valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 17:09:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b55bba0d46
salt/doc/topics/releases/2016.3.7.rst

16 lines
712 B
ReStructuredText
Raw Normal View History

initial 2016.3.7 release notes
2017-03-29 15:34:03 +00:00
===========================
Salt 2016.3.7 Release Notes
===========================
Version 2016.3.7 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.
Add allow_minion_key_revoke config option
2017-04-17 19:20:45 +00:00
Add Security Notice to 2016.3.7 Release Notes
2017-08-15 16:33:27 +00:00
Changes for v2016.3.6..v2016.3.7
--------------------------------
Add allow_minion_key_revoke config option
2017-04-17 19:20:45 +00:00
Add Security Notice to 2016.3.7 Release Notes
2017-08-15 16:33:27 +00:00
Security Fix
============
Add documentation to the example master and minion configuration files. Move minion event signing to a saner place. Enable dropping messages when signature does not verify or when minion is not adding the signature to its payloads.
2017-06-08 19:18:53 +00:00
Add Security Notice to 2016.3.7 Release Notes
2017-08-15 16:33:27 +00:00
CVE-2017-12791 Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Add documentation to the example master and minion configuration files. Move minion event signing to a saner place. Enable dropping messages when signature does not verify or when minion is not adding the signature to its payloads.
2017-06-08 19:18:53 +00:00
Add Security Notice to 2016.3.7 Release Notes
2017-08-15 16:33:27 +00:00
Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Credit for discovering the security flaw goes to: Vernhk@qq.com
Reference in New Issue Copy Permalink