From 8226001a17055d3d696d6d8d873e73db01b4eeba Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 11 Apr 2019 11:49:53 -0400 Subject: [PATCH] changelog++ --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b87a8390..1f4f5801a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,9 @@ SECURITY: nodes is sufficient to cause the performance standby nodes to clear their cache. A CVE is in the process of being issued; the number is CVE-2019-11075. + * Roles in the JWT Auth backend using the OIDC login flow (i.e. role_type of + “oidc”) were not enforcing bound_cidrs restrictions, if any were configured + for the role. This issue did not affect roles of type “jwt”. CHANGES: