These release notes are for an old release of Salt. This release might contain known security and other issues that are fixed in the latest release.

Salt 3004.1 Release Notes¶

Version 3004.1 is a CVE security fix release for 3004.

Important notice about upgrading¶

Version 3004.1 is a security release. 3004.1 minions are not able to communicate with masters older than 3004.1. You must upgrade your masters before upgrading minions.

Minion authentication security¶

Authentication between masters and minions rely on public/private key encryption and message signing. To secure minion authentication before you must pre-seed the master's public key on minions. To pre-seed the minions' master key, place a copy of the master's public key in the minion's pki directory as minion_master.pub.

Security¶

Sign authentication replies to prevent MiTM (cve-2022-22935)
Prevent job and fileserver replays (cve-2022-22936)
Sign pillar data to prevent MiTM attacks. (cve-2202-22934)
Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413)
Fix denial of service in junos ifconfig output parsing.

Generated on October 23, 2024 at 09:06:04 UTC.

You are viewing docs built from a recent snapshot of the master branch. Switch to docs for the latest stable release, 3007.1.

saltproject.io