From: Neha Ojha <nojha@redhat.com>
Date: Wed, 16 Dec 2020 17:15:25 +0000 (+0000)
Subject: doc/releases/nautilus.rst: add release notes for 14.2.16
X-Git-Tag: v16.1.0~213^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e4b61aa71e22dacb86aa18116eb8ab32f24f4984;p=ceph.git

doc/releases/nautilus.rst: add release notes for 14.2.16

Signed-off-by: Neha Ojha <nojha@redhat.com>
---

diff --git a/doc/releases/nautilus.rst b/doc/releases/nautilus.rst
index be096999089a..e52285753fa6 100644
--- a/doc/releases/nautilus.rst
+++ b/doc/releases/nautilus.rst
@@ -1,3 +1,24 @@
+v14.2.16 Nautilus
+=================
+
+This is the 16th backport release in the Nautilus series. This release fixes a
+security flaw in CephFS. We recommend users to update to this release.
+
+Notable Changes
+---------------
+
+* CVE-2020-27781 : OpenStack Manila use of ceph_volume_client.py library allowed
+  tenant access to any Ceph credential's secret. (Kotresh Hiremath Ravishankar,
+  Ramana Raja)
+
+
+Changelog
+---------
+
+* pybind/ceph_volume_client: disallow authorize on existing auth ids (Kotresh
+  Hiremath Ravishankar, Ramana Raja)
+
+
 v14.2.15 Nautilus
 =================