doc/topics/releases/2016.11.10.rst
=============================
Salt 2016.11.10 Release Notes
=============================
Version 2016.11.10 is a security release for :ref:`2016.11.0 <release-2016-11-0>`.
Changes for v2016.11.9..v2016.11.10
-----------------------------------
Security Fix
============
CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
Credit and thanks for discovery and responsible disclosure: nullbr4in, xcuter, koredge, loupos, blackcon, Naver Business Platform