(release-3006.2)=

Salt 3006.2 release notes

Changelog

Fixed

• In scenarios where PythonNet fails to load, Salt will now fall back to WMI for gathering grains information #64897

Security

• fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection #cve-2023-20897

• Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. #cve-2023-20898

• Upgrade to requests==2.31.0

  Due to:

  • https://github.com/advisories/GHSA-j8r2-6x86-q33q #64336

• Upgrade to cryptography==41.0.3(and therefor pyopenssl==23.2.0 due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)

  This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.

  Also resolves the following cryptography advisories:

  Due to:

  • https://github.com/advisories/GHSA-5cpq-8wj7-hf2v

  • https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

  • https://github.com/advisories/GHSA-w7pp-m8wf-vj6r

  There is no security upgrade available for Py3.5 #64595

• Bump to certifi==2023.07.22 due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 #64718

• Upgrade relenv to 0.13.2 and Python to 3.10.12

  Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 #64719