(release-3006.6)=

Salt 3006.6 release notes

<!--- Do not edit this file. This is auto generated. Edit the templates in doc/topics/releases/templates/ for a given release. --> <!-- Add release specific details below --> <!-- Do not edit the changelog below. This is auto generated. -->

Changelog

Changed

• Salt no longer time bombs user installations on code using salt.utils.versions.warn_until_date #665924

Fixed

• Fix un-closed transport in tornado netapi #65759

Security

• CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method. These vulerablities were discovered and reported by: Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) #565

• Update some requirements which had some security issues:

  • Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
  • Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
  • Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 #65830