[chore] Include explicit mention of GHSA-c74f-6mfw-mm4v in changelog (open-telemetry#10332)

mx-psi · web-flow · commit d5dd7a6e725f · 2024-06-05T19:01:41.000+02:00
Mentions GHSA-c74f-6mfw-mm4v explicitly in the changelog
diff --git a/.chloggen/jpkroehling-configgrpc-use-own-compressors-for-zstd.yaml b/.chloggen/jpkroehling-configgrpc-use-own-compressors-for-zstd.yaml
diff --git a/CHANGELOG-API.md b/CHANGELOG-API.md
@@ -7,8 +7,14 @@ If you are looking for user-facing changes, check out [CHANGELOG.md](./CHANGELOG
 
 <!-- next version -->
 
+## v0.102.1
+
+No API-only changes on this release. **This release addresses [GHSA-c74f-6mfw-mm4v](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) for `configgrpc`.**
+
 ## v1.9.0/v0.102.0
 
+**This release addresses [GHSA-c74f-6mfw-mm4v](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) for `confighttp`.**
+
 ### 🛑 Breaking changes 🛑
 
 - `otelcol`: Remove deprecated `ConfigProvider` field from `CollectorSettings` (#10281)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,12 +7,22 @@ If you are looking for developer-facing changes, check out [CHANGELOG-API.md](./
 
 <!-- next version -->
 
+## v0.102.1
+
+**This release addresses [GHSA-c74f-6mfw-mm4v](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) for `configgrpc`.**
+
+### 🧰 Bug fixes 🧰
+
+- `configrpc`: Use own compressors for zstd. Before this change, the zstd compressor we used didn't respect the max message size. This addresses [GHSA-c74f-6mfw-mm4v](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) for `configgrpc` (#10323)
+
 ## v1.9.0/v0.102.0
 
+**This release addresses [GHSA-c74f-6mfw-mm4v](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) for `confighttp`.**
+
 ### 🛑 Breaking changes 🛑
 
 - `envprovider`: Restricts Environment Variable names.  Environment variable names must now be ASCII only and start with a letter or an underscore, and can only contain underscores, letters, or numbers. (#9531)
-- `confighttp`: Apply MaxRequestBodySize to the result of a decompressed body (#10289)
+- `confighttp`: Apply MaxRequestBodySize to the result of a decompressed body. This addresses [GHSA-c74f-6mfw-mm4v](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) for `confighttp` (#10289)
   When using compressed payloads, the Collector would verify only the size of the compressed payload. 
   This change applies the same restriction to the decompressed content. As a security measure, a limit of 20 MiB was added, which makes this a breaking change. 
   For most clients, this shouldn't be a problem, but if you often have payloads that decompress to more than 20 MiB, you might want to either configure your
