Add warning about python_shell changes to 2015.2.0 release notes

2025-04-17 10:10:20 +00:00 · 2015-05-05 15:54:50 -06:00 · 2015-05-05 15:54:50 -06:00 · 48e7b3ee4f
commit 48e7b3ee4f
parent a9777761d8
1 changed files with 22 additions and 0 deletions
--- a/doc/topics/releases/2015.2.0.rst
+++ b/doc/topics/releases/2015.2.0.rst
@ -11,6 +11,28 @@ As usual the release notes are not exhaustive and primarily include the most
 notable additions and improvements. Hundreds of bugs have been fixed and many
 modules have been substantially updated and added.

+.. warning::
+
+    In order to fix potential shell injection vulnerabilities in salt modules,
+    a change has been made to the various ``cmd`` module functions. These
+    functions now default to ``python_shell=False``, which means that the
+    commands will not be sent to an actual shell.
+
+    The largest side effect of this change is that "shellisms", such as pipes,
+    will not work by default. The modules shipped with salt have been audited
+    to fix any issues that might have arisen from this change.  Additionally,
+    the ``cmd`` state module has been unaffected, and use of ``cmd.run`` in
+    jinja is also unaffected.
+
+    However, custom execution modules which use shellisms in ``cmd`` calls
+    will break, unless you pass ``python_shell=True`` to these calls.
+
+    As a temporary workaround, you can set ``cmd_safe: False`` in your minion
+    and master configs. This will revert the default, but is also less secure,
+    as it will allow shell injection vulnerabilities to be written in custom
+    code. We recommend you only set this setting for as long as it takes to
+    resolve these issues in your custom code, then remove the override.
+
 Beacons
 =======