These release notes are for an old release of Salt. This release might contain known security and other issues that are fixed in the latest release.

(release-3006.6)=

Salt 3006.6 release notes¶

Changelog¶

Changed¶

Salt no longer time bombs user installations on code using salt.utils.versions.warn_until_date #665924

Fixed¶

Fix un-closed transport in tornado netapi #65759

Security¶

CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method. These vulerablities were discovered and reported by: Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) #565
Update some requirements which had some security issues:
- Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
- Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
- Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 #65830

Generated on March 06, 2024 at 18:46:39 UTC.

You are viewing docs for the latest stable release, 3007.0. Switch to docs for the previous stable release, 3006.7, or to a recent doc build from the master branch.

saltproject.io