Skip to content

Commit 87f47c2

Browse files
authored
changelog++
Updated with CVE numbers for 1.4.2 and 1.3.6.
1 parent 01a682a commit 87f47c2

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

CHANGELOG.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,8 @@ BUG FIXES:
2929
## 1.4.2 (May 21st, 2020)
3030

3131
SECURITY:
32-
* core: proxy environment variables are now redacted before being logged, in case the URLs include a username:password [[GH-9022](https://github.com/hashicorp/vault/pull/9022)]
32+
* core: proxy environment variables are now redacted before being logged, in case the URLs include a username:password. This vulnerability, CVE-2020-13223, is fixed in 1.3.6 and 1.4.2, but affects 1.4 and 1.4.2, as well as older versions of Vault [[GH-9022](https://github.com/hashicorp/vault/pull/9022)]
33+
* secrets/gcp: Fix a regression in 1.4.0 where the system TTLs were being used instead of the configured backend TTLs for dynamic service accounts. This vulnerability is CVE-2020-12757. [[GH-85](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/85)]
3334

3435
IMPROVEMENTS:
3536

@@ -216,7 +217,7 @@ BUG FIXES:
216217
## 1.3.6 (May 21st, 2020)
217218

218219
SECURITY:
219-
* core: proxy environment variables are now redacted before being logged, in case the URLs include a username:password [[GH-9022](https://github.com/hashicorp/vault/pull/9022)]
220+
* core: proxy environment variables are now redacted before being logged, in case the URLs include a username:password. This vulnerability, CVE-2020-13223, is fixed in 1.3.6 and 1.4.2, but affects 1.4 and 1.4.2, as well as older versions of Vault [[GH-9022](https://github.com/hashicorp/vault/pull/9022)]
220221

221222
BUG FIXES:
222223

0 commit comments

Comments
 (0)