Salt 3002.7 (2021-08-20)

Version 3002.7 is a CVE security fix release for 3002.

Fixed

  • Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004)

Security

  • Fix the CVE-2021-31607 vulnerability Additionally, an audit and a tool was put in place, bandit, to address similar issues througout the code base, and prevent them. (CVE-2021-31607)

  • Ensure that sourced file is cached using its hash name (cve-2021-21996)