Update docs 3001.5

saltstack · Jan 25, 2021 · d19b1da · d19b1da
1 parent 9a816c2
commit d19b1da
Show file tree

Hide file tree

Showing 13 changed files with 137 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,34 @@ Versions are `MAJOR.PATCH`.
 
 # Changelog
 
+Salt 3001.5 (2021-01-25)
+========================
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243)
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`. (CVE-2020-28972)
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want 
+  to skip SSL verification you can use `verify_ssl: False`. (CVE-2020-35662)
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client. (CVE-2021-25281)
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal. (CVE-2021-25282)
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks. (CVE-2021-25283)
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error. (CVE-2021-25284)
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration. (CVE-2021-3144)
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the Salt-SSH client. (CVE-2021-3148)
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi. (CVE-2021-3197)
+
+
 Salt 3001.4 (2020-12-01)
 ========================
 
@@ -454,6 +482,33 @@ Added
 - Added `efi` parameter to virt module, so `uefi` firmware can be auto selected. (#57397)
 - [#56637](https://github.com/saltstack/salt/pull/56637) - Add ``win_wua.installed`` to the ``win_wua`` execution module
 
+Salt 3000.7
+===========
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243)
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`. (CVE-2020-28972)
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`. (CVE-2020-35662)
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client. (CVE-2021-25281)
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal. (CVE-2021-25282)
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks. (CVE-2021-25283)
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error. (CVE-2021-25284)
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration. (CVE-2021-3144)
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the Salt-SSH client. (CVE-2021-3148)
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi. (CVE-2021-3197)
+
 Salt 3000.6
 ===========
 

diff --git a/changelog/CVE-2020-28243.fixed b/changelog/CVE-2020-28243.fixed
diff --git a/changelog/CVE-2020-28972.fixed b/changelog/CVE-2020-28972.fixed
diff --git a/changelog/CVE-2020-35662.fixed b/changelog/CVE-2020-35662.fixed
diff --git a/changelog/CVE-2021-25281.fixed b/changelog/CVE-2021-25281.fixed
diff --git a/changelog/CVE-2021-25282.fixed b/changelog/CVE-2021-25282.fixed
diff --git a/changelog/CVE-2021-25283.fixed b/changelog/CVE-2021-25283.fixed
diff --git a/changelog/CVE-2021-25284.fixed b/changelog/CVE-2021-25284.fixed
diff --git a/changelog/CVE-2021-3144.fixed b/changelog/CVE-2021-3144.fixed
diff --git a/changelog/CVE-2021-3148.fixed b/changelog/CVE-2021-3148.fixed
diff --git a/changelog/CVE-2021-3197.fixed b/changelog/CVE-2021-3197.fixed
diff --git a/doc/topics/releases/3000.7.rst b/doc/topics/releases/3000.7.rst
@@ -0,0 +1,41 @@
+.. _release-3000-7:
+
+=========================
+Salt 3000.7 Release Notes
+=========================
+
+Version 3000.7 is a CVE fix release for :ref:`3000 <release-3000>`.
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module.
+
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`.
+
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`.
+
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the
+  Salt-SSH client.
+
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration
+
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client.
+
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal.
+
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks.
+
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error.
+
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi.
diff --git a/doc/topics/releases/3001.5.rst b/doc/topics/releases/3001.5.rst
@@ -0,0 +1,41 @@
+.. _release-3001-5:
+
+=========================
+Salt 3001.5 Release Notes
+=========================
+
+Version 3001.5 is a CVE fix release for :ref:`3001 <release-3001>`.
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module.
+
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`.
+
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`.
+
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the
+  Salt-SSH client.
+
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration
+
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client.
+
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal.
+
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks.
+
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error.
+
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi.