Skip to content

Commit

Permalink
changelog GH-5728
Browse files Browse the repository at this point in the history
  • Loading branch information
Mahmood Ali committed Jun 4, 2019
1 parent fc9f753 commit 50fc86a
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
## 0.9.2 (Unreleased)

SECURITY:

* driver/exec: Fix privilege escalation issue introduced in Nomad 0.9.0. In
Nomad 0.9.0 and 0.9.1, exec tasks by default run as `nobody` but with
elevated capabilities, allowing tasks to perform privileged linux operations
and potentially escalate permissions. (CVE-2019-12618)
[[GH-5728](https://github.com/hashicorp/nomad/pull/5728)]

__BACKWARDS INCOMPATIBILITIES:__

* api: The `api` package removed `Config.SetTimeout` and `Config.ConfigureTLS` functions, intended
Expand Down

0 comments on commit 50fc86a

Please sign in to comment.