Release v3006.6

CHANGELOG.md

@@ -7,6 +7,32 @@ Versions are `MAJOR.PATCH`.
 
 # Changelog
 
+## 3006.6 (2024-01-26)
+
+
+### Changed
+
+- Salt no longer time bombs user installations on code using `salt.utils.versions.warn_until_date` [#665924](https://github.com/saltstack/salt/issues/665924)
+
+
+### Fixed
+
+- Fix un-closed transport in tornado netapi [#65759](https://github.com/saltstack/salt/issues/65759)
+
+
+### Security
+
+- CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master
+  CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
+  These vulerablities were discovered and reported by:
+  Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) [#565](https://github.com/saltstack/salt/issues/565)
+- Update some requirements which had some security issues:
+
+  * Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
+  * Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
+  * Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 [#65830](https://github.com/saltstack/salt/issues/65830)
+
+
 ## 3006.5 (2023-12-12)
 
 

changelog/565.security.md

@@ -1,4 +0,0 @@
-CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master
-CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
-These vulerablities were discovered and reported by:
-Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab)

changelog/65759.fixed.md

@@ -1 +0,0 @@
-Fix un-closed transport in tornado netapi

changelog/65830.security.md

@@ -1,5 +0,0 @@
-Update some requirements which had some security issues:
-
-* Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
-* Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
-* Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95

changelog/665924.changed.md

@@ -1 +0,0 @@
-Salt no longer time bombs user installations on code using `salt.utils.versions.warn_until_date`

doc/man/salt-api.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-API" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-API" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .sp
@@ -109,6 +109,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-call.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CALL" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-CALL" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .SH SYNOPSIS
@@ -262,6 +262,6 @@ output. Set to True or False. Default: none.
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-cloud.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CLOUD" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-CLOUD" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .sp
@@ -380,6 +380,6 @@ salt\-cloud \-m /path/to/cloud.map \-Q
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-cp.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CP" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-CP" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .sp
@@ -207,6 +207,6 @@ New in version 2016.3.7,2016.11.6,2017.7.0.
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-key.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-KEY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-KEY" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .SH SYNOPSIS
@@ -332,6 +332,6 @@ Auto\-create a signing key\-pair if it does not yet exist
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-master.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MASTER" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-MASTER" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .sp
@@ -114,6 +114,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-minion.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MINION" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-MINION" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .sp
@@ -115,6 +115,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-proxy.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-PROXY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-PROXY" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .sp
@@ -123,6 +123,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-run.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-RUN" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-RUN" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .sp
@@ -120,6 +120,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-ssh.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SSH" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-SSH" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .SH SYNOPSIS
@@ -365,6 +365,6 @@ to a JSON parser, use \fB\-\-static\fP as well.
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt-syndic.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SYNDIC" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT-SYNDIC" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .sp
@@ -116,6 +116,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt \- salt
 .SH SYNOPSIS
@@ -354,6 +354,6 @@ to a JSON parser, use \fB\-\-static\fP as well.
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/salt.7

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "7" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SALT" "7" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .SH SALT PROJECT
@@ -85609,7 +85609,7 @@ built packages need to be placed in the correct locations.
 .INDENT 0.0
 .IP \(bu 2
 Place all salt packages for the applicable testing version in
-\fB<repo\-root>/pkg/artifacts/\fP\&.
+\fB<repo\-root>/artifacts/pkg/\fP\&.
 .IP \(bu 2
 The onedir must be located under \fB<repo\-root>/artifacts/\fP\&.
 .IP \(bu 2
@@ -85733,7 +85733,7 @@ artifact may look like \fBnox\-ubuntu\-20.04\-test\-pkgs\-onedir\-x86_64\fP\&.
 Place the artifacts in the correct location:
 .INDENT 3.0
 .INDENT 3.5
-Unzip the packages and place them in \fB<repo\-root>/pkg/artifacts/\fP\&.
+Unzip the packages and place them in \fB<repo\-root>/artifacts/pkg/\fP\&.
 .sp
 You must unzip and untar the onedir packages and place them in
 \fB<repo\-root>/artifacts/\fP\&. Windows onedir requires an additional unzip
@@ -116861,28 +116861,6 @@ salt \(aq*\(aq pkg.del_repo_key name=\(aqppa:foo/bar\(aq keyid_ppa=True
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.modules.aptpkg.expand_repo_def(**kwargs)
-Take a repository definition and expand it to the full pkg repository dict
-that can be used for comparison.  This is a helper function to make
-the Debian/Ubuntu apt sources sane for comparison in the pkgrepo states.
-.sp
-This is designed to be called from pkgrepo states and will have little use
-being called on the CLI.
-.sp
-CLI Examples:
-.INDENT 7.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-NOT USABLE IN THE CLI
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.UNINDENT
-.INDENT 0.0
-.TP
 .B salt.modules.aptpkg.file_dict(*packages, **kwargs)
 List the files that belong to a package, grouped by package. Not
 specifying any packages will return a list of _every_ file on the system\(aqs
@@ -194390,7 +194368,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.5\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
+.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.6\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .INDENT 7.0
@@ -457920,7 +457898,7 @@ installed2
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
+.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
 Install buildout in a specific directory
 .sp
 It is a thin wrapper to modules.buildout.buildout
@@ -478000,6 +477978,37 @@ Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHS
 .IP \(bu 2
 Bump to \fBcryptography==41.0.7\fP due to \fI\%https://github.com/advisories/GHSA\-jfhm\-5ghh\-2f97\fP \fI\%#65643\fP
 .UNINDENT
+(release\-3006.6)=
+.SS Salt 3006.6 release notes
+.SS Changelog
+.SS Changed
+.INDENT 0.0
+.IP \(bu 2
+Salt no longer time bombs user installations on code using \fBsalt.utils.versions.warn_until_date\fP \fI\%#665924\fP
+.UNINDENT
+.SS Fixed
+.INDENT 0.0
+.IP \(bu 2
+Fix un\-closed transport in tornado netapi \fI\%#65759\fP
+.UNINDENT
+.SS Security
+.INDENT 0.0
+.IP \(bu 2
+CVE\-2024\-22231 Prevent directory traversal when creating syndic cache directory on the master
+CVE\-2024\-22232 Prevent directory traversal attacks in the master\(aqs serve_file method.
+These vulerablities were discovered and reported by:
+Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) \fI\%#565\fP
+.IP \(bu 2
+Update some requirements which had some security issues:
+.INDENT 2.0
+.IP \(bu 2
+Bump to \fBpycryptodome==3.19.1\fP and \fBpycryptodomex==3.19.1\fP due to \fI\%https://github.com/advisories/GHSA\-j225\-cvw7\-qrx7\fP
+.IP \(bu 2
+Bump to \fBgitpython==3.1.41\fP due to \fI\%https://github.com/advisories/GHSA\-2mqj\-m65w\-jghx\fP
+.IP \(bu 2
+Bump to \fBjinja2==3.1.3\fP due to \fI\%https://github.com/advisories/GHSA\-h5c8\-rqwp\-cp95\fP \fI\%#65830\fP
+.UNINDENT
+.UNINDENT
 .sp
 See \fI\%Install a release candidate\fP
 for more information about installing an RC when one is available.
@@ -603011,6 +603020,6 @@ minions. \fISee also\fP:
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/man/spm.1

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SPM" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
+.TH "SPM" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .sp
@@ -138,6 +138,6 @@ in that directory which describes them.
 .SH AUTHOR
 Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
 .SH COPYRIGHT
-2023
+2024
 .\" Generated by docutils manpage writer.
 .

doc/topics/releases/3006.6.md

@@ -0,0 +1,41 @@
+(release-3006.6)=
+# Salt 3006.6 release notes
+
+<!---
+Do not edit this file. This is auto generated.
+Edit the templates in doc/topics/releases/templates/
+for a given release.
+-->
+
+
+<!--
+Add release specific details below
+-->
+
+<!--
+Do not edit the changelog below.
+This is auto generated.
+-->
+## Changelog
+
+### Changed
+
+- Salt no longer time bombs user installations on code using `salt.utils.versions.warn_until_date` [#665924](https://github.com/saltstack/salt/issues/665924)
+
+
+### Fixed
+
+- Fix un-closed transport in tornado netapi [#65759](https://github.com/saltstack/salt/issues/65759)
+
+
+### Security
+
+- CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master
+  CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
+  These vulerablities were discovered and reported by:
+  Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) [#565](https://github.com/saltstack/salt/issues/565)
+- Update some requirements which had some security issues:
+
+  * Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
+  * Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
+  * Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 [#65830](https://github.com/saltstack/salt/issues/65830)

doc/topics/releases/templates/3006.6.md.template

@@ -0,0 +1,14 @@
+(release-3006.6)=
+# Salt 3006.6 release notes{{ unreleased }}
+{{ warning }}
+
+<!--
+Add release specific details below
+-->
+
+<!--
+Do not edit the changelog below.
+This is auto generated.
+-->
+## Changelog
+{{ changelog }}

pkg/debian/changelog

@@ -1,3 +1,29 @@
+salt (3006.6) stable; urgency=medium
+
+
+  # Changed
+
+  * Salt no longer time bombs user installations on code using `salt.utils.versions.warn_until_date` [#665924](https://github.com/saltstack/salt/issues/665924)
+
+  # Fixed
+
+  * Fix un-closed transport in tornado netapi [#65759](https://github.com/saltstack/salt/issues/65759)
+
+  # Security
+
+  * CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master
+    CVE*2024-22232 Prevent directory traversal attacks in the master's serve_file method.
+    These vulerablities were discovered and reported by:
+    Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) [#565](https://github.com/saltstack/salt/issues/565)
+  * Update some requirements which had some security issues:
+
+    * Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA*j225-cvw7-qrx7
+    * Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA*2mqj-m65w-jghx
+    * Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA*h5c8-rqwp-cp95 [#65830](https://github.com/saltstack/salt/issues/65830)
+
+
+ -- Salt Project Packaging <saltproject-packaging@vmware.com>  Fri, 26 Jan 2024 11:56:46 +0000
+
 salt (3006.5) stable; urgency=medium
 
 

pkg/rpm/salt.spec

@@ -31,7 +31,7 @@
 %define fish_dir %{_datadir}/fish/vendor_functions.d
 
 Name:    salt
-Version: 3006.5
+Version: 3006.6
 Release: 0
 Summary: A parallel remote execution system
 Group:   System Environment/Daemons
@@ -583,6 +583,29 @@ fi
 
 
 %changelog
+* Fri Jan 26 2024 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.6
+
+# Changed
+
+- Salt no longer time bombs user installations on code using `salt.utils.versions.warn_until_date` [#665924](https://github.com/saltstack/salt/issues/665924)
+
+# Fixed
+
+- Fix un-closed transport in tornado netapi [#65759](https://github.com/saltstack/salt/issues/65759)
+
+# Security
+
+- CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master
+  CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
+  These vulerablities were discovered and reported by:
+  Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) [#565](https://github.com/saltstack/salt/issues/565)
+- Update some requirements which had some security issues:
+
+  * Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
+  * Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
+  * Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 [#65830](https://github.com/saltstack/salt/issues/65830)
+
+
 * Tue Dec 12 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.5
 
 # Removed