chore: Add 0.10.2 changelog

4 years ago · 564affa294
parent 8c0efb9715
commit 564affa294
2 changed files with 10 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,15 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.

 ## Next

+## 0.10.2 (2022/08/23)
+
+### Security
+
+* Fix security vulnerability CVE-2022-36130, Boundary up to 0.10.1 did not properly perform  
+  authorization checks to ensure the resources were associated with the correct scopes,  
+  allowing potential privilege escalation for authorized users of another scope.
+  [[HCSEC-2022-17](https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493)]
+
 ## 0.10.1 (2022/08/11)

 ### Bug Fixes
--- a/version/version_base.go
+++ b/version/version_base.go
@ -8,7 +8,7 @@ var (
 	// Whether cgo is enabled or not; set at build time
 	CgoEnabled bool

-	Version = "0.10.2"
+	Version = "0.10.3"

 	// VersionPrerelease is also set at compile time, similarly to Version.
 	VersionPrerelease = ""