saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Provide security advisory for PyCrypto

Browse source 
PyCrypto is broken, but comes with most distros. PyCryptodome(x) or
M2Crypto are preferred.

Fixes #56080
This commit is contained in:
Wayne Werner 2020-02-07 20:45:04 -06:00
parent 81eb152643
commit 2711c04ca9
No known key found for this signature in database
GPG key ID: C36D3A8D5BEF0935
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.rst
View file

@ -34,6 +34,14 @@ documentation.
`<https://docs.saltstack.com/en/latest/>`_
Security Advisory
=================
For historical reasons, Salt requires PyCrypto as a "lowest common
denominator". However, `PyCrypto is unmaintained`_ and best practice is to
manually upgrade to use a more maintained library such as `PyCryptodome`_. See
`Issue #52674`_ and `Issue #54115`_ for more info
Engage SaltStack
================
@ -66,3 +74,7 @@ services`_ offerings.
.. _SaltStack education offerings: http://saltstack.com/training/
.. _SaltStack Certified Engineer (SSCE): http://saltstack.com/certification/
.. _SaltStack professional services: http://saltstack.com/services/
.. _PyCrypto is unmaintained: https://github.com/dlitz/pycrypto/issues/301#issue-551975699
.. _PyCryptodome: https://pypi.org/project/pycryptodome/
.. _Issue #52674: https://github.com/saltstack/salt/issues/52674
.. _Issue #54115: https://github.com/saltstack/salt/issues/54115

14
doc/topics/releases/3000.rst
View file

@ -4,6 +4,14 @@
Salt 3000 Release Notes - Codename Neon
=======================================
Security Advisory
=================
For historical reasons, Salt requires PyCrypto as a "lowest common
denominator". However, `PyCrypto is unmaintained`_ and best practice is to
manually upgrade to use a more maintained library such as `PyCryptodome`_. See
`Issue #52674`_ and `Issue #54115`_ for more info
New Versioning
==============
The neon release has removed the date versioning. Going forward we will
@ -801,3 +809,9 @@ salt.auth.Authorize Class Removal
- The salt.auth.Authorize Class inside of the `salt/auth/__init__.py` file has been removed and
the `any_auth` method inside of the file `salt/utils/minions.py`. These method and classes were
not being used inside of the salt code base.
.. _PyCrypto is unmaintained: https://github.com/dlitz/pycrypto/issues/301#issue-551975699
.. _PyCryptodome: https://pypi.org/project/pycryptodome/
.. _Issue #52674: https://github.com/saltstack/salt/issues/52674
.. _Issue #54115: https://github.com/saltstack/salt/issues/54115