From ab94827cbb35d3b25356800e349aae0146845bc9 Mon Sep 17 00:00:00 2001
From: Matthew Heon <mheon@redhat.com>
Date: Mon, 5 Apr 2021 10:33:27 -0400
Subject: Update release notes to indicate CVE fix

We didn't release this with the original release notes as the fix
was still under embargo.

Signed-off-by: Matthew Heon <mheon@redhat.com>
---
 RELEASE_NOTES.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 85daba722..5ba5e251b 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -17,6 +17,9 @@
 - The `podman generate kube` command can now generate `PersistentVolumeClaim` YAML for Podman named volumes ([#5788](https://github.com/containers/podman/issues/5788)).
 - The `podman generate kube` command can now generate YAML files containing multiple resources (pods or deployments) ([#9129](https://github.com/containers/podman/issues/9129)).
 
+### Security
+- This release resolves CVE-2021-20291, a deadlock vulnerability in the storage library caused by pulling a specially-crafted container image.
+
 ### Changes
 - The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
 - The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
-- 
cgit v1.2.3-54-g00ecf