CHANGELOG: update with added audit report
Update the changelog for recently added audit report. Also mention the report in the security readme.release-3.5
parent
d29af0f22b
commit
eafd374309
|
@ -71,6 +71,7 @@ See [code changes](https://github.com/etcd-io/etcd/compare/v3.4.0...v3.5.0) and
|
|||
|
||||
- Add [`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` and `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` to `etcd --cipher-suites`](https://github.com/etcd-io/etcd/pull/11864).
|
||||
- Changed [the format of WAL entries related to auth for not keeping password as a plain text](https://github.com/etcd-io/etcd/pull/11943).
|
||||
- Add third party [Security Audit Report](https://github.com/etcd-io/etcd/pull/12201).
|
||||
|
||||
### Metrics, Monitoring
|
||||
|
||||
|
|
|
@ -31,3 +31,7 @@ As the security issue moves from triage, to identified fix, to release planning
|
|||
## Public Disclosure Timing
|
||||
|
||||
A public disclosure date is negotiated by the etcd Product Security Committee and the bug reporter. We prefer to fully disclose the bug as soon as possible once user mitigation is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. As a basic default, we expect report date to disclosure date to be on the order of 7 days. The etcd Product Security Committee holds the final say when setting a disclosure date.
|
||||
|
||||
## Security Audit
|
||||
|
||||
A third party security audit was performed by Trail of Bits, find the full report [here](SECURITY_AUDIT.pdf).
|
||||
|
|
Loading…
Reference in New Issue