changelog++

2019-04-11 11:49:53 -04:00 · 2019-04-11 11:49:53 -04:00 · 8226001a17
parent 724d9f960c
commit 8226001a17
1 changed files with 3 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,9 @@ SECURITY:
   nodes is sufficient to cause the performance standby nodes to clear their
   cache. A CVE is in the process of being issued; the number is
   CVE-2019-11075.
+ * Roles in the JWT Auth backend using the OIDC login flow (i.e. role_type of
+   “oidc”) were not enforcing bound_cidrs restrictions, if any were configured
+   for the role. This issue did not affect roles of type “jwt”.

 CHANGES: