initial release notes for 0.15.1

2024-11-07 17:09:03 +00:00 · 2013-05-10 09:53:39 -06:00 · 2013-05-10 09:53:39 -06:00 · 1003ec83b9
commit 1003ec83b9
parent c1857e1329
1 changed files with 31 additions and 0 deletions
--- a/doc/topics/releases/0.15.1.rst
+++ b/doc/topics/releases/0.15.1.rst
@ -0,0 +1,31 @@
+=========================
+Salt 0.15.1 Release Notes
+=========================
+
+The 0.15.1 release has been posed, this release includes fixes to a number of
+bugs in 0.15.1 and a three security patches.
+
+Security Updates
+================
+
+A number of security issues have been resolved via the 0.15.1 release.
+
+Path Injection in Minion IDs
+============================
+
+A minion could spoof authentication by injecting path changes in the id, this
+allowed a minion to authenticate itself without validation.
+
+RSA Key Generation Fault
+========================
+
+RSA Key generation was not in compliance with with current standards, all RSA
+keys are recommended to be regenerated. A tool was included in 0.15.1 to assist
+in mass key regeneration, the manage.regen_keys runner.
+
+Command Injection Via ext_pillar
+================================
+
+Shell commands could be executed on the master when requesting a pillar.
+Ext pillar options have been restricted to only allow safe external pillars to
+be called when prompted by the minion.