Add release notes for IPv6 rogue router advertisements

docs/releases/1.16-NOTES.md

@@ -1,5 +1,20 @@
 ## Release notes for kops 1.16 series
 
+# Significant changes
+
+* To address the [issue](https://github.com/kubernetes/kubernetes/issues/91507) of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows:
+    * Docker version 19.03.11 - [CVE-2020-13401](https://github.com/docker/docker-ce/releases/v19.03.11) (optional)
+    * CNI plugins 0.8.6 - [CVE-2020-10749](https://github.com/containernetworking/plugins/releases/tag/v0.8.6)
+    * Calico 3.9.6 - [CVE-2020-13597](https://docs.projectcalico.org/archive/v3.9/release-notes/)
+    * Weave Net 2.6.5
+
+* If upgrading from 1.11 or earlier, please see the notes in previous releases
+  about upgrading through kubernetes 1.12, with the etcd3 upgrade.
+
+* A new component runs on the master nodes now: kops-controller.
+  kops-controller currently labels nodes, but will likely perform additional
+  functionality in future releases.
+
 # Breaking changes
 
 * Support for Docker versions 1.11, 1.12 and 1.13 has been removed because of the [dockerproject.org shut down](https://www.docker.com/blog/changes-dockerproject-org-apt-yum-repositories/). Those affected must upgrade to a newer Docker version.
@@ -11,15 +26,6 @@
   GCE or OpenStack your (non-master) nodes may not have labels applied
   correctly.
 
-# Significant changes
-
-* If upgrading from 1.11 or earlier, please see the notes in previous releases
-  about upgrading through kubernetes 1.12, with the etcd3 upgrade.
-
-* A new component runs on the master nodes now: kops-controller.
-  kops-controller currently labels nodes, but will likely perform additional
-  functionality in future releases.
-
 # Required Actions
 
 * If either a Kops 1.16 alpha release or a custom Kops build was used on a cluster,

docs/releases/1.17-NOTES.md

@@ -2,7 +2,11 @@
 
 # Significant changes
 
-* The default Docker version has been changed to 19.03.4. Optional support for Docker 19.03.8 has been added and will be the default in future versions. Enable by setting `spec.docker.version: 19.03.8`.
+* To address the [issue](https://github.com/kubernetes/kubernetes/issues/91507) of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows:
+    * Docker version 19.03.11 - [CVE-2020-13401](https://github.com/docker/docker-ce/releases/v19.03.11)
+    * CNI plugins 0.8.6 - [CVE-2020-10749](https://github.com/containernetworking/plugins/releases/tag/v0.8.6)
+    * Calico 3.13.4 - [CVE-2020-13597](https://docs.projectcalico.org/archive/v3.13/release-notes/)
+    * Weave Net 2.6.5
 
 * The default instance type for AWS has been changed to t3.medium. This should provide better performance and reduced costs in clusters where the average CPU usage is low.
 

docs/releases/1.18-NOTES.md

@@ -4,7 +4,11 @@
 
 # Significant changes
 
-* The default Docker version has been changed to 19.03.11.
+* To address the [issue](https://github.com/kubernetes/kubernetes/issues/91507) of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows:
+    * Docker version 19.03.11 - [CVE-2020-13401](https://github.com/docker/docker-ce/releases/v19.03.11)
+    * CNI plugins 0.8.6 - [CVE-2020-10749](https://github.com/containernetworking/plugins/releases/tag/v0.8.6)
+    * Calico 3.13.4 - [CVE-2020-13597](https://www.projectcalico.org/security-bulletins/)
+    * Weave Net 2.6.5
 
 * Support for [RHEL 8](../operations/images.md#rhel-8) and [CentOS 8](../operations/images.md#centos-8) has been added.