Safety vulnerability ID: 71143
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Salt version 3006.8 upgrades its cryptography dependency to version 42.0.5 to address several security issues, including CVE-2024-0727.
Latest version: 3007.1
Portable, distributed, remote execution and configuration management system
Removed
- Removed deprecated code scheduled to be removed on 2024-01-01:
* ``TemporaryLoggingHandler`` and ``QueueHandler`` in ``salt/_logging/handlers.py``
* All of the ``salt/log`` package.
* The ``salt/modules/cassandra_mod.py`` module.
* The ``salt/returners/cassandra_return.py`` returner.
* The ``salt/returners/django_return.py`` returner. [66147](https://github.com/saltstack/salt/issues/66147)
Deprecated
- Drop Fedora 37 and Fedora 38 support [65860](https://github.com/saltstack/salt/issues/65860)
- Drop CentOS Stream 8 and 9 from CI/CD [66104](https://github.com/saltstack/salt/issues/66104)
- Drop Photon OS 3 support [66105](https://github.com/saltstack/salt/issues/66105)
- The ``salt.utils.psutil_compat`` module has been deprecated and will be removed in Salt 3008. Please use the ``psutil`` module directly. [66139](https://github.com/saltstack/salt/issues/66139)
Fixed
- ``user.add`` on Windows now allows you to add user names that contain all
numeric characters [53363](https://github.com/saltstack/salt/issues/53363)
- Fix an issue with the win_system module detecting established connections on
non-Windows systems. Uses psutils instead of parsing the return of netstat [60508](https://github.com/saltstack/salt/issues/60508)
- pkg.refresh_db on Windows now honors saltenv [61807](https://github.com/saltstack/salt/issues/61807)
- Fixed an issue with adding new machine policies and applying those same
policies in the same state by adding a ``refresh_cache`` option to the
``lgpo.set`` state. [62734](https://github.com/saltstack/salt/issues/62734)
- file.managed correctly handles file path with '' [63060](https://github.com/saltstack/salt/issues/63060)
- Fix master ip detection when DNS records change [63654](https://github.com/saltstack/salt/issues/63654)
- Fix user and group management on Windows to handle the Everyone group [63667](https://github.com/saltstack/salt/issues/63667)
- Fixes an issue in pkg.refresh_db on Windows where new package definition
files were not being picked up on the first run [63848](https://github.com/saltstack/salt/issues/63848)
- Display a proper error when pki commands fail in the win_pki module [64933](https://github.com/saltstack/salt/issues/64933)
- Prevent full system upgrade on single package install for Arch Linux [65200](https://github.com/saltstack/salt/issues/65200)
- When using s3fs, if files are deleted from the bucket, they were not deleted in
the master or minion local cache, which could lead to unexpected file copies or
even state applications. This change makes the local cache consistent with the
remote bucket by deleting files locally that are deleted from the bucket.
**NOTE** this could lead to **breakage** on your affected systems if it was
inadvertently depending on previously deleted files. [65611](https://github.com/saltstack/salt/issues/65611)
- Fixed an issue with file.directory state where paths would be modified in test
mode if backupname is used. [66049](https://github.com/saltstack/salt/issues/66049)
- Execution modules have access to regular fileclient durring pillar rendering. [66124](https://github.com/saltstack/salt/issues/66124)
- Fixed a issue with server channel where a minion's public key
would be rejected if it contained a final newline character. [66126](https://github.com/saltstack/salt/issues/66126)
- Fix content type backwards compatablity with http proxy post requests in the http utils module. [66127](https://github.com/saltstack/salt/issues/66127)
- Fix systemctl with "try-restart" instead of "retry-restart" within the RPM spec, properly restarting upgraded services [66143](https://github.com/saltstack/salt/issues/66143)
- Auto discovery of ssh, scp and ssh-keygen binaries. [66205](https://github.com/saltstack/salt/issues/66205)
- Add leading slash to salt helper file paths as per dh_links requirement [66280](https://github.com/saltstack/salt/issues/66280)
- Fixed x509.certificate_managed - ca_server did not return a certificate [66284](https://github.com/saltstack/salt/issues/66284)
- removed log line that did nothing. [66289](https://github.com/saltstack/salt/issues/66289)
- Chocolatey: Make sure the return dictionary from ``chocolatey.version``
contains lowercase keys [66290](https://github.com/saltstack/salt/issues/66290)
- fix cacheing inline pillar, by not rendering inline pillar during cache save function. [66292](https://github.com/saltstack/salt/issues/66292)
- The file module correctly perserves file permissions on link target. [66400](https://github.com/saltstack/salt/issues/66400)
- Upgrade relenv to 0.16.0 and python to 3.10.14 [66402](https://github.com/saltstack/salt/issues/66402)
- backport the fix from 66164 to fix 65703. use OrderedDict to fix bad indexing. [66705](https://github.com/saltstack/salt/issues/66705)
Added
- Add Fedora 39 support [65859](https://github.com/saltstack/salt/issues/65859)
Security
- Upgrade to `cryptography==42.0.5` due to a few security issues:
* https://github.com/advisories/GHSA-9v9h-cgj8-h64p
* https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
* https://github.com/advisories/GHSA-6vqw-3v5j-54x4 [#66141](https://github.com/saltstack/salt/issues/66141)
- Bump to `idna==3.7` due to https://github.com/advisories/GHSA-jjg7-2v4v-x38h [#66377](https://github.com/saltstack/salt/issues/66377)
- Bump to `aiohttp==3.9.4` due to https://github.com/advisories/GHSA-7gpw-8wmc-pm8g [#66411](https://github.com/saltstack/salt/issues/66411)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application