bbctl

• !6835: bbctl update to 3.0.0-bb.0

  # Changelog Updates
  
  ## [3.0.0-bb.0] (2025-09-15)
  ### Changed
  - updated bbctl to application version 2.0.0
  - added new registry-override section to the app config to support custom container registries in multiple commands
  - added preflight check image override value to support custom image (defaults to registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.6 when empty)
  - removed preflight check credentials from app config
  - gluon updated from 0.8.0 to 0.9.0
  - updated registry1.dso.mil/ironbank/opensource/yq/yq (source) 4.47.1 -> 4.47.2
  
  ## [2.1.0-bb.2] (2025-08-16)
  ### Changed
  - gluon updated from 0.7.0 to 0.8.0
  

Elasticsearch Kibana

• !6815: elasticsearchKibana update to 1.31.0-bb.0

  # Changelog Updates
  
  ## [1.31.0-bb.0] (2025-09-10)
  ### Updated
  - gluon updated from 0.7.0 to 0.9.0
  - registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch 9.1.1 -> 9.1.3
  - registry1.dso.mil/ironbank/elastic/kibana/kibana 9.1.0 -> 9.1.3
  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.32.7 -> v1.33.5
  

External Secrets Operator

• !6839: externalSecrets update to 0.19.2-bb.2

  # Changelog Updates
  
  ## [0.19.2-bb.2] - 2025-09-09
  ### Changed
  - Updated gluon 0.8.4 -> 0.9.0
  
  ## [0.19.2-bb.1] - 2025-08-26
  ### Changed
  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.32.8 -> v1.33.4
  - Updated gluon 0.8.0 -> 0.8.4
  

Fortify

• !6825: fortify update to 1.1.2320154-bb.34

  # Changelog Updates
  
  ## [1.1.2320154-bb.34] - 2025-09-12
  ### Fixed
  - registry1.dso.mil/ironbank/google/golang/ubi9/golang-1.24.6 (source) -> 1.24.7
  

Gitlab

• !6887: gitlab update to 9.4.1-bb.0

  # Changelog Updates
  
  ## [9.4.1-bb.0] (2025-09-30)
  ### Changed
  - ironbank/gitlab/gitlab/gitlab-webservice (source) 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/certificates 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 18.3.2 -> 18.4.1
  - registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 18.3.2 -> 18.4.1
  

Gitlab Runner

• !6814: gitlabRunner update to 0.80.1-bb.1

  # Changelog Updates
  
  ## [0.80.1-bb.1] (2025-09-11)
  ### Changed
  - gluon 0.8.2 -> 0.9.0
  - ironbank/gitlab/gitlab-runner/gitlab-runner (source) v18.2.0 -> v18.3.0
  - ironbank/gitlab/gitlab-runner/gitlab-runner-helper (source) v18.2.0 -> v18.3.0
  - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner v18.2.0 -> v18.3.0
  - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper v18.2.0 -> v18.3.0
  
  ## [0.80.1-bb.0] (2025-09-11)
  ### Changed
  - Update gitlab-runner chart version minor v0.79.1 -> v0.80.1
  

Grafana

• !6804: grafana update to 9.3.1-bb.2 (Passthrough Update)

  # Changelog Updates
  
  ## [9.3.1-bb.2] (2025-08-21)
  ### Added
  - Added additional templates to `templates/bigbang/upgrade/9.3.1-bb.1` to automatically handle deletion of the Grafana deployment due to immutable
    fields for the 9.3.1-bb.1 chart upgrade
  ### Changed
  - Refactored chart to Big Bang passthrough chart pattern
  

Harbor

• !6816: harbor update to 1.17.2-bb.3

  # Changelog Updates
  
  ## [1.17.2-bb.3] (2025-09-11)
  ### Changed
  - gluon 0.8.2 -> 0.9.0
  - registry1.dso.mil/ironbank/bitnami/redis 8.2.0 -> 8.2.1
  - ironbank/bitnami/redis 8.2.0 -> 8.2.1
  - postgresql 16.7.26 -> 16.7.27
  

Headlamp

• !6869: headlamp update to 0.35.0-bb.1
• !6833: headlamp update to 0.35.0-bb.0

  # Changelog Updates
  
  ## [0.35.0-bb.1] (2025-09-25)
  ### Updated
  - Updated gluon 0.9.0 -> 0.9.1
  - Updated cypress (source) 15.0.0 -> 15.3.0
  
  ## [0.35.0-bb.0] (2025-09-15)
  ### Added
  - Updated chart to 0.35.0
  - gluon 0.8.4 -> 0.9.0
  - registry1.dso.mil/ironbank/opensource/headlamp-k8s/headlamp 0.34.0 -> 0.35.0
  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.33.4 -> v1.33.5
  - cypress (source) ^14.3.0 -> ^15.0.0
  
  ## [0.34.0-bb.3] (2025-09-03)
  

Istio Cni

• !6831: istiod, crd, gateway and cni update to 1.27.1-bb.0

  # Changelog Updates
  
  ## [1.27.1-bb.0] (2025-09-10)
  ### Changed
  - cni updated from 1.27.0 to 1.27.1
  

Istio Crds

• !6831: istiod, crd, gateway and cni update to 1.27.1-bb.0

  # Changelog Updates
  
  ## [1.27.1-bb.0] (2025-09-09)
  ### Changed
  - base updated from 1.27.0 to 1.27.1
  

Istio Gateway

• !6831: istiod, crd, gateway and cni update to 1.27.1-bb.0

  # Changelog Updates
  
  ## [1.27.1-bb.0] (2025-09-09)
  ### Changed
  - gateway updated from 1.27.0 to 1.27.1
  

Istiod

• !6831: istiod, crd, gateway and cni update to 1.27.1-bb.0

  # Changelog Updates
  
  ## [1.27.1-bb.0] (2025-09-11)
  ### Changed
  - istiod updated from 1.27.0 to 1.27.1
  

Kyverno Reporter

• !6843: kyvernoReporter update to 3.5.0-bb.0

  # Changelog Updates
  
  ## [3.5.0-bb.0] (2025-09-18)
  ### Changed
  - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter v3.4.2 -> v3.5.0
  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.33.4 -> v1.33.5
  - Updated policy-reporter subchart  3.4.2 -> 3.5.0
  - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter/kyverno-plugin v0.5.0 -> v0.5.1
  

Mattermost

• !6865: mattermost update to 10.12.0-bb.0

  # Changelog Updates
  
  ## [10.12.0-bb.0] (2025-09-24)
  ### Changed
  - gluon updated from 0.9.0 -> 0.9.1
  - Updated registry1.dso.mil/ironbank/opensource/mattermost/mattermost (source) 10.11.2 -> 10.12.0
  - Updated registry1.dso.mil/ironbank/opensource/minio/minio
  - Updated registry1.dso.mil/ironbank/opensource/minio/mc
  
  ## [10.11.2-bb.1] (2025-09-10)
  ### Changed
  - gluon updated from 0.8.4 to 0.9.0
  - Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl (source) v1.33.4 -> v1.33.5
  

Mattermost Operator

• !6827: mattermostOperator update to 1.25.1-bb.0

  # Changelog Updates
  
  ## [1.25.1-bb.0] (2025-09-10)
  ### Changed
  - registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator (source) v1.25.0 -> v1.25.1
  - registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator (source) 1.25.0 -> 1.25.1
  

Mimir

• !6842: mimir update to 5.8.0-bb.1
• !6829: mimir update to 5.8.0-bb.0

  # Changelog Updates
  
  ## [5.8.0-bb.1] (2025-09-16)
  ### Changed
  - Added upstream alias to mimir-distributed chart dependency to conform with Big Bang passthrough standards.
  
  ## [5.8.0-bb.0] (2025-09-09)
  ### Changed
  - mimir-distributed updated from 5.7.0 to 5.8.0
  - gluon 0.8.0 -> 0.9.0
  - mimir-distributed 5.7.0 -> 5.8.0
  - registry1.dso.mil/ironbank/opensource/grafana/mimir 2.17.0 -> 2.17.1
  - registry1.dso.mil/ironbank/opensource/grafana/rollout-operator v0.28.0 -> v0.29.0
  
  ## [5.7.0-bb.5] (2025-09-03)
  ### Changed
  - Added allow-egress-storage networkpolicy template to enable Mimir components to access S3 storage
  

Minio

• !6633: Implement minio passthrough pattern

  # Changelog Updates
  
  ## [7.1.1-bb.9] - 2025-09-18
  ### Changed
  - Reconfigured package for passthrough pattern
  - Fixed older image being pulled in with passthrough values
  - Removed duplicate upstream helpers
  - Updated registry1.dso.mil/ironbank/opensource/minio/mc (source) RELEASE.2025-04-16T18-13-26Z -> RELEASE.2025-08-13T08-35-41Z
  - Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl 1.30.11 -> 1.33.5
  - Updated gluon from 0.7.0 -> 0.9.0
  

Minio Operator

• !6834: minioOperator update to 7.1.1-bb.1

  # Changelog Updates
  
  ## [7.1.1-bb.1] (2025-08-28)
  ### Changed
  - Implement pass through
  

Neuvector

• !6870: neuvector update to 2.8.8-bb.1

  # Changelog Updates
  
  ## [2.8.8-bb.1] (2025-09-25)
  ### Changed
  - Updated Cypress health check test to use a deterministic fallback password.
  

Nexus Repository Manager

• !6828: nexusRepositoryManager update to 84.0.0-bb.0

  # Changelog Updates
  
  ## [84.0.0-bb.0] - 2025-09-15
  ### Changed
  - Updated Gluon 0.8.2 -> 0.9.0
  - ironbank/sonatype/nexus/nexus (source) 3.83.1-03 -> 3.84.0-03
  - registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.83.1-03 -> 3.84.0-03
  

Sonarqube

• !6837: sonarqube update to 2025.3.1-bb.0

  # Changelog Updates
  
  ## [2025.3.1-bb.0] - 2025-07-18
  ### Updated
  - sonarqube chart minor 2025.1.0 -> 2025.3.1
  - sonarqube app 25.1.0.102122-community -> 25.7.0.110598-community
  - gluon 0.5.14 -> 0.9.0
  

Vault

• !6860: vault update to 0.30.1-bb.7
• !6857: vault update to 0.30.1-bb.6

  # Changelog Updates
  
  ## [0.30.1-bb.7] - 2025-09-24
  ### Changed
  - Disabled ha and raft to align with upstream helm chart
  
  ### Changed
  - updated vault peer authentication
  

Known Issues

• bbctl Dashboards
• CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
• bbctl-violations-dashboard / bbctl-all-logs-dashboard(Violations Logs)
  • These items will not populate if you have too large of a kubernets cluster with too many violations. There is a limit to the amount of data that can be processed. If you hit this limit and need the information, you can still use the bbctl violations command to obtain the data.
• Headlamp
• An issue with the flux plugin being able to load certain menu items has been identified. This appears to be an issue with the javascript code used to create the plugin.
  • Menu items having an issue:
  • Kustomizations
  • HelmReleases
  • ImageAutomations
  • Notifications
• Attempting to login using OIDC will create a login ‘loop’. See upstream issue for further information.
• Keycloak Incorrect TLS secret name
• Keycloak’s default values.yaml template incorrectly referenced the TLS secret name, causing deployment issues. As a workaround, you could specify the correct secret names using extraVolumes (see example below). This issue is resolved in MR #6897 and will be included starting with Big Bang version 3.9.0.

  values:
    upstream:
      extraVolumes: |
        - name: tlscert
          secret:
            secretName: keycloak-keycloak-tlscert
        - name: tlskey
          secret:
            secretName: keycloak-keycloak-tlskey
  

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Mattermost channel
• Join our Slack
• Check out the documentation for guidance on how to get started
• feedback form

Future

Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.