Changelog notes for 1.6.2 (#10737)

2025-10-29 17:52:32 +00:00 · 2021-01-20 15:52:48 -05:00
parent 17182c7b6a
commit 5aa9047ff2
2 changed files with 20 additions and 0 deletions
--- a/changelog/_2021Jan20.txt
+++ b/changelog/_2021Jan20.txt
@@ -0,0 +1,12 @@
+```release-note:security
+Mount Path Disclosure: Vault previously returned different HTTP status codes for
+existent and non-existent mount paths. This behavior would allow unauthenticated
+brute force attacks to reveal which paths had valid mounts. This issue affects
+Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).
+```
+```release-note:security
+IP Address Disclosure: We fixed a vulnerability where, under some error
+conditions, Vault would return an error message disclosing internal IP
+addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
+1.6.2 (CVE-2021-3024).
+```
--- a/changelog/changelog.tmpl
+++ b/changelog/changelog.tmpl
@@ -14,6 +14,14 @@ SECURITY:
 {{ end -}}
 {{- end -}}

+{{- if .NotesByType.change }}
+CHANGES:
+
+{{range .NotesByType.change -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
 {{- if .NotesByType.feature -}}
 FEATURES: