saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge 3005.x into 3006.x

Browse source
This commit is contained in:
Pedro Algarvio 2024-01-31 18:01:15 +00:00
commit 297e2003b1
No known key found for this signature in database
GPG key ID: BB36BF6584A298FF
2 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
CHANGELOG.md
View file

@ -8,6 +8,21 @@ Versions are `MAJOR.PATCH`.
# Changelog
## 3006.5 (2023-12-12)
Salt 3005.5 (2024-01-19)
========================
Security
--------
- Fix CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master.
- Fix CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
These vulnerablities were discovered and reported by:
Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) (#565)
Salt v3005.4 (2023-10-16)
=========================
### Removed

16
doc/topics/releases/3005.5.rst Normal file
View file

@ -0,0 +1,16 @@
.. _release-3005-5:
=========================
Salt 3005.5 Release Notes
=========================
Version 3005.5 is a CVE security fix release for :ref:`3005 <release-3005>`.
Security
--------
- Fix CVE-2024-22231 by preventing directory traversal when creating syndic cache directory on the master.
- Fix CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
These vulnerablities were discovered and reported by:
Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) (#565)