Mention CVE-2020-7021 under 6.8.14 release notes

elastic · Feb 10, 2021 · facdf64 · facdf64
1 parent e513dbe
commit facdf64
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/docs/reference/release-notes/6.8.asciidoc b/docs/reference/release-notes/6.8.asciidoc
@@ -3,6 +3,19 @@
 
 Also see <<breaking-changes-6.8,Breaking changes in 6.8>>.
 
+[discrete]
+[[security-updates-6.8.14]]
+=== Security updates
+
+* {es} versions before 7.10.0 and 6.8.14 have an information
+disclosure issue when audit logging and the `emit_request_body` option are
+enabled. The {es} audit log could contain sensitive information,
+such as password hashes or authentication tokens. This could allow an
+{es} administrator to view these details.
+You must upgrade to {es} version 6.8.14 to obtain the fix.
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7021[CVE-2020-7021]
+
+
 [[bug-6.8.14]]
 [float]
 === Bug fixes