summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2018-07-10 16:24:42 -0700
committerTim Smith <tsmith@chef.io>2018-07-10 16:24:42 -0700
commitbb039d94e0737aad0721fa582cc36b5fa9b0761f (patch)
treee278774b727620ad7a161b17cf1d31239a1578e8
parent293eb409c165b0080178f378211dde1cbb81c916 (diff)
downloadchef-bb039d94e0737aad0721fa582cc36b5fa9b0761f.tar.gz
Add CVE we fixed to the 14.2 release notes
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r--RELEASE_NOTES.md6
1 files changed, 6 insertions, 0 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index f1be377c10..dbc44a93f3 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -274,6 +274,12 @@ The `ignore_failure` property takes a new argument, `:quiet`, to suppress the er
- The sysctl resource correctly handles missing keys when used with `ignore_error`
- --recipe-url apparently never worked on Windows. Now it does.
+## Security Updates
+
+### ffi Gem
+
+- CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS
+
# Ohai Release Notes 14.1:
## Configurable DMI Whitelist