Merge pull request #7453 from chef/backdate_cve

Add CVE we fixed to the 14.2 release notes
author: Tim Smith <tsmith@chef.io> 2018-07-11 08:16:55 -0700
committer: GitHub <noreply@github.com> 2018-07-11 08:16:55 -0700
commit: feee4070b49e7581529b789be2731d874fd14edc (patch)
tree: 5981064e70e356a695ce2923a9adcf0ea8c3d544
parent: fec928e2d60c7b258d55db20d544e973aeaaeddf (diff)
parent: bb039d94e0737aad0721fa582cc36b5fa9b0761f (diff)
download: chef-feee4070b49e7581529b789be2731d874fd14edc.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index f1be377c10..dbc44a93f3 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -274,6 +274,12 @@ The `ignore_failure` property takes a new argument, `:quiet`, to suppress the er
 - The sysctl resource correctly handles missing keys when used with `ignore_error`
 - --recipe-url apparently never worked on Windows. Now it does.
 
+## Security Updates
+
+### ffi Gem
+
+- CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS
+
 # Ohai Release Notes 14.1:
 
 ## Configurable DMI Whitelist
author	Tim Smith <tsmith@chef.io>	2018-07-11 08:16:55 -0700
committer	GitHub <noreply@github.com>	2018-07-11 08:16:55 -0700
commit	feee4070b49e7581529b789be2731d874fd14edc (patch)
tree	5981064e70e356a695ce2923a9adcf0ea8c3d544
parent	fec928e2d60c7b258d55db20d544e973aeaaeddf (diff)
parent	bb039d94e0737aad0721fa582cc36b5fa9b0761f (diff)
download	chef-feee4070b49e7581529b789be2731d874fd14edc.tar.gz