Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge/3000.2 #56987

Merged
merged 9 commits into from
Apr 29, 2020
Merged

Merge/3000.2 #56987

merged 9 commits into from
Apr 29, 2020

Conversation

dwoz
Copy link
Contributor

@dwoz dwoz commented Apr 29, 2020

What does this PR do?

Merge changes form security release 3000.3

What issues does this PR fix or reference?

CVE-2020-11652
CVE-2020-11651

Merge requirements satisfied?

  • [ x] Docs
  • [ x] Changelog
  • [ x] Tests written/updated

Commits signed with GPG?

Yes

@dwoz dwoz requested a review from a team as a code owner April 29, 2020 18:48
@ghost ghost requested review from Ch3LL and removed request for a team April 29, 2020 18:48
Frode Gundersen and others added 8 commits April 29, 2020 19:02
@dwoz
Update man pages 3000.2
9bec30e
@dwoz
Fix CVE-2020-11651
3fb1e4f 
Resolve issue which allows access to un-intended methods in the
ClearFuncs class of the salt-master process
@dwoz
Fix CVE-2020-11652
0491a84 
Sanitize paths in ClearFuncs methods provided by salt-master. This
ensures we do not allow access to un-intended files and directories.
@dwoz
Add note about log messages to hardening salt docs
c129f43
@dwoz
Add 2019.2.4 release notes
5f36f1e
@dwoz
Add release notes for 3000.2
522771f
@dwoz
Update 3000.2 release notes
27bf3d7
@dwoz
Update 3000.2.rst
8d2cc7a
waynew
waynew previously approved these changes Apr 29, 2020
View reviewed changes
s0undt3ch
s0undt3ch suggested changes Apr 29, 2020
View reviewed changes
tests/unit/test_module_names.py Outdated Show resolved Hide resolved
@dwoz dwoz dismissed stale reviews from waynew and garethgreenaway via 101c914 April 29, 2020 19:46
@dwoz dwoz merged commit dcde50d into saltstack:master Apr 29, 2020
@sagetherage sagetherage added the v3000.2 vulnerable version label May 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s0undt3ch s0undt3ch s0undt3ch approved these changes

@waynew waynew waynew left review comments

@garethgreenaway garethgreenaway garethgreenaway left review comments

@Ch3LL Ch3LL Awaiting requested review from Ch3LL

Assignees
No one assigned
Labels
v3000.2 vulnerable version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dwoz @waynew @s0undt3ch @garethgreenaway @sagetherage