Merge pull request #26312 from smithfarm/wip-luminous-cve

doc: mention CVEs in luminous v12.2.11 release notes Reviewed-By: Sage Weil <sage@redhat.com>
author: Abhishek L <abhishek.lekshmanan@gmail.com> 2019-02-07 14:51:43 +0100
committer: GitHub <noreply@github.com> 2019-02-07 14:51:43 +0100
commit: c6f171fc6c9703ccb9e3f919704c91a49e89a73d (patch)
tree: 4870009647d9cf96a020251edefef4009b62913f /doc
parent: Merge pull request #26098 from pritha-srivastava/wip-rgw-awsv4signature (diff)
parent: doc: mention CVEs in luminous v12.2.11 release notes (diff)
download: ceph-c6f171fc6c9703ccb9e3f919704c91a49e89a73d.tar.xz
ceph-c6f171fc6c9703ccb9e3f919704c91a49e89a73d.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/releases/luminous.rst b/doc/releases/luminous.rst
index c2844576483..5c265466b25 100644
--- a/doc/releases/luminous.rst
+++ b/doc/releases/luminous.rst
@@ -23,6 +23,12 @@ Notable Changes
   stale-instances list` and `reshard stale-instances rm` should do the necessary
   cleanup.
 
+* CVE-2018-14662: mon: limit caps allowed to access the config store
+
+* CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (`issue#35994 <http://tracker.ceph.com/issues/35994>`)
+
+* CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (`issue#37847 <http://tracker.ceph.com/issues/37847>`)
+
 Changelog
 ---------
author	Abhishek L <abhishek.lekshmanan@gmail.com>	2019-02-07 14:51:43 +0100
committer	GitHub <noreply@github.com>	2019-02-07 14:51:43 +0100
commit	c6f171fc6c9703ccb9e3f919704c91a49e89a73d (patch)
tree	4870009647d9cf96a020251edefef4009b62913f /doc
parent	Merge pull request #26098 from pritha-srivastava/wip-rgw-awsv4signature (diff)
parent	doc: mention CVEs in luminous v12.2.11 release notes (diff)
download	ceph-c6f171fc6c9703ccb9e3f919704c91a49e89a73d.tar.xz ceph-c6f171fc6c9703ccb9e3f919704c91a49e89a73d.zip