luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Changelog notes for 1.6.2 (#10737)

This commit is contained in:
Meggie 2021-01-20 15:52:48 -05:00 committed by GitHub
parent e4a457f47f
commit e67964e870
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
changelog/_2021Jan20.txt Normal file
View File

@ -0,0 +1,12 @@
```release-note:security
Mount Path Disclosure: Vault previously returned different HTTP status codes for
existent and non-existent mount paths. This behavior would allow unauthenticated
brute force attacks to reveal which paths had valid mounts. This issue affects
Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).
```
```release-note:security
IP Address Disclosure: We fixed a vulnerability where, under some error
conditions, Vault would return an error message disclosing internal IP
addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
1.6.2 (CVE-2021-3024).
```

8
changelog/changelog.tmpl
View File

@ -14,6 +14,14 @@ SECURITY:
{{ end -}} {{ end -}}
{{- end -}} {{- end -}}
{{- if .NotesByType.change }}
CHANGES:
{{range .NotesByType.change -}}
* {{ template "note" . }}
{{ end -}}
{{- end -}}
{{- if .NotesByType.feature -}} {{- if .NotesByType.feature -}}
FEATURES: FEATURES: