Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #59023 from Srivaralakshmi/GitOpsRN_1.6.7
Document GitOps Release Notes for 1.6.7
- Loading branch information
Showing
2 changed files
with
18 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
// Module included in the following assembly: | ||
// | ||
// * gitops/gitops-release-notes.adoc | ||
|
||
:_content-type: REFERENCE | ||
|
||
[id="gitops-release-notes-1-6-7_{context}"] | ||
= Release notes for {gitops-title} 1.6.7 | ||
|
||
{gitops-title} 1.6.7 is now available on {product-title} 4.8, 4.9, 4.10, and 4.11. | ||
|
||
[id="fixed-issues-1-6-7_{context}"] | ||
== Fixed issues | ||
The following issue has been resolved in the current release: | ||
|
||
* Before this update, all versions of the Argo CD Operator, starting with v0.5.0 were vulnerable to an information disclosure flaw. As a result, unauthorized users could enumerate application names by inspecting API error messages and use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges. This update fixes the CVE-2022-41354 error. link:https://issues.redhat.com/browse/GITOPS-2635[GITOPS-2635], link:https://access.redhat.com/security/cve/CVE-2022-41354[CVE-2022-41354] |