From e67964e870970f1797d1f357d1483a3071683496 Mon Sep 17 00:00:00 2001 From: Meggie Date: Wed, 20 Jan 2021 15:52:48 -0500 Subject: [PATCH] Changelog notes for 1.6.2 (#10737) --- changelog/_2021Jan20.txt | 12 ++++++++++++ changelog/changelog.tmpl | 8 ++++++++ 2 files changed, 20 insertions(+) create mode 100644 changelog/_2021Jan20.txt diff --git a/changelog/_2021Jan20.txt b/changelog/_2021Jan20.txt new file mode 100644 index 000000000..1ffaa8def --- /dev/null +++ b/changelog/_2021Jan20.txt @@ -0,0 +1,12 @@ +```release-note:security +Mount Path Disclosure: Vault previously returned different HTTP status codes for +existent and non-existent mount paths. This behavior would allow unauthenticated +brute force attacks to reveal which paths had valid mounts. This issue affects +Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594). +``` +```release-note:security +IP Address Disclosure: We fixed a vulnerability where, under some error +conditions, Vault would return an error message disclosing internal IP +addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in +1.6.2 (CVE-2021-3024). +``` diff --git a/changelog/changelog.tmpl b/changelog/changelog.tmpl index 6f5183e85..4f2c9d2d0 100644 --- a/changelog/changelog.tmpl +++ b/changelog/changelog.tmpl @@ -14,6 +14,14 @@ SECURITY: {{ end -}} {{- end -}} +{{- if .NotesByType.change }} +CHANGES: + +{{range .NotesByType.change -}} +* {{ template "note" . }} +{{ end -}} +{{- end -}} + {{- if .NotesByType.feature -}} FEATURES: