From 4518d8a82fd0d62f7440b8ef540264f0c7ca656b Mon Sep 17 00:00:00 2001
From: Meggie <meggie@hashicorp.com>
Date: Wed, 27 Jan 2021 12:03:20 -0500
Subject: [PATCH] More CL notes for 1.6.2 (#10792)

* More CL notes for 1.6.2

* Update _2021Jan26.txt

* Update _2021Jan26.txt
---
 changelog/_2021Jan26.txt | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 changelog/_2021Jan26.txt

diff --git a/changelog/_2021Jan26.txt b/changelog/_2021Jan26.txt
new file mode 100644
index 000000000..96506e916
--- /dev/null
+++ b/changelog/_2021Jan26.txt
@@ -0,0 +1,8 @@
+```release-note:security
+Limited Unauthenticated Remove Peer: As of Vault 1.6, the remove-peer command
+on DR secondaries did not require authentication. This issue impacts the
+stability of HA architecture, as a bad actor could remove all standby
+nodes from a DR
+secondary. This issue affects Vault Enterprise 1.6.0 and 1.6.1, and is fixed in
+1.6.2 (CVE-2021-3282).
+```