From b2bcd8f7be589b703f9c629de9c3d93f45ce5d30 Mon Sep 17 00:00:00 2001
From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com>
Date: Mon, 16 Dec 2024 15:29:37 -0500
Subject: [PATCH] docs: Update release notes (#5346)

* docs: Update release notes

* docs: Clarify affected versions, fix spacing
---
 .../content/docs/release-notes/v0_16_0.mdx    | 21 +++++++++
 .../content/docs/release-notes/v0_17_0.mdx    | 29 +++++++++++-
 .../content/docs/release-notes/v0_18_0.mdx    | 44 ++++++++++++++++++-
 3 files changed, 91 insertions(+), 3 deletions(-)

diff --git a/website/content/docs/release-notes/v0_16_0.mdx b/website/content/docs/release-notes/v0_16_0.mdx
index e1faa92704..581f1fafd7 100644
--- a/website/content/docs/release-notes/v0_16_0.mdx
+++ b/website/content/docs/release-notes/v0_16_0.mdx
@@ -312,6 +312,27 @@ description: >-
     </td>
   </tr>
 
+  <tr>
+    <td style={{verticalAlign: 'middle'}}>
+    0.8.0 - 0.16.3
+    <br /><br />
+    (Fixed in Boundary Community Edition and Boundary Enterprise 0.16.4)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary controller incorrectly handles HTTP requests and stops prematurely (HCSEC-2024-28)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary Community Edition and Boundary Enterprise incorrectly handle HTTP requests while the Boundary controller is starting up, which may cause the controller to stop prematurely. Boundary is only vulnerable to this flaw during the controller's initialization, which usually occurs in milliseconds during Boundary's startup process.
+    <br /><br />
+    This vulnerability, HCSEC-2024-28, is fixed in Boundary Community Edition and Boundary Enterprise versions 0.16.4, 0.17.3, and 0.18.2.
+    <br /><br />
+    Learn more: <a href="https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service">HCSEC-2024-28: Boundary controller incorrectly handles http requests on initialization which may lead to a denial of service</a>
+    <br /><br />
+    <a href="/boundary/tutorials/self-managed-deployment/upgrade-version">Upgrade to the latest version of Boundary</a>
+    </td>
+  </tr>
+
+
   </tbody>
 </table>
 
diff --git a/website/content/docs/release-notes/v0_17_0.mdx b/website/content/docs/release-notes/v0_17_0.mdx
index 5a6add742d..391adbbe01 100644
--- a/website/content/docs/release-notes/v0_17_0.mdx
+++ b/website/content/docs/release-notes/v0_17_0.mdx
@@ -184,7 +184,9 @@ description: >-
 
   <tr>
     <td style={{verticalAlign: 'middle'}}>
-    0.17.0 (Fixed in 0.17.1)
+    0.17.0
+    <br /><br />
+    (Fixed in 0.17.1)
     </td>
     <td style={{verticalAlign: 'middle'}}>
     Using an invalid alias results in a 401 message
@@ -202,7 +204,9 @@ description: >-
 
   <tr>
     <td style={{verticalAlign: 'middle'}}>
-    0.17.0 (Fixed in 0.17.1)
+    0.17.0
+    <br /><br />
+    (Fixed in 0.17.1)
     </td>
     <td style={{verticalAlign: 'middle'}}>
     Session recording fails when you use Secure File Copy (SCP)
@@ -218,5 +222,26 @@ description: >-
     </td>
   </tr>
 
+  <tr>
+    <td style={{verticalAlign: 'middle'}}>
+    0.8.0 - 0.17.2
+    <br /><br />
+    (Fixed in Boundary Community Edition and Boundary Enterprise 0.17.3)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary controller incorrectly handles HTTP requests and stops prematurely (HCSEC-2024-28)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary Community Edition and Boundary Enterprise incorrectly handle HTTP requests while the Boundary controller is starting up, which may cause the controller to stop prematurely. Boundary is only vulnerable to this flaw during the controller's initialization, which usually occurs in milliseconds during Boundary's startup process.
+    <br /><br />
+    This vulnerability, HCSEC-2024-28, is fixed in Boundary Community Edition and Boundary Enterprise versions 0.16.4, 0.17.3, and 0.18.2.
+    <br /><br />
+    Learn more: <a href="https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service">HCSEC-2024-28: Boundary controller incorrectly handles http requests on initialization which may lead to a denial of service</a>
+    <br /><br />
+    <a href="/boundary/tutorials/self-managed-deployment/upgrade-version">Upgrade to the latest version of Boundary</a>
+    </td>
+  </tr>
+
+
   </tbody>
 </table>
\ No newline at end of file
diff --git a/website/content/docs/release-notes/v0_18_0.mdx b/website/content/docs/release-notes/v0_18_0.mdx
index 8f7754237e..4c1735ce57 100644
--- a/website/content/docs/release-notes/v0_18_0.mdx
+++ b/website/content/docs/release-notes/v0_18_0.mdx
@@ -170,7 +170,9 @@ description: >-
 
   <tr>
     <td style={{verticalAlign: 'middle'}}>
-    0.18.0 (Fixed in 0.18.1)
+    0.18.0
+    <br /><br />
+    (Fixed in 0.18.1)
     </td>
     <td style={{verticalAlign: 'middle'}}>
     Users are incorrectly removed from managed groups
@@ -186,5 +188,45 @@ description: >-
     </td>
   </tr>
 
+  <tr>
+    <td style={{verticalAlign: 'middle'}}>
+    0.18.0
+    <br /><br />
+    (Fixed in 0.18.2)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Session recordings fail with an error
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    When large numbers of sessions were created around the same time using the AssumeRole API, the AWS STS (Security Token Service) credentials sometimes failed to refresh and session recordings would fail. The failure occurred due to throttling from AWS.
+    <br /><br />
+    Version 0.18.2 adds a cache for Amazon S3 clients to store temporary credentials and prevent AWS resources from being overwhelmed. This issue is now resolved.
+    <br /><br />
+    Learn more:&nbsp; <a href="/boundary/docs/configuration/session-recording/storage-providers/configure-s3">Configure Amazon S3 as a storage provider</a>
+    <br /><br />
+    <a href="/boundary/tutorials/self-managed-deployment/upgrade-version">Upgrade to the latest version of Boundary</a>
+    </td>
+  </tr>
+
+  <tr>
+    <td style={{verticalAlign: 'middle'}}>
+    0.8.0 - 0.18.1
+    <br /><br />
+    (Fixed in Boundary Community Edition and Boundary Enterprise 0.18.2)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary controller incorrectly handles HTTP requests and stops prematurely (HCSEC-2024-28)
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary Community Edition and Boundary Enterprise incorrectly handle HTTP requests while the Boundary controller is starting up, which may cause the controller to stop prematurely. Boundary is only vulnerable to this flaw during the controller's initialization, which usually occurs in milliseconds during Boundary's startup process.
+    <br /><br />
+    This vulnerability, HCSEC-2024-28, is fixed in Boundary Community Edition and Boundary Enterprise versions 0.16.4, 0.17.3, and 0.18.2.
+    <br /><br />
+    Learn more: <a href="https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service">HCSEC-2024-28: Boundary controller incorrectly handles http requests on initialization which may lead to a denial of service</a>
+    <br /><br />
+    <a href="/boundary/tutorials/self-managed-deployment/upgrade-version">Upgrade to the latest version of Boundary</a>
+    </td>
+  </tr>
+
   </tbody>
 </table>
\ No newline at end of file