From d8603ebf80519808fd8e93622bff5c247c1aa25f Mon Sep 17 00:00:00 2001
From: "liheng.zms" <liheng.zms@alibaba-inc.com>
Date: Thu, 25 Jan 2024 20:34:55 +0800
Subject: [PATCH] Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>

kruise changelog 1.4.1, 1.3.1, 1.5.2

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>
---
 CHANGELOG.md | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e627b56a7..a02fc1e209 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,12 +3,7 @@
 ## v1.5.2
 > Chang log since v1.5.1
 
-### CVE FIX: Leverage the kruise-daemon pod to list all secrets in the entire cluster
-Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster.
-After that, attackers can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privilege such as pod modification.
-
-For this fix, we removed the cluster secret permissions from kruise-daemon and converged the secret to kruise-manager, reducing the risk of cluster secret leaks.
-([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
+### CVE FIX: Enhance kruise-daemon security ([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
 
 ### Start kruise-manager as a non-root user
 We start kruise-manger with a non-root user to further enhance the security of kruise-manager. ([#1491](https://github.com/openkruise/kruise/pull/1491), [@zmberg](https://github.com/zmberg))
@@ -86,6 +81,11 @@ And some bugs were fixed by
 ([#1348](https://github.com/openkruise/kruise/pull/1348), [#1343](https://github.com/openkruise/kruise/pull/1343), [Colvin-Y](https://github.com/Colvin-Y)),
 thanks!
 
+## v.1.4.1
+> Change log since v1.4.0
+
+### CVE FIX: Enhance kruise-daemon security ([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
+
 ## v1.4.0
 
 > Change log since v1.3.0
@@ -136,6 +136,12 @@ For more detail, please refer to its [proposal](https://github.com/openkruise/kr
 - Change kruise base image to alpine. ([#1166](https://github.com/openkruise/kruise/pull/1166), [@fengshunli](https://github.com/fengshunli))
 - PersistentPodState support custom workload (like statefulSet). ([#1063](https://github.com/openkruise/kruise/pull/1063), [@baxiaoshi](https://github.com/baxiaoshi))
 
+## v1.3.1
+
+> Change log since v1.3.0
+
+### CVE FIX: Enhance kruise-daemon security ([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
+
 ## v1.3.0
 
 > Change log since v1.2.0