Merge pull request #10229 from Icinga/probot/sync-changelog/master/67175c43c0c09dfba50bed8eff33a66c4b37062d

CHANGELOG.md: add v2.11.12
This commit is contained in:
Alexander Aleksandrovič Klimov 2024-11-12 18:46:05 +01:00 committed by GitHub
commit 1d37a60d1b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions

View File

@ -967,6 +967,15 @@ Thanks to all contributors:
* Code quality fixes * Code quality fixes
* Small documentation fixes * Small documentation fixes
## 2.11.12 (2024-11-12)
This security release fixes a TLS certificate validation bypass.
Given the severity of that issue, users are advised to upgrade all nodes immediately.
* Security: fix TLS certificate validation bypass. CVE-2024-49369
* Security: update OpenSSL shipped on Windows to v3.0.15.
* Windows: sign MSI packages with a certificate the OS trusts by default.
## 2.11.11 (2021-08-19) ## 2.11.11 (2021-08-19)
The main focus of these versions is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter and InfluxdbWriter. The main focus of these versions is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter and InfluxdbWriter.