Merge pull request #8905 from Icinga/probot/sync-changelog/b881d799ffddbf4f9130130a627f6566cbabb796

CHANGELOG.md: add v2.11.10
2021-07-15 16:30:26 +02:00 · 2021-07-15 16:30:26 +02:00 · 421a2141a6
parent b881d799ff 54624292f2
commit 421a2141a6
1 changed files with 35 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -323,6 +323,41 @@ Thanks to all contributors:
  * Code quality fixes
  * Small documentation fixes

+## 2.11.10 (2021-07-15)
+
+Version 2.11.10 fixes two security vulnerabilities that may lead to privilege
+escalation for authenticated API users. Other improvements include several
+bugfixes related to downtimes, downtime notifications, and more reliable
+connection handling.
+
+### Security
+
+* Don't expose the PKI ticket salt via the API. This may lead to privilege
+  escalation for authenticated API users by them being able to request
+  certificates for other identities (CVE-2021-32739)
+* Don't expose IdoMysqlConnection, IdoPgsqlConnection, and ElasticsearchWriter
+  passwords via the API (CVE-2021-32743)
+* Windows: Update bundled OpenSSL to version 1.1.1k #8888
+
+Depending on your setup, manual intervention beyond installing the new versions
+may be required, so please read the more detailed information in the
+[release blog post](https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/)
+carefully.
+
+### Bugfixes
+
+* Don't send downtime end notification if downtime hasn't started #8878
+* Don't let a failed downtime creation block the others #8871
+* Support downtimes and comments for checkables with long names #8870
+* Trigger fixed downtimes immediately if the current time matches
+  (instead of waiting for the timer) #8891
+* Add configurable timeout for full connection handshake #8872
+
+### Enhancements
+
+* Replace existing downtimes on ScheduledDowntime change #8880
+* Improve crashlog #8869
+
 ## 2.11.9 (2021-05-27)

 Version 2.11.9 is a maintenance release that fixes some crashes, improves error handling