diff --git a/src/OpenTelemetry.Exporter.OneCollector/CHANGELOG.md b/src/OpenTelemetry.Exporter.OneCollector/CHANGELOG.md index 7aa93f468e..50f5618af3 100644 --- a/src/OpenTelemetry.Exporter.OneCollector/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.OneCollector/CHANGELOG.md @@ -7,7 +7,8 @@ Released 2026-Apr-21 * Limit how much of the response body is read when export fails using the HTTP - JSON transport and informational logging is enabled. + JSON transport and informational logging is enabled to resolve + [GHSA-55m9-299j-53c7](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security/advisories/GHSA-55m9-299j-53c7). ([#4117](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4117)) * Updated OpenTelemetry core component version(s) to `1.15.3`. diff --git a/src/OpenTelemetry.Instrumentation.AspNet/CHANGELOG.md b/src/OpenTelemetry.Instrumentation.AspNet/CHANGELOG.md index 3d30b5a60d..ee9ae16b5a 100644 --- a/src/OpenTelemetry.Instrumentation.AspNet/CHANGELOG.md +++ b/src/OpenTelemetry.Instrumentation.AspNet/CHANGELOG.md @@ -163,6 +163,7 @@ Released 2024-Apr-17 `?key1=value1&key2=value2` becomes `?key1=Redacted&key2=Redacted`. You can disable this redaction by setting the environment variable `OTEL_DOTNET_EXPERIMENTAL_ASPNET_DISABLE_URL_QUERY_REDACTION` to `true`. + Resolves [GHSA-vh2m-22xx-q94f](https://github.com/advisories/GHSA-vh2m-22xx-q94f). ([#1656](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/1656)) ## 1.8.0-beta.1 diff --git a/src/OpenTelemetry.Instrumentation.Http/CHANGELOG.md b/src/OpenTelemetry.Instrumentation.Http/CHANGELOG.md index 17bb0ea404..49f4235554 100644 --- a/src/OpenTelemetry.Instrumentation.Http/CHANGELOG.md +++ b/src/OpenTelemetry.Instrumentation.Http/CHANGELOG.md @@ -108,6 +108,7 @@ Released 2024-Apr-12 `?key1=value1&key2=value2` becomes `?key1=Redacted&key2=Redacted`. You can disable this redaction by setting the environment variable `OTEL_DOTNET_EXPERIMENTAL_HTTPCLIENT_DISABLE_URL_QUERY_REDACTION` to `true`. + Resolves [GHSA-vh2m-22xx-q94f](https://github.com/advisories/GHSA-vh2m-22xx-q94f). ([#5532](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5532)) ## 1.8.0 diff --git a/src/OpenTelemetry.OpAmp.Client/CHANGELOG.md b/src/OpenTelemetry.OpAmp.Client/CHANGELOG.md index 4c3d04515f..1524f62b43 100644 --- a/src/OpenTelemetry.OpAmp.Client/CHANGELOG.md +++ b/src/OpenTelemetry.OpAmp.Client/CHANGELOG.md @@ -26,7 +26,8 @@ Released 2026-Apr-21 * Add support for sticky HTTP connections via the `OpAMP-Instance-UID` header. ([#3830](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/3830)) -* Apply response size limits for oversized OpAMP responses. +* Apply response size limits for oversized OpAMP responses to resolve + [GHSA-w2jh-77fq-7gp8](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security/advisories/GHSA-w2jh-77fq-7gp8). ([#4116](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4116)) * Harden WebSocket transport: diff --git a/src/OpenTelemetry.Resources.AWS/CHANGELOG.md b/src/OpenTelemetry.Resources.AWS/CHANGELOG.md index 6aec7bda69..da9a6a6094 100644 --- a/src/OpenTelemetry.Resources.AWS/CHANGELOG.md +++ b/src/OpenTelemetry.Resources.AWS/CHANGELOG.md @@ -13,7 +13,8 @@ Released 2026-Apr-21 Windows containers running on AWS ECS. ([#4028](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4028)) -* Limit how much of the response body is consumed from metadata service HTTP responses. +* Limit how much of the response body is consumed from metadata service HTTP responses + to resolve [GHSA-28xm-prxc-5866](https://github.com/advisories/GHSA-28xm-prxc-5866). ([#4122](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4122)) * Fix ECS Metadata V4 cluster ARN normalization when the `Cluster` field returns diff --git a/src/OpenTelemetry.Resources.Azure/CHANGELOG.md b/src/OpenTelemetry.Resources.Azure/CHANGELOG.md index 7226b8453c..9351ec2b5d 100644 --- a/src/OpenTelemetry.Resources.Azure/CHANGELOG.md +++ b/src/OpenTelemetry.Resources.Azure/CHANGELOG.md @@ -9,7 +9,8 @@ Released 2026-Apr-21 -* Limit how much of the response body is consumed from metadata service HTTP responses. +* Limit how much of the response body is consumed from metadata service HTTP responses + to resolve [GHSA-vc24-j8c5-2vw4](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security/advisories/GHSA-vc24-j8c5-2vw4). ([#4121](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4121)) * Updated OpenTelemetry core component version(s) to `1.15.3`. diff --git a/src/OpenTelemetry.Sampler.AWS/CHANGELOG.md b/src/OpenTelemetry.Sampler.AWS/CHANGELOG.md index 15cf482976..9aa1d03158 100644 --- a/src/OpenTelemetry.Sampler.AWS/CHANGELOG.md +++ b/src/OpenTelemetry.Sampler.AWS/CHANGELOG.md @@ -23,7 +23,8 @@ Released 2026-Apr-14 * Updated OpenTelemetry core component version(s) to `1.15.2`. ([#4080](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4080)) -* Limit the max size read for response body getting the sampling rules to 1MB. +* Limit the max size read for response body getting the sampling rules to 1MB to + resolve [GHSA-28xm-prxc-5866](https://github.com/advisories/GHSA-28xm-prxc-5866). ([#4100](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4100)) ## 0.1.0-alpha.7