From efba05f062cfa4ca58206a856acfbfc8b56f8b0d Mon Sep 17 00:00:00 2001
From: Zach Wasserman <zach@fleetdm.com>
Date: Thu, 26 May 2022 16:45:49 -0700
Subject: [PATCH] Update Orbit changelog for v0.0.12 (#5930)

---
 orbit/CHANGELOG.md                              | 7 +++++++
 orbit/changes/issue-5579-fleet-desktop-policies | 1 -
 2 files changed, 7 insertions(+), 1 deletion(-)
 delete mode 100644 orbit/changes/issue-5579-fleet-desktop-policies

diff --git a/orbit/CHANGELOG.md b/orbit/CHANGELOG.md
index 9bd1e125cd..fbc1906175 100644
--- a/orbit/CHANGELOG.md
+++ b/orbit/CHANGELOG.md
@@ -1,3 +1,10 @@
+## Orbit 0.0.12 (May 26, 2022)
+### This is a security release.
+
+- **Security**: Update go-tuf library to fix [CVE-2022-29173](https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj). This vulnerability could allow an attacker with network access to perform a rollback attack, forcing Orbit to downgrade to an earlier version. Orbit installations with autoupdate turned on will automatically update, after which the client will no longer be vulnerable.
+ 
+- Fleet desktop will now notify Premium tier users if policies are failing/passing.
+
 ## Orbit 0.0.11 (May 10, 2022)
 
 - Change install path to /opt/orbit. Fixes a permissions issue on platforms with SELinux enabled.
diff --git a/orbit/changes/issue-5579-fleet-desktop-policies b/orbit/changes/issue-5579-fleet-desktop-policies
deleted file mode 100644
index 694d2edfc4..0000000000
--- a/orbit/changes/issue-5579-fleet-desktop-policies
+++ /dev/null
@@ -1 +0,0 @@
-Fleet desktop will now notify premium tier users if policies are failing/passing