Merge pull request #50206 from Ch3LL/rn_2018.3.3

[2018.3.3] remove in progress and add security details
2024-11-07 00:55:19 +00:00 · 2018-10-24 11:50:49 -04:00 · 2018-10-24 11:50:49 -04:00 · db8ef1efa7
commit db8ef1efa7
parent 3d3db70454 896caa120f
2 changed files with 26 additions and 5 deletions
--- a/doc/topics/releases/2016.11.10.rst
+++ b/doc/topics/releases/2016.11.10.rst
@ -0,0 +1,15 @@
+=============================
+Salt 2016.11.10 Release Notes
+=============================
+
+Version 2016.11.10 is a security release for :ref:`2016.11.0 <release-2016-11-0>`.
+
+Changes for v2016.11.9..v2016.11.10
+-----------------------------------
+
+Security Fix
+============
+
+CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
+
+CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
--- a/doc/topics/releases/2018.3.3.rst
+++ b/doc/topics/releases/2018.3.3.rst
@ -1,9 +1,8 @@
-========================================
-In Progress: Salt 2018.3.3 Release Notes
-========================================
+===========================
+Salt 2018.3.3 Release Notes
+===========================

-Version 2018.3.3 is an **unreleased** bugfix release for :ref:`2018.3.0 <release-2018-3-0>`.
-This release is still in progress and has not been released yet.
+Version 2018.3.3 is a security and bugfix release for :ref:`2018.3.0 <release-2018-3-0>`.

 Statistics
 ==========
@ -44,6 +43,13 @@ Statistics
          - template: jinja
          - defaults: {{ mydict | tojson }}

+Security Fix
+============
+
+CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
+
+CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
+
 Changes to win_timezone
 =======================