From: David Galloway Date: Thu, 13 May 2021 18:59:43 +0000 (-0400) Subject: doc: 15.2.12 Release Notes X-Git-Tag: v17.1.0~1973^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=268a826b5a086dd39a885fb5bc69356522aa6fd6;p=ceph-ci.git doc: 15.2.12 Release Notes Signed-off-by: David Galloway --- diff --git a/doc/releases/index.rst b/doc/releases/index.rst index 870e8ede666..cfa393ec3f7 100644 --- a/doc/releases/index.rst +++ b/doc/releases/index.rst @@ -66,6 +66,7 @@ Release timeline .. _16.2.0: pacific#v16-2-0-pacific .. _Octopus: octopus +.. _15.2.12: octopus#v15-2-12-octopus .. _15.2.11: octopus#v15-2-11-octopus .. _15.2.10: octopus#v15-2-10-octopus .. _15.2.9: octopus#v15-2-9-octopus diff --git a/doc/releases/octopus.rst b/doc/releases/octopus.rst index fd2e5e73510..3738d3eae06 100644 --- a/doc/releases/octopus.rst +++ b/doc/releases/octopus.rst @@ -5,6 +5,19 @@ Octopus Octopus is the 15th stable release of Ceph. It is named after an order of 8-limbed cephalopods. +v15.2.12 Octopus +================ + +This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. + +Changelog +--------- + +* mgr/dashboard: fix base-href: revert it to previous approach (`issue#50684 `_, Avan Thakkar) +* mgr/dashboard: fix cookie injection issue (:ref:`CVE-2021-3509`, Ernesto Puerta) +* rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (:ref:`CVE-2021-3531`, Felix Huettner) +* rgw: sanitize \r in s3 CORSConfiguration's ExposeHeader (:ref:`CVE-2021-3524`, Sergey Bobrov, Casey Bodley) + v15.2.11 Octopus ================ diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml index c78c8fb3327..dd35a62c65e 100644 --- a/doc/releases/releases.yml +++ b/doc/releases/releases.yml @@ -29,6 +29,8 @@ releases: octopus: target_eol: 2022-06-01 releases: + - version: 15.2.12 + released: 2021-05-13 - version: 15.2.11 released: 2021-04-19 - version: 15.2.10