From: Nathan Cutler <ncutler@suse.com>
Date: Thu, 7 Feb 2019 09:52:35 +0000 (+0100)
Subject: doc: mention CVEs in luminous v12.2.11 release notes
X-Git-Tag: v14.1.0~187^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F26312%2Fhead;p=ceph.git

doc: mention CVEs in luminous v12.2.11 release notes

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Signed-off-by: Nathan Cutler <ncutler@suse.com>
---

diff --git a/doc/releases/luminous.rst b/doc/releases/luminous.rst
index c2844576483f..5c265466b250 100644
--- a/doc/releases/luminous.rst
+++ b/doc/releases/luminous.rst
@@ -23,6 +23,12 @@ Notable Changes
   stale-instances list` and `reshard stale-instances rm` should do the necessary
   cleanup.
 
+* CVE-2018-14662: mon: limit caps allowed to access the config store
+
+* CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (`issue#35994 <http://tracker.ceph.com/issues/35994>`)
+
+* CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (`issue#37847 <http://tracker.ceph.com/issues/37847>`)
+
 Changelog
 ---------