Salt

Latest version: v3007.1

Safety actively analyzes 683322 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 8 of 10

3001.3

Not secure
Fixed

- Properly validate eauth credentials and tokens along with their ACLs.
Prior to this change eauth was not properly validated when calling
Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user
to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)

3001.2

Not secure
Fixed

- Prevent shell injections in netapi ssh client (cve-2020-16846)
- Prevent creating world readable private keys with the tls execution module. (cve-2020-17490)

3001.1

Not secure
Changed

- Change the ``enable_fqdns_grains`` setting to default to ``False`` on Windows
to address some issues with slowness. (56296, 57529)
- Handle the UCRT libraries the same way they are handled in the Python 3
installer (57594)
- Changes the 'SSDs' grain name to 'ssds' as all grains needs to be
resolved in lowered case. (57612)
- Updated requirement to psutil 5.6.7 due to vulnerability in psutil 5.6.6. (58018)
- Updated requirement to PyYAML 5.3.1 due to vulnerability in PyYAML 5.2.1. (58019)


Fixed

- When running scheduled jobs from a proxy minion with multiprocessing turned off (default) a recursive error occurs as __pub_fun_args is repeated over and over again in the kwargs element in the data dictionary. Now we make a copy of data['kwargs'] instead of using a reference. (57941)
- The `x509.certificate_managed` state no longer triggers a change because of sorting issues if the certificate being evaluated was previously generated under Python 2. (56556)
- Added support to lo ip alias in network.managed state by checking if lo inet data
from network.interfaces contains label with the name of managed interface.
Return status True if match found. (56901)
- Redact passwords in the return when setting credentials using
``win_iis.container_setting`` (57285)
- Fixes issue with cmd.powershell. Some powershell commands do not return
anything in stdout. This causes the JSON parser to fail because an empty string
is not valid JSON. This changes an empty string to `{}` which is valid JSON and
will not cause the JSON loader to stacktrace. (57493)
- Improves performance. Profiling `test.ping` on Windows shows that 13 of 17
seconds are wasted when the esxi grain loads vsphere before noting that
the OS is not a esxi host. (57529)
- Fixed permissions issue with certain pip/virtualenv states/modules when configured for non-root user. (57550)
- Allow running nox sessions either using our `nox-py2 fork <https://github.com/s0undt3ch/nox/tree/hotfix/py2-release>`_ or upstream `nox <https://github.com/theacodes/nox>`_. (#57583)
- Fixes issue with lgpo.get when there are unicode characters in the hostname (57591)
- Fixes issue with virtual block devices, like loopbacks and LVMs, wrongly
populating the "disks" or "ssds" grains. (57612)
- Due to some optimization the `virtual` grain was never updated on illumos. Move the fallback in prtdiag output parsing outside the loop that now gets skipped due to the command exiting non-zero. (57714)
- Grains module delkey and delval methods now support the force option. This is
needed for deleting grains with complex (nested) values. (57718)
- Moving import salt.modules.vsphere into `__virtual__` so we have access to test proxytype in opts,
previously this was causing a traceback when run on proxy minion as `__opts__` does not exist
outside of any functions. Introducing a new utils function, is_proxytype, to check that the
device is a proxy minion and also that the proxy type matches. (57743)
- Fixed fail_with_changes in the test state to use the comment argument when passed. (57766)
- Adds a fix so salt can run on the latest macOS version Big Sur. (57787)
- Fixes UnpackValueError when using GPG cache by using atomic open. (57798)
- The ``gid_from_name`` argument was removed from the ``user.present`` state in
version 3001, with no deprecation path. It has been restored and put on a
proper deprecation path. (57843)
- Fixes dictionary being changed during iteration. (57845)
- Fixed bug with distro version breaking osrelease on Centos 7. (57781)
- Fixed macOS build scripts. (57973)
- Fixed Salt-API startup failure. (57975)
- Fixed CSR handling in x509 module (54867)
- Re-allow x509 to manage a certificate based on a CSR


Added
-----

- Added docs demonstrating how to apply an MSI patch with winrepo (32780)


Salt 3001 (2020-06-17)

Removed

- Removed long-deprecated `repo` option from pip state. (51060)
- Removed noisy debug logging from config.get. (54205)
- Removed needless dbus warnings from snapper module. (56286)
- Removed obsolete MSI functionality from version tools. (56352)
- Removed deprecated virt functionality. (56514)
- Dropped requirement for enum34 dependency. (57108)
- On macOS pkg.installed (using brew) no longer swaps `caskroom/cask/` for `homebrew/cask/` when using outdated package names. (57361)
- napalm_network.load_template module - removed deprecated arguments
template_user, template_attrs, template_group, template_mode, and native NAPALM
template support. Use Salt's rendering pipeline instead. (57362)
- selinux.fcontext_add_or_delete_policy module removed - use selinux.fcontext_add_policy or selinux.fcontext_delete_pollicy instead. (57363)
- Deprecated `refresh_db` removed from pkgrepo state. Use `refresh` instead. (57366)
- Deprecated internal functions salt.utils.locales.sdecode and .sdecode_if_string removed. Use salt.utils.data.decode instead. (57367)
- Removed deprecated misc. internal Salt functions. See https://github.com/saltstack/salt/issues/57368 for more info. (#57368)
- Remove salt/utils/vt.py duplication from filename map. (57004)


Changed

- `file.rename` no longer returns False when `force:False`. (49843)
- Brought localclient command line args functionality into line with regular `salt` calls. (56853)
- Updated requisites documentation. (49962)
- Changed eauth "not enabled" log message level from debug to warning. (50946)
- (52546)
- Refactored x509.certificate_managed to be easier to use. (52935)
- Don't log error when running "alternatives --display" on nonexistant target (53911)
- Improved logging for user auth issues. (53990)
- No longer emit extra logs when checking `alternatives.display` and `.check_exists`. (53991)
- Use lazy loading to get SLS data from master - significantly improves `state.apply` times when using gitfs with many branches. (54468)
- Changed Salt icon for Windows. (56194)
- Update `libnacl` to 1.7.1 (56350)
- Now require pycryptodomex for crypto on all platforms. (56625)
- Updated to sphinx 3.0.1 when building docs. (56671)
- Now `__salt__` is automatically refreshed when a package is `pip` installed, allowing pip installing a dependency and using that dependency in the same state run. (56867)
- Use pygit2>=1.2.0 for Python>=3.8. (56905)
- Now provides a more meaningful error for `win_groupadd` for unmapped accounts. (56921)
- Significantly improve call times by only checking one frame in `depends`. (57062)
- Salt scripts shebang now specifies `python3`. (57083)
- Upgraded dependency to use boto3>=1.13.5. (57161)
- Changed to consistent file location handling across APIs for Juniper network devices. (57399)
- Use Python's hashlib (sha256) instead of shelling out (SipHash24) to generate server_id. (57415)
- Update `formulas.rst` with new IRC channel and links to IRC logs (51628)


Fixed

- `pkgrepo.managed` now checks for a changed `key_url`. (4438)
- Allow passing extra args to `file.rename`. (29001)
- Fixed issue with overeager recursion detection. (37646)
- Correctly set DNS search domain in VMware virtual machine. (37709)
- Fixed trim_output logic in archive.extracted state (40491)
- Updated documentation on `service` state. (40819)
- Changed error message on `postgres_database.absent` to report correct error when database is in use. (42833)
- Fixed issue in `sysctl` when kernel parameters were adjusted via grub. (45195)
- Added termination protection option to salt-cloud ec2. (45496)
- Refactored `debian_ip` module. (46388)
- Log error when reactor tasks go to a full queue instead of silently fail. (46431)
- Fixed issue with failure on comments in MySQL files. (47488)
- Properly handle multibyte characters that span blocks of data. (48473)
- Fixed failure in `user.present` when `gid_from_name` is True. Argument was removed and replaced by the `usergroup` argument. (48640)
- Properly obtain hostname (48906)
- Fixed `nilrt_ip` disabled function. (48971)
- Fixed static configuration in nilrt_ip module. (48990)
- Added missing ARPCHECK option to rh7_eth template. (49074)
- Fixed to use the correct LetsEncrypt path on FreeBSD. (49129)
- Updated docs for netapi logs - log.access_file and log.error_file. (49247)
- Retry proxmox queries instead of failing immediately. (49485)
- Fixed AMD GPU vendor detection. (56837)
- Fixed `aptpkg.normalize_name` to respect architecture. (49637)
- Add error message for proxmox failures. (49562)
- Fixed nilrt_ip.enable/disable idempotency. (56795)
- Fixed issue with file.line doing a partial comparison to determine replacement need, instead compare actual content of lines. (49855)
- Return actual error message to user or hex code for `win_task.create_task_from_xml`. (49981)
- Use minion name as ssh_host for saltify cloud provider. (50135)
- Fixed misconfiguration of syndic. (50139)
- Re-added `onfail_all`, fixed onfail always triggering with other reqs, and onfail and onchanges not working when both present. (50264)
- Fixed broken scaleway cloud module. (50334)
- Fixed issue not cleaning up schedule and beacons. (50505)
- Fixed opkg install/remove to return potential changes, rather than always an empty dictionary. (50516)
- Fixed `pycrypto.gen_hash` to use strongest available `algorithm` by default. (50544)
- Fixed error leaving an empty first line on `.ini` file edits. (50614)
- Fixes error in tcp transport publish port default value. (50646)
- Changed internal functionality for deprecated Python `inspect.formatargspec`. (50911)
- Allows clone_from setting in proxmox salt-cloud to be able to be an integer. (51001)
- Stopped reading Windows registry value that might not be there. (51095)
- Fixed complaint about unused variables. (51196)
- salt-ssh no longer ignores pillar argument on `state.sls_id`. (51353)
- Stop treating MSI as a hard dependency. (51470)
- Fixed error handling for route53 to ignore `SignatureDoesNotMatch` errors (which cannot be retried). (51572)
- Fixed `extract_hash` to use the correct value. (51670)
- Fixed hard failure if `chocolately.installed` is for a non-existent package. (51700)
- `fail_with` and `succeed_with` now correctly use `comment` argument. (51821)
- Updated `is_enabled` to allow optional arguments. (51823)
- Fixed issue producing an error trying to resolve the unresolvable Capability SIDs. (51868)
- Additional fixes for using cron state with non-root Minion (51872)
- Fixed proxy module for Windows by using `__utils__` instead of `__salt__` for code that accesses the registry. (52013)
- Added support for parsing Gluster cli banner. (52318)
- Fixed failure to require `target` argument in git states. (52364)
- Fixed issue failing hard on uninstalled win updates. (52387)
- Fixed issue with `artifactory` not correctly evaluating `has_classifier` first. (52517)
- Fixed compound matches with nodegroups. (52678)
- Removed some noisy logging that have a tendency to fill up the logs on larger installations. (52763)
- Use `__utils__` for all registry calls. (52992)
- Added syndic log rotation to RPM. (53040)
- Use correct output in `zpool.present` when `test=true`. (53145)
- Fix s3fs cache byte/str mismatch (53244)
- Fixed `win_system` module to skip unavailable system info. (53287)
- Ignore invalid product_name files. (53326)
- Fixed error with `pkg.list_pkgs` to explicitly set `utf-8` encoding when writing, to match when reading. (53340)
- Fixed issue with encoding/decoding on circular references, discovered with iptables when `state_aggregate` was enabled. (53353)
- No longer fail when `blkid -o export` does not provide `TYPE` output. (53447)
- Fixed `guesseed` -> `guessed` typo in `archive` state. (53480)
- Fixed error with incorrect import statement masking real import error. (53508)
- Added some error handling around missing results from external returners. (53517)
- Changed to match repo paramter against repo name on `salt-run git_pillar.update`, so remote name can be used instead of full remote URL. (56605)
- Changed returner function error message to be useful/less misleading. (53628)
- Fixed `utils.user` to use correct `chugid` and `umask`. (53681)
- Fixed SmartOS grains under Python 3. (53740)
- Fixed error when trying to delete more than one key using `ini.options_absent`. (53874)
- Fixed error with cmd.run when run in a chroot environment. (53992)
- Fixed Zabbix configuration.import to use the correct values for the API version. (54020)
- Fixed salt key management with eauth. (54078)
- Fixed broken sdb.get_or_set_hash when using Hashicorp's Vault. (54199)
- Fixed `mac_softwareupdate.list_available` for Catalina. (54220)
- Fixed bug blocking `user.present` `createhome` on macOS. (54288)
- Fixed `postfix.show_queue` issue where queue_id, size, timestamp, sender, and recipient must exist before trying to append them. (54298)
- Fixed issue erroneously adding ssh_interface to DigitalOcean. (54373)
- Fixed issue not using correct package keys from group info on group install on yum. (54458)
- Fixed issue breaking state output on `test=true` with retry. (54501)
- Ignore absent filter.lfs in gitconfig. (54817)
- Changed to use Salt's CaseInsensitiveDict, so it can be msgpack serialized. (54899)
- Fixed trying to set too large a queue on AIX. (54912)
- Fixed issue when Vultr API returns "not supported" as default password during VM setup. (54933)
- Fixed issue with Jinja renderer ignoring argline. (55124)
- Fixed osrelease grain for MS Hyper-V 2019 by providing a default year. (55212)
- Fixed napalm support in bgp and net runners. (55222)
- Fixed Indefinitely code in win_task. (55273)
- Fixed `file.replace` idempotency. (55297)
- Fix incorrectly reported fileserver changes. (55304)
- Fixed XML RPC-REPLy error in Junos by passing `huge_tree`. (55318)
- Fixed error trying to treat binary files as text when doing spm install under Python 3. (55330)
- Correctly determine if Debian repo should be skipped. (55402)
- Set a hard dependency on `distro` module, for Python 3.8. (55410)
- Fixed `config_data` parameter when compiling DSC via `win_dsc` module. (55425)
- Fixed Solaris virtual grain to return better info instead of always LDOM. (55444)
- Documentation on syncing custom modules slightly inaccurate and missing info on sync to master (55514)
- Fixed crashes in ansiblegate on Python 3 minions. (55585)
- Fixed traceback on `http.query` when errors with the URL. (55586)
- Fixed failure to cache gpg data when `gpg_cache=True`. (55772)
- Added `__prerequired__` to the state runtime keywords filter, to prevent failures on `file.replace`. (55775)
- Fixed several Junos-related issues. (55824)
- Fixed Vault KV version 2 support. (55842)
- Removed remaning `pchanges` occurrences from state modules. (55934)
- Fixed issues in Slack webhook returner. (55968)
- Fixed onlyif/unless requisites being ignored in some cases. (55974)
- Fixed `skip_files_list_verify` when `keep_source=False` in `archive.extracted` state. (55975)
- Fixed `seed.apply` not waiting for the disk to be free. (56002)
- Fixed issue that ignored `trim_output` argument intermittently. (56041)
- Fixed `shadow.set_password` failing to set password when user isn't in `/etc/shadow`. (56044)
- Fixed failure in `user` state when moving the user's default group into the `groups` arg. (56061)
- Fixed issue incorrectly parsing YAML on command line. (56067)
- Fixed Azure VM creation when using Python3. (56091)
- Reverted `slspath` changes that broke a lot of states without proper deprecation. (56119)
- Lack of FQDN for host no longer blocks master startup. (56179)
- Pillar data is correctly included from `init.sls` file. (56186)
- Fixed `check_password` for newer RabbitMQ versions. (56193)
- Fixed timeout parameter not being passed to cmd_subset and cmd_batch, and misnamed (sub -> subset) parameter. (56203)
- Added support for virtualenv>=20.0.0 `--version` strings. (56205)
- No longer ignore slots on states when `parallel: true`. (56221)
- Fix deprecation warnings for imports from collections. (56225)
- Fixed Napalm beacons failing under Python 3. (56243)
- Fixed failure in tomcat module. (56269)
- Added salt-api log file to log rotation to prevent filling up the disk. (56274)
- Fixed issue using undocumented abbreviation on zypper - now uses the full option. (56278)
- Fixed issue parsing new `restorecon` output. (56287)
- Fixed failure for returner only working via cli and not LocalClient. (56322)
- Fixed version issues with empty minor string. (56358)
- Upgraded psutil dependency to 5.6.6 due to CVE-2019-18874. (56363)
- Fixed vendored tornado to use `salt.ext.backports_abc`. (56369)
- Fixed x509 module incorrectly writing error messages as the cert. (56372)
- Fixed error doing a `pip install salt` on Windows. (56376)
- Fixed AzureRM `create_object_model` util. (56379)
- Fixed issue `toxml` error in `virt.cpu_baseline`. (56383)
- Fixed issue with exeption being raised on `virt._get_domain` when there's no VM. (56392)
- Fixed crash in `aptpkg` on long description strings. (56396)
- Fixed keyword mismatch with `cassandra_cql` and `cassandra_cql_return`. (56328)
- Now uses the correct zero value for LockoutDuration in `win_lgpo`. (56406)
- Fixed issue reporting incorrect Salt version. (56415)
- Corrected documentation for `docker_image.load`. (56420)
- Fixed `defaults.merge` documentation. (56432)
- Fixed error always reporting changes with custom index-url for pip. (56433)
- Matching int keys within nested dictionaries now works. (56444)
- Fixed failure to support annotated tags when using pygit2. (56451)
- Better handle virt.pool_rebuild in virt.pool_running and virt.pool_defined states (56454)
- Fixed gitpython Windows requirements. (56455)
- Added `grains_cache_expiration` to minion conf documentation. (56458)
- Fixed incorrect handling of `renew=force` by `acme.cert` function. (56462)
- Fixed issue with incorrect msgpack version string check. (56463)
- Fixed infinite recursion in `pkg.group_info`. (56476)
- Fixed failure to sanitize grains for salt-ssh executions. (56491)
- Relax version requirements for pdbedit, also handle Debian branding in the version string. (56553)
- Fixed indentation error on `cmd.run` orchestration output. (56554)
- Fixed issue with getting incorrect SELinux context. (56557)
- Fixed bug updating boot parameters with `virt`. (56562)
- Correctly handle `pymysql.err.InternalError` in `mysql` module. (56570)
- Fixed `panos` commit example in docs. (56581)
- Fixed issue with `salt.utils.functools.call_functions` not checking for expected arguments. (56584)
- Fixed a broken statement when using arbitrary `kwargs` in mine.value. (56593)
- Fixed support for booting VMs with UEFI on virt. (56613)
- Fixed postgres.db_remove() execution function if db is still in use. (56631)
- Updated old redirects and http->https fixes in docs. (56655)
- Renamed `salt/utils/docker/` to `salt/utils/dockermod/` to avoid clashes with the `docker` package from pypi. (56669)
- Changed behavior to implicitly ignore package epochs and just use the latest one. (56681)
- Avoid throwing exception for missing security group in boto under test mode. (56695)
- Fix some function prompts in myssql module. (56719)
- Add appropriate comment for `svn export` state. (56757)
- Updated default master config file and updated the docs (56053)
- Workaround upstream bug in jinja2 indent filter. (56833)
- Fixed issue when raid.destroy is called but zero-superblock is not executed (56838)
- Allow correct failure information to show up when calling `win_interfaces` (56844)
- Add a note about service.running (56846)
- Updated Windows installer scripts to use Python 3.7.4. (56873)
- Nullsoft Salt Install now uninstalls MSI installed salt. (56883)
- Fallback to ASCII sorting when pillar keys are integers. (56909)
- Fixed `hwaddr` and `macaddr` not being added to RedHat network config, even if they were provided. (56910)
- Fixed literal comparisons. (56931)
- Fixed `win_system` `rawunicodeescape` errors. (56940)
- Fixed `ps.top` failures with newer `psutil` library. (56942)
- Provides better stacktrace in `win_pkg` return. (56955)
- Fixed `reg.present` to respect `(Default)` REG_SZ value of an empty string. (56959)
- OpenStack driver can now attach to multiple networks, also now respects provided `conn`. (56960)
- Fixed literal comparsion in `user` state. (56972)
- Additional fixes for using cron state with non-root Minion (56973)
- Added ARPCHECK to the template for RHEL8 networking. (57047)
- Fixed `aptpkg` to use `force-confnew` on it's own, and `force-confold` with `force-confdef`. (57051)
- Fixed acme.certs state to return /etc/letsencrypt/live subdirectories (57056)
- Fixed error with `fileserver.update` failing with `gitfs` backend was `git`, and `fileserver.clear_file_list_cache` not clearing gitfs cache when the backend was *not* `git`. (57063)
- Fixed LazyLoader crashing when using ssh client via salt-api. (57119)
- Publisher ACL doc fixes (48915)
- Fixed `acl.present` to properly detect changes for default ACLs and recursive folders. (57147)
- Fixed Minion/Minon typo in docs. (57181)
- Fix UnicodeDecodeError when apply file.managed with binary contents in test mode. (57184)
- Ensure errors are returned for missing pillars. (57208)
- Fix `ps.top` failures on macOS when iterating over zombie processes. (57216)
- Add vcredist_2013 (specifically msvcr120.dll) for OpenSSL/M2Crypto support on Windows. Fixes x509 module support. (57266)
- Fix systemd invocation on latest Linux Arch version. (57299)
- Updated rpm_lowpkg.version_cmp log messages and unit tests (57347)
- Added rotation for proxy logs. (57353)
- Fixed `win_system.join_domain` failures. (57360)
- Fixed `template_vars` functionality on Junos. (57388)
- Filter out aliases/duplicates from zypperpkg for <=SLE12SP4. (57392)
- Fix issue with finding the real python executable during tests (56686)
- Fix broken link regarding the 1024 character limit for YAML keys (56540)
- Fix grain.delkey grains.delval for nested keys (54819)


Added
-----

- Added support for list in `include_pat/exclude_pat` in `file.recurse`. (2747)
- Added `validate` to tls module. (7424)
- Pillar relative includes. (8875)
- Added silent recurse option to `file.directory` state. (44553)
- Added bhvye support to virt. (47619)
- Added `kernelparams` grain for Linux. (48501)
- Added `systempath` PATH grain. (49049)
- Added appoptics returner. (49066)
- Added ability to use the minion's region if specified. (49097)
- Added reactor tuning documentation. (49214)
- Added support for ipaddr/ipv6ipaddrs, loopback devices, dns_nameservers/dns_serach lists or strings, and multiple addresses per interface. (49355)
- Added slsutil.banner for creating managed by salt message in files, and `slsutil.boolstr` for converting Pillar bool values to appropriate string representation. (49396)
- Added `normalize_name` to `pkgin` module. (49469)
- Added ability to use regex pattern with `ps.pgrep`. (49565)
- Added `merge` option to `match.filter_by`. (49845)
- Added ability to disable requisites during state runs. (49955)
- Add a reactor "leader", especially useful for multimaster hot-hot environments. (50053)
- Added `method_call` Jinja filter to help reduce boilerplate. (50152)
- Added ability for async pillar refresh. (56881)
- Added `shutdown_host` to vmware cloud. (50177)
- Added `drbd.status` module. (50410)
- Added `file.keyvalue` state. (50627)
- Added JID lookup message in case minion times out. (50704)
- Niceness control options added to the master config, for POSIX platforms. (50905)
- Added `serial_type` to virt module. (50930)
- Added RPC process documentation. (50954)
- Added advanced initdb option support to `postgres_cluster.present`. (50998)
- Added support for GCE accellerators in Salt Cloud. (51033)
- Added `broadcast` address to `network.convert_cidr` return. (51521)
- Added options for gitfs and git_pillar fallback branch. (51971)
- Add `fat` as a valid `fs_type` for `parted` module. (52016)
- Added support for comments in the host state/module. (52185)
- Added offline bootstrap for Chocolatey. (52233)
- Added support for listing all active running jobs on the master. (52241)
- Added ability to get expected cache location. (52305)
- Added ability to pass a timeout value to beacons. (52314)
- Added support for `btrfs property` command. (52699)
- Added ability to get minion's network information. (53100)
- Added support for `not_before` and `not_after` for x509 certificates. (53148)
- Added support for extra modules that will be loaded before checking the rest of the path. (53167)
- Added initial execution module to kubeadm. (53345)
- Added firstboot function to `systemd_service`. (53381)
- Added ability to pass arbitrary kwargs to zypper pkg. (53693)
- Added options for multi-use tokens for vault. (54094)
- Added devinfo module to get hardware information. (54267)
- Adds versionlock plugin detection for yum/dnf. (54798)
- Improved nxos support. (54931)
- Added root and no_recommends parameters for Zypper and RPM. (54954)
- Added `token` parameter in `blkid`. (54964)
- Added `cron.get_entry`. (54985)
- Added support for newer monit versions. (55140)
- Added btrfs and xfs as valid fstypes for parted and mkfs. (55209)
- Added functionality for `cmd.run_all` to accept a list when using powershell. (55213)
- Added Azure Blob Storage as an optional external pillar. (55493)
- Added ability to turn off FQDNs grains with `enable_fqdns_grains: False`. (55581)
- Added `virt.*defined` states. (55814)
- Add towncrier tool to the Salt project to help manage CHANGELOG.md file. (55836)
- Added Pull Request requirements to documentation (55862)
- Add selinux support to file.managed (40703)
- Added hold and unhold support for `mac_brew_pkg`. (55978)
- States/modules added for managing Helm. (56081)
- Added parallel run support for saltcheck. (56097)
- Added multiple asserts against module output for saltcheck. (56101)
- Added `state.test` as an alias for `state.apply ... test=True`. (56298)
- Added default argumetn to `vault.read_secret` and `vault.list_secrets`. (56311)
- Added `fromrepo` to `pkg.upgrade` for `pkgng`. (56368)
- Added IP filtering by network. (56394)
- Added more information for `__virtual__` failures. (56395)
- Added logout functionality to docker. (56439)
- Added ability to fetch master public key from minion. (56449)
- Added `pending_reboot` grain for Windows systems. (56489)
- Added support for forcing refresh in zypper. (56519)
- Added `refresh_pillar` arg to `grains.setval`. (56573)
- Added new roster option `ssh_pre_flight`. (56488)
- Added ability to minions to read pillar files from local filesystem, and get commands from remote master. (56611)
- Added support for rendering toml states. (56615)
- Added `set_path` option for salt-ssh shim. (56627)
- Added `win_wua.installed` to check a list of updates that apply to the current Windows build. (56640)
- Added ability to compare package versions in Jinja templates. (56678)
- Add `auto_detect` feature for `ssh_ext_alternatives`. (56894)
- Add ability to display sys.doc style outputs but without actually loading the module. (56902)
- Added plist serializer. (56954)
- Added support for onedir/pop-build Salt in the `pip` module. (56988)
- Add support for disks volumes in virt.running state (57005)
- Add virt.all_capabilities helper function (57009)
- supervisord.status_bool method (57049)
- Added support for msgpack versions>=1.0 (57122)
- Added Python 2 deprecation FAQ (57273)
- Added support for of hashing rounds when using pycrypto. (57355)
- `fetchonly` parameter added for `pkg.upgrade` when using `pkgng` (FreeBSD). (57371)
- Added `efi` parameter to virt module, so `uefi` firmware can be auto selected. (57397)
- [56637](https://github.com/saltstack/salt/pull/56637) - Add ``win_wua.installed`` to the ``win_wua`` execution module
- Clarify how to get the master fingerprint (54699)

3000.9

Not secure
Fixed

- Allow "extra_filerefs" as sanitized kwargs for SSH client.
Fix regression on "cmd.run" when passing tuples as cmd. (59664)
- Allow all ssh kwargs as sanitized kwargs for SSH client. (59748)
- Fix argument injection bug in restartcheck.restartcheck. This change hardens
the fix for CVE-2020-28243.

3000.8

Not secure
Fixed

- Fix runners that broke when patching for CVE-2021-25281
- Fix issue with runners in SSE

3000.7

Not secure
Fixed

- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243)
- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
validates the SSL/TLS certificate by default. If you want to skip SSL verification
you can use `verify_ssl: False`. (CVE-2020-28972)
- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
module, bigip module, and keystone module validate SSL by default. If you want
to skip SSL verification you can use `verify_ssl: False`. (CVE-2020-35662)
- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
wheel_async client. (CVE-2021-25281)
- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
vulnerable to directory traversal. (CVE-2021-25282)
- CVE-2021-25283 - Fix the jinja render to protect against server side template
injection attacks. (CVE-2021-25283)
- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
and error. (CVE-2021-25284)
- CVE-2021-3144 - Fix eauth tokens can be used once after expiration. (CVE-2021-3144)
- CVE-2021-3148 - Fix a command injection in the Salt-API when using the Salt-SSH client. (CVE-2021-3148)
- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
by cli and netapi. (CVE-2021-3197)

Page 8 of 10

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.