From: Nathan Cutler <ncutler@suse.com>
Date: Sat, 1 Feb 2020 11:12:56 +0000 (+0100)
Subject: doc: release notes for Nautilus 14.2.7
X-Git-Tag: v15.1.1~570^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=08615ccba2a2d0be64487ae737826629117bc9c9;p=ceph-ci.git

doc: release notes for Nautilus 14.2.7

Signed-off-by: Nathan Cutler <ncutler@suse.com>
---

diff --git a/doc/releases/general.rst b/doc/releases/general.rst
index 3a81bf81799..fe6962f9e9d 100644
--- a/doc/releases/general.rst
+++ b/doc/releases/general.rst
@@ -122,6 +122,7 @@ Release timeline
 .. ceph_timeline:: releases.yml development nautilus mimic luminous kraken jewel infernalis hammer giant firefly emperor
 
 .. _Nautilus: ../nautilus
+.. _14.2.7: ../nautilus#v14-2-7-nautilus
 .. _14.2.6: ../nautilus#v14-2-6-nautilus
 .. _14.2.5: ../nautilus#v14-2-5-nautilus
 .. _14.2.4: ../nautilus#v14-2-4-nautilus
diff --git a/doc/releases/nautilus.rst b/doc/releases/nautilus.rst
index dd273c6bb1e..97245b56fc0 100644
--- a/doc/releases/nautilus.rst
+++ b/doc/releases/nautilus.rst
@@ -1,3 +1,19 @@
+v14.2.7 Nautilus
+================
+
+This is the seventh update to the Ceph Nautilus release series. This is
+a hotfix release primarily fixing a couple of security issues. We
+recommend that all users upgrade to this release.
+
+Notable Changes
+---------------
+
+* CVE-2020-1699: Fixed a path traversal flaw in Ceph dashboard that
+  could allow for potential information disclosure (Ernesto Puerta)
+* CVE-2020-1700: Fixed a flaw in RGW beast frontend that could lead to
+  denial of service from an unauthenticated client (Or Friedmann)
+
+
 v14.2.6 Nautilus
 ================
 
diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml
index 266cfb14d50..95c57831b6a 100644
--- a/doc/releases/releases.yml
+++ b/doc/releases/releases.yml
@@ -14,6 +14,8 @@
 releases:
   nautilus:
     releases:
+      - version: 14.2.7
+        released: 2020-01-31
       - version: 14.2.6
         released: 2020-01-09
       - version: 14.2.5