aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: Adds HCSEC-2026-11 to Community changelog (#6682)

Browse Source 
* docs: Adds HCSEC-2026-11 to Community changelog

* docs: Fix CVE number
pull/6688/head
Dan Heath 2 weeks ago committed by GitHub
parent aff2623c16
commit e8fdb25c81
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
CHANGELOG.md
Unescape View File

@ -12,6 +12,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
### Security
* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
* Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
* Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))
@ -56,11 +57,12 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
## 0.20.3 (2026/04/30)
### New and Improved
### New and Improved
* Added support for new `debug` flag to expose pprof endpoints for debugging purposes. ([PR](https://github.com/hashicorp/boundary/pull/6644))
### Security
* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
* Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
* Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))
@ -128,6 +130,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
### Security
* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
* Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
* Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))

Write Preview
Loading…
Cancel
Save