Skip to content

Commit

Permalink
Update 3000.6 release
Browse files Browse the repository at this point in the history
  • Loading branch information
@dwoz
Frode Gundersen authored and dwoz committed Dec 1, 2020
1 parent 6cab366 commit c777858
Showing 1 changed file with 4 additions and 7 deletions.
11 changes: 4 additions & 7 deletions doc/topics/releases/3000.6.rst
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,12 @@
.. _release-3000-5:
.. _release-3000-6:

===========================
Salt 3000.5 Release Notes
Salt 3000.6 Release Notes
===========================

Version 3000.5 is a CVE fix release for :ref:`3000 <release-3000>`.
Version 3000.6 is a bugfix release for :ref:`3000 <release-3000>`.

Fixed
-----

- CVE-2020-16804 - Properly validate eauth credentials and tokens along with
their ACLs. Prior to this change eauth was not properly validated when calling
Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user
to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)
- Fixes salt-ssh authentication when using tty (#58922)

0 comments on commit c777858

Please sign in to comment.