Merge pull request #30827 from jacobhammons/release-2015.8

Version to 2015.8.4, added CVE 2016-1866 to release notes

doc/conf.py

@@ -164,7 +164,7 @@ project = 'Salt'
 copyright = '2016 SaltStack, Inc.'
 
 version = salt.version.__version__
-latest_release = '2015.8.3'  # latest release
+latest_release = '2015.8.4'  # latest release
 previous_release = '2015.5.9'  # latest release from previous branch
 previous_release_dir = '2015.5'  # path on web server for previous branch
 build_type = 'latest'  # latest, previous, develop, inactive

doc/topics/installation/rhel.rst

@@ -84,8 +84,8 @@ To install using the SaltStack repository:
    - ``yum install salt-cloud``
 
 .. note::
-    EPEL support is not required when installing using the SaltStack repository
-    on Red Hat 6 and 7. EPEL must be enabled when installing on Red Hat 5.
+    As of 2015.8.4, EPEL support is no longer required when installing on Red Hat 5. (EPEL
+    support was previously required on Red Hat 5, but not on Red Hat 6 or 7).
 
 Post-installation tasks
 =======================

doc/topics/releases/2015.8.4.rst

@@ -2,6 +2,15 @@
 Salt 2015.8.4 Release Notes
 ===========================
 
+Security Fix
+============
+
+CVE-2016-1866: Improper handling of clear messages on the minion, which could result in executing commands not sent by the master.
+
+This issue affects only the 2015.8.x releases of Salt. In order for an attacker to use this attack vector, they would have to execute a successful attack on an existing TCP connection between minion and master on the pub port. It does not allow an external attacker to obtain the shared secret or decrypt any encrypted traffic between minion and master.
+
+We recommend everyone upgrade to 2015.8.4 as soon as possible.
+
 Core Changes
 ============