From a26fa9fe1f90bcf7bfa282b46143e4ae5e30869a Mon Sep 17 00:00:00 2001
From: Sam Batschelet <sbatsche@redhat.com>
Date: Fri, 11 Jan 2019 12:24:20 -0500
Subject: [PATCH] CHANGELOG: add "disable CommonName authentication for
 gRPC-gateway" PR

Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
---
 CHANGELOG-3.2.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG-3.2.md b/CHANGELOG-3.2.md
index 4083e32cf..588201b08 100644
--- a/CHANGELOG-3.2.md
+++ b/CHANGELOG-3.2.md
@@ -23,6 +23,10 @@ See [code changes](https://github.com/etcd-io/etcd/compare/v3.2.25...v3.2.26) an
 
 - Fix [memory leak in cache layer](https://github.com/etcd-io/etcd/pull/10327).
 
+### Security, Authentication
+
+- Disable [CommonName authentication for gRPC-gateway](https://github.com/etcd-io/etcd/pull/10366) gRPC-gateway proxy requests to etcd server use the etcd client server TLS certificate. If that certificate contains CommonName we do not want to use that for authentication as it could lead to permission escalation.
+
 ### Go
 
 - Compile with [*Go 1.8.7*](https://golang.org/doc/devel/release.html#go1.8).