intel · nmgaston · Jan 24, 2024 · Jan 24, 2024 · Jan 24, 2024 · Jan 24, 2024
@@ -3,7 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
-## NEXT - ?
+## NEXT - ?.?.? - ?
+
+
+## NEXT - 4.2.0 - 2024-01-23
 
 ### Changed
  - RTC 536078 - Added package list option to inbc, cloud, and internal manifest. This allows SOTA to run an install/upgrade command on a set of individual packages rather than all installed packages.
@@ -27,7 +30,6 @@ check if sourceApplication Gpg key URL is in trusted repo
  - dependabot: update golang.org/x/net from 0.14.0 to 0.17.0 in /inbm/trtl (addresses CVE-2023-39325, CVE-2023-44487)
  - update pypi urllib3 from 1.26.17 to 1.26.18 (addresses CVE-2023-45803 in urllib3)
  - dependabot: bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible in /inbm/trtl (addresses GHSA-jq35-85cj-fj4p)
- - dependabot: Bump cryptography from 41.0.4 to 41.0.6 in /inbm/dispatcher-agen (addresses CVE-2023-49083, CVE-2023-5678, CVE-2023-5363)
  - update included reference certifi source code from 2020.12.05 to 2023.7.22, which was not a security issue per se but was flagged in BDBA as it contains CVE-2022-23491 and CVE-2023-37920
  - dependabot: Bump pyinstaller from 5.13.0 to 5.13.1 in all agents/programs (addresses CVE-2023-49797)
  - RTC 536046 - Add a workflow to perform signature checks for AOTA packages if user enrolled a key during provisioning