More CL notes for 1.6.2 (#10792)

* More CL notes for 1.6.2 * Update _2021Jan26.txt * Update _2021Jan26.txt
2025-11-01 19:17:58 +00:00 · 2021-01-27 12:03:20 -05:00
parent 1a2d560dad
commit b13ee323ab
1 changed files with 8 additions and 0 deletions
--- a/changelog/_2021Jan26.txt
+++ b/changelog/_2021Jan26.txt
@@ -0,0 +1,8 @@
+```release-note:security
+Limited Unauthenticated Remove Peer: As of Vault 1.6, the remove-peer command
+on DR secondaries did not require authentication. This issue impacts the
+stability of HA architecture, as a bad actor could remove all standby
+nodes from a DR
+secondary. This issue affects Vault Enterprise 1.6.0 and 1.6.1, and is fixed in
+1.6.2 (CVE-2021-3282).
+```