Feb 4, 2021
Today’s scheduled CVE Release is delayed due to a bug found late in the release cycle. This CVE Release is now set for Thursday, February 25th, 2021 by noon MST and 7:00 PM UTC. We apologize for the inconvenience this delay causes.
Read More
Jan 29, 2021
Several critical vulnerabilities have been discovered in Salt. These affect versions 3002 and earlier.Most of these, we expect the Common Vulnerability Scoring System (CVSS) rating to be high or critical. We quickly took actions to remediate once made aware of the vulnerabilities.
Read More
Nov 3, 2020
SaltStack has released a security update to Salt to address three critical vulnerabilities. We strongly recommend that you prioritize this update.
Read More
Oct 30, 2020
Three related critical vulnerabilities have been discovered in Salt versions 3002 and earlier.
Read More
May 6, 2020
We have created and made patches available for a number of Salt releases. Some patches are specific to certain Salt versions and, as noted, some will patch multiple versions. To ensure the patch is effective, verify installation of your version prior to installing any patches.
Read More
May 4, 2020
Last week a critical vulnerability was discovered affecting Salt Master versions 2019.2.3 and 3000.1 and earlier. SaltStack customers and Salt users who have followed fundamental internet security guidelines and best practices are not affected by this vulnerability. The vulnerability is easily exploitable if a Salt Master is exposed to the open internet.
Read More
Apr 21, 2020
We have decided to proceed with release packages for 2019.2.5 and 3000.3 that contain fixes to these new these critical CVEs (CVE-2020-11651 and CVE-2020-11652). The packages will be available Wednesday, May 13, or potentially sooner.
Read More
