diff --git a/CHANGELOG.md b/CHANGELOG.md index f808c2f5f..4a9509f28 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -967,6 +967,15 @@ Thanks to all contributors: * Code quality fixes * Small documentation fixes +## 2.11.12 (2024-11-12) + +This security release fixes a TLS certificate validation bypass. +Given the severity of that issue, users are advised to upgrade all nodes immediately. + +* Security: fix TLS certificate validation bypass. CVE-2024-49369 +* Security: update OpenSSL shipped on Windows to v3.0.15. +* Windows: sign MSI packages with a certificate the OS trusts by default. + ## 2.11.11 (2021-08-19) The main focus of these versions is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter and InfluxdbWriter.