This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/pekko-management.git
The following commit(s) were added to refs/heads/1.2.x by this push:
new 8a94729e Update release notes for version 1.1.1 (#537) (#538)
8a94729e is described below
commit 8a94729e8a26e12682ec7bdf5322ebf893e6e78c
Author: PJ Fanning <[email protected]>
AuthorDate: Fri Nov 14 14:48:57 2025 +0100
Update release notes for version 1.1.1 (#537) (#538)
Added security fix details and upgrade recommendation for Basic
Authentication in Pekko Management.
---
docs/src/main/paradox/release-notes/releases-1.1.md | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/docs/src/main/paradox/release-notes/releases-1.1.md
b/docs/src/main/paradox/release-notes/releases-1.1.md
index 83c8c1ec..880ec394 100644
--- a/docs/src/main/paradox/release-notes/releases-1.1.md
+++ b/docs/src/main/paradox/release-notes/releases-1.1.md
@@ -2,12 +2,17 @@
## 1.1.1
-Release notes for Apache Pekko Management 1.1.1
+Release notes for Apache Pekko Management 1.1.1. This release includes a
security fix.
+
+### Security fix
+
+* CVE-2025-46548: If you enable Basic Authentication in Pekko Management using
the Java DSL, the authenticator may not be properly applied
([PR418](https://github.com/apache/pekko-management/pull/418))
+
+If you have configured Pekko Management to use Basic Authentication then you
should consider upgrading to this version or a newer one.
### Additions
* Configuration option to enable gzip compression on k8s pods api for service
discovery ([PR336](https://github.com/apache/pekko-management/pull/336))
-* Improved error handling on conflicting 'start' invocations
([PR418](https://github.com/apache/pekko-management/pull/418))
### Dependency Upgrades
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
