CHANGELOG.md: add v2.11.12

2025-09-26 11:08:51 +02:00 · 2024-11-14 15:53:46 +00:00 · 2024-11-14 15:53:46 +00:00 · c18338f837
commit c18338f837
parent 9c9af8e3e7
1 changed files with 9 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -749,6 +749,15 @@ Thanks to all contributors:
  * Code quality fixes
  * Small documentation fixes

+## 2.11.12 (2024-11-12)
+
+This security release fixes a TLS certificate validation bypass.
+Given the severity of that issue, users are advised to upgrade all nodes immediately.
+
+* Security: fix TLS certificate validation bypass. CVE-2024-49369
+* Security: update OpenSSL shipped on Windows to v3.0.15.
+* Windows: sign MSI packages with a certificate the OS trusts by default.
+
 ## 2.11.11 (2021-08-19)

 The main focus of these versions is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter and InfluxdbWriter.