# 1.11.4



* Bug #15653: CVE-2016-5390 - access to API host interfaces, parameters etc. are not restricted by view_hosts filters
* Bug #15527: api/v2/hosts is slow to load permissions for non-admins
* Bug #15570: PG Error in Trends
* Bug #15268: CVE-2016-4475 - API and UI org/locations actions not limited to user's associated orgs/locations
* Bug #15490: CVE-2016-4995 - view_hosts permissions/filters not checked for provisioning template previews
* Bug #15712: rabl 0.13.0 breaks ruby 2.0 support