doc: 15.2.12 Release Notes

author David Galloway <dgallowa@redhat.com>

Thu, 13 May 2021 18:59:43 +0000 (14:59 -0400)

committer Sage Weil <sage@newdream.net>

Thu, 13 May 2021 22:28:27 +0000 (17:28 -0500)
author David Galloway <dgallowa@redhat.com>
Thu, 13 May 2021 18:59:43 +0000 (14:59 -0400)
committer Sage Weil <sage@newdream.net>
Thu, 13 May 2021 22:28:27 +0000 (17:28 -0500)
diff --git a/doc/releases/index.rst b/doc/releases/index.rst

index 870e8ede666f8a3a1bda9e1616569236be488b2c..cfa393ec3f7351c5ca1b923825b4847638c78c98 100644 (file)
--- a/doc/releases/index.rst
+++ b/doc/releases/index.rst
@@ -66,6 +66,7 @@ Release timeline
  .. _16.2.0: pacific#v16-2-0-pacific
  
  .. _Octopus: octopus
+.. _15.2.12: octopus#v15-2-12-octopus
  .. _15.2.11: octopus#v15-2-11-octopus
  .. _15.2.10: octopus#v15-2-10-octopus
  .. _15.2.9: octopus#v15-2-9-octopus
diff --git a/doc/releases/octopus.rst b/doc/releases/octopus.rst

index fd2e5e735106ae32aedb13e44f97dd1017e0ac10..3738d3eae066844edfad52d49fab8e37648dd8e9 100644 (file)
--- a/doc/releases/octopus.rst
+++ b/doc/releases/octopus.rst
@@ -5,6 +5,19 @@ Octopus
  Octopus is the 15th stable release of Ceph.  It is named after an
  order of 8-limbed cephalopods.
  
+v15.2.12 Octopus
+================
+
+This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
+
+Changelog
+---------
+
+* mgr/dashboard: fix base-href: revert it to previous approach (`issue#50684 <https://tracker.ceph.com/issues/50684>`_, Avan Thakkar)
+* mgr/dashboard: fix cookie injection issue (:ref:`CVE-2021-3509`, Ernesto Puerta)
+* rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (:ref:`CVE-2021-3531`, Felix Huettner)
+* rgw: sanitize \r in s3 CORSConfiguration's ExposeHeader (:ref:`CVE-2021-3524`, Sergey Bobrov, Casey Bodley)
+
  
  v15.2.11 Octopus
  ================
diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml

index c78c8fb33275ffd03fce37973f87b69d75d74d9d..dd35a62c65e736b256ce00a7128499faf2619475 100644 (file)
--- a/doc/releases/releases.yml
+++ b/doc/releases/releases.yml
@@ -29,6 +29,8 @@ releases:
    octopus:
      target_eol: 2022-06-01
      releases:
+      - version: 15.2.12
+        released: 2021-05-13
        - version: 15.2.11
          released: 2021-04-19
        - version: 15.2.10
author	David Galloway <dgallowa@redhat.com>
	Thu, 13 May 2021 18:59:43 +0000 (14:59 -0400)
committer	Sage Weil <sage@newdream.net>
	Thu, 13 May 2021 22:28:27 +0000 (17:28 -0500)
doc/releases/index.rst		patch \| blob \| history
doc/releases/octopus.rst		patch \| blob \| history
doc/releases/releases.yml		patch \| blob \| history