doc: mention CVEs in luminous v12.2.11 release notes

author Nathan Cutler <ncutler@suse.com>

Thu, 7 Feb 2019 09:52:35 +0000 (10:52 +0100)

committer Nathan Cutler <ncutler@suse.com>

Thu, 7 Feb 2019 10:04:59 +0000 (11:04 +0100)
author Nathan Cutler <ncutler@suse.com>
Thu, 7 Feb 2019 09:52:35 +0000 (10:52 +0100)
committer Nathan Cutler <ncutler@suse.com>
Thu, 7 Feb 2019 10:04:59 +0000 (11:04 +0100)
diff --git a/doc/releases/luminous.rst b/doc/releases/luminous.rst

index c2844576483fcb6579d63394c7b98746712adaea..5c265466b2505e5159eefbba31d3fbeacf7a13f2 100644 (file)
--- a/doc/releases/luminous.rst
+++ b/doc/releases/luminous.rst
@@ -23,6 +23,12 @@ Notable Changes
    stale-instances list` and `reshard stale-instances rm` should do the necessary
    cleanup.
  
+* CVE-2018-14662: mon: limit caps allowed to access the config store
+
+* CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (`issue#35994 <http://tracker.ceph.com/issues/35994>`)
+
+* CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (`issue#37847 <http://tracker.ceph.com/issues/37847>`)
+
  Changelog
  ---------
author	Nathan Cutler <ncutler@suse.com>
	Thu, 7 Feb 2019 09:52:35 +0000 (10:52 +0100)
committer	Nathan Cutler <ncutler@suse.com>
	Thu, 7 Feb 2019 10:04:59 +0000 (11:04 +0100)