From a601316efd9ba4047ae0d5887ccbf4c957d5ed45 Mon Sep 17 00:00:00 2001
From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com>
Date: Wed, 18 Oct 2023 13:41:39 -0400
Subject: [PATCH] docs: Update release notes (#3852)

* docs: Update release notes

* docs: Update link to github advisory
---
 website/content/docs/release-notes/v0_14_0.mdx | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/website/content/docs/release-notes/v0_14_0.mdx b/website/content/docs/release-notes/v0_14_0.mdx
index def4d85325..d2e4706f50 100644
--- a/website/content/docs/release-notes/v0_14_0.mdx
+++ b/website/content/docs/release-notes/v0_14_0.mdx
@@ -138,6 +138,24 @@ description: |-
     <a href="/boundary/docs/troubleshoot/troubleshoot-recorded-sessions#unsupported-recovery-workflow">Unsupported recovery workflow</a>
     </td>
   </tr>
+   <tr>
+    <td style={{verticalAlign: 'middle'}}>
+    0.14.0
+    <br /><br />
+    (Fixed in 0.14.1)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Go CVE-2023-39325
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    The version of Go that was used in Boundary release 0.14.0 contained a CVE. The issue was fixed in Go versions 1.21.3 and 1.20. Boundary was updated to use the new Go versions in release 0.14.1, and the issue is resolved.
+    <br /><br />
+    Learn more:&nbsp;
+    <a href="https://github.com/advisories/GHSA-4374-p667-p6c8">HTTP/2 rapid reset can cause excessive work in net/http</a>
+    <br /><br />
+    <a href="/boundary/tutorials/self-managed-deployment/upgrade-version">Upgrade to the latest version of Boundary</a>
+    </td>
+  </tr>
 
   </tbody>
 </table>