valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated release notes with additional CVE information

Browse Source
This commit is contained in:
Jacob Hammons 2015-10-16 10:12:12 -06:00
parent 5286c01f39
commit 0d1b691549
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/topics/releases/2015.5.6.rst
View File

@ -13,6 +13,10 @@ CVE-2015-6941 - ``win_useradd`` module and ``salt-cloud`` display passwords in d
Updated the ``win_useradd`` module return data to no longer include the password of the newly created user. The password is now replaced with the string ``XXX-REDACTED-XXX``.
Updated the Salt Cloud debug output to no longer display ``win_password`` and ``sudo_password`` authentication credentials.
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with ``REDACTED`` in the debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
Changes for v2015.5.5..v2015.5.6
--------------------------------

7
doc/topics/releases/2015.8.1.rst
View File

@ -11,8 +11,11 @@ Security Fixes
CVE-2015-6941 - ``win_useradd`` module and ``salt-cloud`` display passwords in debug log
Updated the ``win_useradd`` module return data to no longer include the password of the newly created user. The password is now replaced with the string ``XXX-REDACTED-XXX``.
Updated the Salt Cloud debug output to no longer display ``win_password`` and ``sudo_password`` authentication credentials.
Also updated the Linode driver to no longer display authentication credentials in debug logs. These credentials are now replaced with ``REDACTED`` in the debug output.
Updated the Salt Cloud debug output to no longer display ``win_password`` and ``sudo_password`` authentication credentials. Also updated the Linode driver to no longer display authentication credentials in debug logs. These credentials are now replaced with ``REDACTED`` in the debug output.
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with ``REDACTED`` in the debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
Major Bug Fixes
---------------