<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on Salt Project</title><link>https://saltproject.io/tags/security/</link><description>Recent content in Security on Salt Project</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 10 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://saltproject.io/tags/security/index.xml" rel="self" type="application/rss+xml"/><item><title>The Salt Project Website Has a New Look</title><link>https://saltproject.io/blog/2026-07-10-website-facelift/</link><pubDate>Fri, 10 Jul 2026 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2026-07-10-website-facelift/</guid><description>The Salt Project website has a new look as part of a broader theme unification across the Salt Project website and documentation, bringing a single unified blog feed, local search, and tag-based filtering. These updates also include updates to how the RSS feeds work, such as the security feed.</description></item><item><title>Supply Chain Incident - 2026-Apr-29</title><link>https://saltproject.io/blog/2026-04-29-advisory/</link><pubDate>Wed, 29 Apr 2026 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2026-04-29-advisory/</guid><description>Due to a supply chain incident, Salt has rotated secrets and initiated the revocation of compromised macOS DeveloperID signing certificates.</description></item><item><title>Salt security advisory release - 2025-NOV-20</title><link>https://saltproject.io/blog/2025-11-20-advisory-3006-17-3007-9/</link><pubDate>Thu, 20 Nov 2025 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2025-11-20-advisory-3006-17-3007-9/</guid><description>The Salt Project is announcing the Salt 3006.17 LTS and 3007.9 STS CVE releases. This release addresses 2 CVEs, ranging from low to medium in severity.</description></item><item><title>Salt security advisory release - 2025-JUN-12</title><link>https://saltproject.io/blog/2025-06-12-advisory-3006-12-3007-4/</link><pubDate>Thu, 12 Jun 2025 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2025-06-12-advisory-3006-12-3007-4/</guid><description>The Salt Project is announcing the Salt 3006.12 LTS and 3007.4 STS CVE releases. This release addresses 11 CVEs, ranging from low to critical in severity.</description></item><item><title>Salt 3006.9 LTS is available</title><link>https://saltproject.io/blog/salt-release-3006-9-is-now-available/</link><pubDate>Tue, 30 Jul 2024 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/salt-release-3006-9-is-now-available/</guid><description>The Salt Project is announcing the Salt 3006.9 LTS bugfix release. This bugfix release includes at least one CVE fix (low to medium risk).</description></item><item><title>Salt security advisory release - 2024-JAN-31</title><link>https://saltproject.io/blog/2024-01-31-advisory/</link><pubDate>Wed, 31 Jan 2024 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2024-01-31-advisory/</guid><description>The Salt Project released a security update to Salt to address 2 vulnerabilities with a severity rating of High and Medium. We strongly recommend prioritizing this update. This is a security advisory release.</description></item><item><title>ATTENTION! Some High and Medium severity vulnerabilities have been discovered in Salt versions 3006.5 and earlier</title><link>https://saltproject.io/blog/2024-01-30-advisory/</link><pubDate>Tue, 30 Jan 2024 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2024-01-30-advisory/</guid><description>Some High and Medium severity vulnerabilities have been discovered in Salt versions 3006.5 and earlier. The vulnerabilities are high and medium severity based on the common Vulnerability Scoring System (CVSS).</description></item><item><title>Salt security advisory release - 2023-OCT-27</title><link>https://saltproject.io/blog/2023-10-27-advisory/</link><pubDate>Fri, 27 Oct 2023 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2023-10-27-advisory/</guid><description>The Salt Project released a security update to Salt to address 1 vulnerability with a severity rating of Medium. We strongly recommend prioritizing this update. This is a security advisory release.</description></item><item><title>ATTENTION! A Medium severity vulnerability has been discovered in Salt versions 3006.3 and earlier</title><link>https://saltproject.io/blog/2023-10-26-advisory/</link><pubDate>Thu, 26 Oct 2023 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2023-10-26-advisory/</guid><description>A Medium severity vulnerability has been discovered in Salt versions 3006.3 and earlier. The vulnerability is Medium severity based on the common Vulnerability Scoring System (CVSS).</description></item><item><title>Salt security advisory release - 2023-AUG-10</title><link>https://saltproject.io/blog/2023-08-10-advisory/</link><pubDate>Thu, 10 Aug 2023 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2023-08-10-advisory/</guid><description>The Salt Project released a security update to Salt to address 2 vulnerabilities with a severity rating of Medium. We strongly recommend prioritizing this update. This is a security advisory release.</description></item><item><title>ATTENTION! Some medium severity vulnerabilities have been discovered in Salt versions 3006.1 and earlier</title><link>https://saltproject.io/blog/2023-08-09-advisory/</link><pubDate>Wed, 09 Aug 2023 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2023-08-09-advisory/</guid><description>Some medium severity vulnerabilities have been discovered in Salt versions 3006.1 and earlier. The vulnerabilities are medium severity based on the common Vulnerability Scoring System (CVSS).</description></item><item><title>Salt 3005.1-4 Security Package Update</title><link>https://saltproject.io/blog/salt-3005-1-4-security-package-update/</link><pubDate>Tue, 10 Jan 2023 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/salt-3005-1-4-security-package-update/</guid><description>The Salt Project has released v3005.1-4 packages. This release only impacts the onedir packages and the classic Windows and Mac packages.</description></item><item><title>Salt security advisory release - 2022-JUNE-21</title><link>https://saltproject.io/blog/2022-06-21-advisory/</link><pubDate>Tue, 21 Jun 2022 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2022-06-21-advisory/</guid><description>The Salt Project released a security update to Salt to address 1 vulnerability with severity rating High. If you are using PAM authentication from within Salt, we strongly recommend prioritizing this update. This is a security advisory release. This release includes fixes to the vulnerability and bug fixes from the previous CVE release.</description></item><item><title>Attention! A critical vulnerability has been discovered in Salt versions 3004.1 and earlier</title><link>https://saltproject.io/blog/2022-06-13-advisory/</link><pubDate>Mon, 13 Jun 2022 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2022-06-13-advisory/</guid><description>A critical vulnerability has been discovered in Salt versions 3004.1 and earlier. The vulnerability rating is high based on the Common Vulnerability Scoring System (CVSS).</description></item><item><title>Salt security advisory release - 2022-MAR-28</title><link>https://saltproject.io/blog/2022-03-28-advisory/</link><pubDate>Mon, 28 Mar 2022 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2022-03-28-advisory/</guid><description>The Salt Project released a security update to Salt to address 4 vulnerabilities with a severity rating of Medium to High. We strongly recommend prioritizing this update. This is a security advisory release.</description></item><item><title>ATTENTION! Some critical vulnerabilities have been discovered in Salt versions 3004 and earlier</title><link>https://saltproject.io/blog/2022-03-22-advisory/</link><pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2022-03-22-advisory/</guid><description>Some critical vulnerabilities have been discovered in Salt versions 3004 and earlier. The vulnerabilities range in rating from Medium to High based on the Common Vulnerability Scoring System (CVSS). We are preparing a CVE release to be available on Monday, March 28th.</description></item><item><title>Salt security advisory release - 2021-SEPT-2</title><link>https://saltproject.io/blog/2021-09-21-advisory/</link><pubDate>Thu, 02 Sep 2021 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2021-09-21-advisory/</guid><description>The Salt Project released a security update to Salt to address 3 vulnerabilities with severity rating Medium to High. We strongly recommend prioritizing this update. This is a security advisory release.</description></item><item><title>Active Salt CVE Release 2021-FEB-25</title><link>https://saltproject.io/blog/2021-02-25-advisory-02/</link><pubDate>Thu, 25 Feb 2021 13:43:40 +0000</pubDate><guid>https://saltproject.io/blog/2021-02-25-advisory-02/</guid><description>The Salt Project has released a security update to address 10 vulnerabilities with severity rating Medium to High. We strongly recommend prioritizing this update.</description></item><item><title>UPDATE 2021-FEB-25 CVE Release Time Delay</title><link>https://saltproject.io/blog/2021-02-25-advisory-01/</link><pubDate>Thu, 25 Feb 2021 10:43:40 +0000</pubDate><guid>https://saltproject.io/blog/2021-02-25-advisory-01/</guid><description>Today the 2021-FEB-25 CVE Release is on-going and we are working through tasks. However, it is taking longer than expected. At this time we estimate a release time as 6 PM MST and 1 AM UTC. We apologize for the delay.</description></item><item><title>Salt Feb 4th CVE Release Delayed</title><link>https://saltproject.io/blog/2021-02-04-advisory/</link><pubDate>Thu, 04 Feb 2021 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2021-02-04-advisory/</guid><description>Today’s scheduled CVE Release is delayed due to a bug found late in the release cycle. This CVE Release is now set for Thursday, February 25th, 2021 by noon MST and 7:00 PM UTC. We apologize for the inconvenience this delay causes.</description></item><item><title>Active Salt CVE Announcement - 2021-JAN-21</title><link>https://saltproject.io/blog/2021-01-29-advisory/</link><pubDate>Fri, 29 Jan 2021 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2021-01-29-advisory/</guid><description>Several critical vulnerabilities have been discovered in Salt. These affect versions 3002 and earlier.Most of these, we expect the Common Vulnerability Scoring System (CVSS) rating to be high or critical. We quickly took actions to remediate once made aware of the vulnerabilities.</description></item><item><title>Active Salt CVE Release 2020-NOV-03</title><link>https://saltproject.io/blog/2020-11-02-advisory/</link><pubDate>Tue, 03 Nov 2020 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2020-11-02-advisory/</guid><description>SaltStack has released a security update to Salt to address three critical vulnerabilities. We strongly recommend that you prioritize this update.</description></item><item><title>Active Salt CVE Announcement - 2020-OCT-30</title><link>https://saltproject.io/blog/2020-10-30-advisory/</link><pubDate>Fri, 30 Oct 2020 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2020-10-30-advisory/</guid><description>Three related critical vulnerabilities have been discovered in Salt versions 3002 and earlier.</description></item><item><title>Active Salt CVE Update - CVE-2020-11651 and CVE-2020-11652</title><link>https://saltproject.io/blog/2020-05-06-advisory/</link><pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2020-05-06-advisory/</guid><description>We have created and made patches available for a number of Salt releases. Some patches are specific to certain Salt versions and, as noted, some will patch multiple versions. To ensure the patch is effective, verify installation of your version prior to installing any patches.</description></item><item><title>Active Salt CVE Update for CVE-2020-11651 and CVE-2020-11652</title><link>https://saltproject.io/blog/2020-05-04-advisory/</link><pubDate>Mon, 04 May 2020 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2020-05-04-advisory/</guid><description>Last week a critical vulnerability was discovered affecting Salt Master versions 2019.2.3 and 3000.1 and earlier. SaltStack customers and Salt users who have followed fundamental internet security guidelines and best practices are not affected by this vulnerability. The vulnerability is easily exploitable if a Salt Master is exposed to the open internet.</description></item><item><title>Salt CVE Critical Updates - 2020-APR-21</title><link>https://saltproject.io/blog/2020-04-21-advisory/</link><pubDate>Tue, 21 Apr 2020 00:00:00 +0000</pubDate><guid>https://saltproject.io/blog/2020-04-21-advisory/</guid><description>We have decided to proceed with release packages for 2019.2.5 and 3000.3 that contain fixes to these new these critical CVEs (CVE-2020-11651 and CVE-2020-11652). The packages will be available Wednesday, May 13, or potentially sooner.</description></item></channel></rss>