saltstack/salt

mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00

Salt Project Packaging b1fa82b9a8

Release v3006.6

2024-01-26 12:06:14 +00:00

1.4 KiB

Raw Blame History

(release-3006.6)=

Salt 3006.6 release notes

Changelog

Changed

Salt no longer time bombs user installations on code using salt.utils.versions.warn_until_date #665924

Fixed

Fix un-closed transport in tornado netapi #65759

Security

CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method. These vulerablities were discovered and reported by: Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) #565
Update some requirements which had some security issues:
- Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
- Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
- Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 #65830