diff --git a/data/release-notes/enterprise-server/3-2/20.yml b/data/release-notes/enterprise-server/3-2/20.yml index fb7235a2c8..4966e70f68 100644 --- a/data/release-notes/enterprise-server/3-2/20.yml +++ b/data/release-notes/enterprise-server/3-2/20.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m). + - | + **HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738). - | **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209). - | diff --git a/data/release-notes/enterprise-server/3-3/15.yml b/data/release-notes/enterprise-server/3-3/15.yml index 7c0cc5feed..4212559476 100644 --- a/data/release-notes/enterprise-server/3-3/15.yml +++ b/data/release-notes/enterprise-server/3-3/15.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m). + - | + **HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738). - | **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209). - | diff --git a/data/release-notes/enterprise-server/3-4/10.yml b/data/release-notes/enterprise-server/3-4/10.yml index b6faf466f6..a760316f87 100644 --- a/data/release-notes/enterprise-server/3-4/10.yml +++ b/data/release-notes/enterprise-server/3-4/10.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m). + - | + **HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738). - | **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209). - | diff --git a/data/release-notes/enterprise-server/3-5/7.yml b/data/release-notes/enterprise-server/3-5/7.yml index 24c2784c0f..e5177e7983 100644 --- a/data/release-notes/enterprise-server/3-5/7.yml +++ b/data/release-notes/enterprise-server/3-5/7.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m). + - | + **HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738). - | **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209). - | diff --git a/data/release-notes/enterprise-server/3-6/3.yml b/data/release-notes/enterprise-server/3-6/3.yml index e76e8a49c9..84c7045197 100644 --- a/data/release-notes/enterprise-server/3-6/3.yml +++ b/data/release-notes/enterprise-server/3-6/3.yml @@ -3,6 +3,8 @@ sections: security_fixes: - | **HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m). + - | + **HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738). - | **MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209). - |