This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch 1.1.x
in repository https://gitbox.apache.org/repos/asf/pekko-management.git
The following commit(s) were added to refs/heads/1.1.x by this push:
new caf90b9c Update release notes for version 1.1.1 (#537) (#539)
caf90b9c is described below
commit caf90b9c8e14cf5670d92b047c9f5893bd23cefc
Author: PJ Fanning <[email protected]>
AuthorDate: Fri Nov 14 15:49:52 2025 +0100
Update release notes for version 1.1.1 (#537) (#539)
Added security fix details and upgrade recommendation for Basic
Authentication in Pekko Management.
---
docs/src/main/paradox/release-notes/releases-1.1.md | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/docs/src/main/paradox/release-notes/releases-1.1.md
b/docs/src/main/paradox/release-notes/releases-1.1.md
index 83c8c1ec..880ec394 100644
--- a/docs/src/main/paradox/release-notes/releases-1.1.md
+++ b/docs/src/main/paradox/release-notes/releases-1.1.md
@@ -2,12 +2,17 @@
## 1.1.1
-Release notes for Apache Pekko Management 1.1.1
+Release notes for Apache Pekko Management 1.1.1. This release includes a
security fix.
+
+### Security fix
+
+* CVE-2025-46548: If you enable Basic Authentication in Pekko Management using
the Java DSL, the authenticator may not be properly applied
([PR418](https://github.com/apache/pekko-management/pull/418))
+
+If you have configured Pekko Management to use Basic Authentication then you
should consider upgrading to this version or a newer one.
### Additions
* Configuration option to enable gzip compression on k8s pods api for service
discovery ([PR336](https://github.com/apache/pekko-management/pull/336))
-* Improved error handling on conflicting 'start' invocations
([PR418](https://github.com/apache/pekko-management/pull/418))
### Dependency Upgrades
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
