From 932abbb6e66d8d3cc8f09a779d6e098441071de0 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 20 Jul 2021 21:20:15 +0700
Subject: [PATCH] update docs for 4.8.1

---
 ChangeLog.md | 7 +++++++
 README       | 6 ++++++
 README.md    | 6 ++++++
 3 files changed, 19 insertions(+)

diff --git a/ChangeLog.md b/ChangeLog.md
index 43067646b..08f967e02 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,10 @@
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
+
+### Vulnerabilities
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report.
+
+
 # wolfSSL Release 4.8.0 (July 09, 2021)
 Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
diff --git a/README b/README
index 174ea5fa0..4fc3ba51e 100644
--- a/README
+++ b/README
@@ -72,6 +72,12 @@ should be used for the enum name.
 
 *** end Notes ***
 
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
+
+### Vulnerabilities
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report.
+
 
 # wolfSSL Release 4.8.0 (July 09, 2021)
 Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
diff --git a/README.md b/README.md
index eac8dba28..8fc7ca7a6 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,12 @@ macro ```NO_OLD_SHA_NAMES```. These names get mapped to the OpenSSL API for a
 single call hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and
 WC_SHA512 should be used for the enum name.
 
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
+
+### Vulnerabilities
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report.
+
 # wolfSSL Release 4.8.0 (July 09, 2021)
 Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including: