From 60e2a38067a6e5ab44e02a88b8efbdb69d2a8004 Mon Sep 17 00:00:00 2001 From: Jack Pearkes Date: Thu, 6 Dec 2018 19:15:44 -0800 Subject: [PATCH] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eafb032be..077553b2e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## 1.4.1 (UNRELEASED) +SECURITY: + +* Fixed an issue that caused `verify_server_hostname` to not implicitly configure `verify_outgoing` to true. The documentation stated this was implicit. The previous implementation had a bug that resulted in this being partially incorrect and resulted in plaintext communication in agent-to-agent RPC when `verify_outgoing` was not explicitly set. (CVE-2018-19653) [[GH-5069](https://github.com/hashicorp/consul/issues/5069)] + ## 1.4.0 (November 14, 2018) FEATURES: