More CL notes for 1.6.2 (#10792)
* More CL notes for 1.6.2 * Update _2021Jan26.txt * Update _2021Jan26.txt
This commit is contained in:
parent
d1241b5286
commit
4518d8a82f
|
@ -0,0 +1,8 @@
|
||||||
|
```release-note:security
|
||||||
|
Limited Unauthenticated Remove Peer: As of Vault 1.6, the remove-peer command
|
||||||
|
on DR secondaries did not require authentication. This issue impacts the
|
||||||
|
stability of HA architecture, as a bad actor could remove all standby
|
||||||
|
nodes from a DR
|
||||||
|
secondary. This issue affects Vault Enterprise 1.6.0 and 1.6.1, and is fixed in
|
||||||
|
1.6.2 (CVE-2021-3282).
|
||||||
|
```
|
Loading…
Reference in New Issue