ContextQMD
Back to Salt

Salt 3001.8 (2021-08-20)

doc/topics/releases/3001.8.rst

2019.8629 B
Original Source

.. _release-3001-8:

======================== Salt 3001.8 (2021-08-20)

Version 3001.8 is a CVE security fix release for :ref:3001 <release-3001>.

Fixed

  • Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004)

Security

  • Fix the CVE-2021-31607 vulnerability Additionally, an audit and a tool was put in place, bandit, to address similar issues througout the code base, and prevent them. (CVE-2021-31607)
  • Ensure that sourced file is cached using its hash name (cve-2021-21996)