salt/doc/topics/releases/2016.3.8.rst

===========================
Salt 2016.3.8 Release Notes
===========================

Version 2016.3.8 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.

Changes for v2016.3.7..v2016.3.8
--------------------------------

Security Fix
============

CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)

CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
Add Security Notice to 2016.3.7 Release Notes 2017-08-15 16:33:27 +00:00			`===========================`
			`Salt 2016.3.8 Release Notes`
			`===========================`

			Version 2016.3.8 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.

			`Changes for v2016.3.7..v2016.3.8`
			`--------------------------------`

Add Security Notes to 2016.3.8 Release Notes 2017-10-09 20:26:13 +00:00			`Security Fix`
			`============`
Add Security Notice to 2016.3.7 Release Notes 2017-08-15 16:33:27 +00:00
Add Security Notes to 2016.3.8 Release Notes 2017-10-09 20:26:13 +00:00			`CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)`
Add Security Notice to 2016.3.7 Release Notes 2017-08-15 16:33:27 +00:00
Add Security Notes to 2016.3.8 Release Notes 2017-10-09 20:26:13 +00:00			`CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)`