mirror of
https://github.com/saltstack/salt.git
synced 2025-04-17 02:00:20 +00:00
717 B
717 B
Salt 3005.4 Release Notes
Version 3005.4 is a CVE security fix release for 3005 <release-3005>.
Security
- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049)
- Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267)
- Bump to urllib3==1.26.17 or urllib3==2.0.6 due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334)
- Bump to gitpython==3.1.37 due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383)