saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updated release notes with additional CVE information

Browse source
This commit is contained in:
Jacob Hammons 2015-10-16 10:18:42 -06:00
parent 16c0272849
commit 05927bb6f0
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/topics/releases/2015.5.6.rst
View file

@ -13,6 +13,10 @@ CVE-2015-6941 - ``win_useradd`` module and ``salt-cloud`` display passwords in d
Updated the ``win_useradd`` module return data to no longer include the password of the newly created user. The password is now replaced with the string ``XXX-REDACTED-XXX``.
Updated the Salt Cloud debug output to no longer display ``win_password`` and ``sudo_password`` authentication credentials.
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with ``REDACTED`` in the debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
Changes for v2015.5.5..v2015.5.6
--------------------------------