Update docs 3002.3

2025-04-16 17:50:20 +00:00 · 2021-01-25 16:12:50 +00:00 · 2021-01-25 16:12:50 +00:00 · 58908b8f72
commit 58908b8f72
parent 039b7f3f57
4 changed files with 129 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,12 @@ Versions are `MAJOR.PATCH`.

 # Changelog

+Salt 3002.3 (2021-01-25)
+========================
+
+No significant changes.
+
+
 Salt 3002.2 (2020-11-16)
 ========================

--- a/doc/topics/releases/3000.7.rst
+++ b/doc/topics/releases/3000.7.rst
@ -0,0 +1,41 @@
+.. _release-3000-7:
+
+=========================
+Salt 3000.7 Release Notes
+=========================
+
+Version 3000.7 is a CVE fix release for :ref:`3000 <release-3000>`.
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module.
+
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`.
+
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`.
+
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the
+  Salt-SSH client.
+
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration
+
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client.
+
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal.
+
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks.
+
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error.
+
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi.
--- a/doc/topics/releases/3001.5.rst
+++ b/doc/topics/releases/3001.5.rst
@ -0,0 +1,41 @@
+.. _release-3001-5:
+
+=========================
+Salt 3001.5 Release Notes
+=========================
+
+Version 3001.5 is a CVE fix release for :ref:`3001 <release-3001>`.
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module.
+
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`.
+
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`.
+
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the
+  Salt-SSH client.
+
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration
+
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client.
+
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal.
+
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks.
+
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error.
+
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi.
--- a/doc/topics/releases/3002.3.rst
+++ b/doc/topics/releases/3002.3.rst
@ -0,0 +1,41 @@
+.. _release-3002-3:
+
+=========================
+Salt 3002.3 Release Notes
+=========================
+
+Version 3002.3 is a CVE fix release for :ref:`3002 <release-3002>`.
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module.
+
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`.
+
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`.
+
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the
+  Salt-SSH client.
+
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration
+
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client.
+
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal.
+
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks.
+
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error.
+
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi.