From ae8c6865c9f06d8a0da3b20b694cbbe13851bb44 Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Mon, 9 Dec 2024 16:54:28 +0000
Subject: [PATCH] docs: CVEs fixed on 4.1.0 (#31352)

---
 docs/docs/security/cves.mdx | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/docs/security/cves.mdx b/docs/docs/security/cves.mdx
index 4ac0bb5296509..6db102b8f43f0 100644
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@@ -2,6 +2,14 @@
 title: CVEs fixed by release
 sidebar_position: 2
 ---
+#### Version 4.1.0
+
+| CVE            | Title                                                                              | Affected |
+|:---------------|:-----------------------------------------------------------------------------------|---------:|
+| CVE-2024-53947 | Improper SQL authorisation, parse for specific postgres functions                  |  < 4.1.0 |
+| CVE-2024-53948 | Error verbosity exposes metadata in analytics databases                            |  < 4.1.0 |
+| CVE-2024-53949 | Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled |  < 4.1.0 |
+
 #### Version 4.0.2
 
 | CVE            | Title                       | Affected |