Attention! A critical vulnerability has been discovered in Salt versions 3004.1 and earlier

Dear Community,

A critical vulnerability has been discovered in Salt versions 3004.1 and earlier. The vulnerability rating is high based on the Common Vulnerability Scoring System (CVSS).

We are preparing a CVE release to be available on June 21st at 10 AM MST. The CVE packages will be available for 3002.9, 3003.5, and 3004.2. The releases will contain fixes to resolve and remediate the identified vulnerability and bug fixes found in the previous CVE release. We advise all users to quickly apply the CVE release as soon as the packages are available. Please reach out if you have any questions or comments. You can reach us at saltproject-security.pdl@broadcom.com You can also subscribe to our Security Announcements, here: https://www.saltproject.io/security-announcements/

Thank you,

Your Salt Open Core team