From c1ad2ebeef709dda9102fe1770d17c9aff949b66 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 4 Apr 2023 17:24:28 +0200
Subject: [PATCH 1/2] engine: add 23.0.3 release notes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 engine/release-notes/23.0.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/engine/release-notes/23.0.md b/engine/release-notes/23.0.md
index 6987e5a36e..745cc34437 100644
--- a/engine/release-notes/23.0.md
+++ b/engine/release-notes/23.0.md
@@ -41,6 +41,31 @@ Changing the version format is a stepping-stone towards Go module compatibility,
 but the repository doesn't yet use Go modules, and still requires using a "+incompatible" version.
 Work continues towards Go module compatibility in a future release.
 
+## 23.0.3
+
+{% include release-date.html date="2023-04-04" %}
+
+### Bug fixes and enhancements
+
+- Fixed a number of issues that can cause Swarm encrypted overlay networks
+  to fail to uphold their guarantees, addressing [CVE-2023-28841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841),
+  [CVE-2023-28840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840), and
+  [CVE-2023-28842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842).
+  - A lack of kernel support for encrypted overlay networks now reports
+    as an error.
+  - Encrypted overlay networks are eagerly set up, rather than waiting for
+    multiple nodes to attach.
+  - Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9
+    through the use of the `xt_bpf` kernel module.
+  - Users of Swarm overlay networks should review [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)
+    to ensure that unintentional exposure has not occurred.
+
+### Packaging Updates
+
+- Upgrade `containerd` to [v1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20).
+- Upgrade `runc` to [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5).
+
+
 ## 23.0.2
 
 {% include release-date.html date="2023-03-28" %}

From 1194dfab4cf01a893bfc10d210590a85b6dfc7a5 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 4 Apr 2023 23:48:12 +0200
Subject: [PATCH 2/2] engine: add note about missing packages for CentOS 9 for
 23.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 engine/release-notes/23.0.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/engine/release-notes/23.0.md b/engine/release-notes/23.0.md
index 745cc34437..2d4c388d92 100644
--- a/engine/release-notes/23.0.md
+++ b/engine/release-notes/23.0.md
@@ -45,6 +45,12 @@ Work continues towards Go module compatibility in a future release.
 
 {% include release-date.html date="2023-04-04" %}
 
+> **Note**
+> 
+> Due to an issue with CentOS 9 Stream's package repositories, packages for
+> CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later,
+> or as part of the next (23.0.4) patch release.
+
 ### Bug fixes and enhancements
 
 - Fixed a number of issues that can cause Swarm encrypted overlay networks