engine: add release notes for 20.10.24

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

engine/release-notes/20.10.md

@@ -10,6 +10,34 @@ skip_read_time: true
 This document describes the latest changes, additions, known issues, and fixes
 for Docker Engine version 20.10.
 
+## 20.10.24
+{% include release-date.html date="2023-04-04" %}
+
+### Updates
+
+- Update Go runtime to [1.19.7](https://go.dev/doc/devel/release#go1.19.minor).
+- Update Docker Buildx to [v0.10.4](https://github.com/docker/buildx/releases/tag/v0.10.4).
+- Update containerd to [v1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20).
+- Update runc to [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5).
+
+### Bug fixes and enhancements
+
+- Fixed a number of issues that can cause Swarm encrypted overlay networks
+  to fail to uphold their guarantees, addressing [CVE-2023-28841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841),
+  [CVE-2023-28840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840), and
+  [CVE-2023-28842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842).
+  - A lack of kernel support for encrypted overlay networks now reports
+    as an error.
+  - Encrypted overlay networks are eagerly set up, rather than waiting for
+    multiple nodes to attach.
+  - Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9
+    through the use of the `xt_bpf` kernel module.
+  - Users of Swarm overlay networks should review [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)
+    to ensure that unintentional exposure has not occurred.
+- Upgrade github.com/containerd/fifo to v1.1.0 to fix a potential panic [moby/moby#45216](https://github.com/moby/moby/pull/45242).
+- Fix missing Bash completion for installed cli-plugins [docker/cli#4091](https://github.com/docker/cli/pull/4091).
+
+
 ## 20.10.23
 {% include release-date.html date="2023-01-19" %}