Salt Minion LTS MSI x64 Version 30.08.1
Salt 3008.1 release notes$$$Changelog$$$Changed$$$Changed salt.returners.redis_return to enumerate the Redis keyspace #69037$$$$$$with SCAN instead of the blocking KEYS pattern command in both #69037$$$$$$get_jids and clean_old_jobs. KEYS walks the entire keyspace #69037$$$$$$synchronously and stalls the Redis server for the duration; on a #69037$$$$$$master with hundreds of thousands of jobs this can block all clients #69037$$$$$$of that Redis instance for seconds. SCAN is incremental and #69037$$$$$$non-blocking. Order of returned keys is no longer guaranteed (the #69037$$$$$$returner does not rely on order); operators with custom scripts that #69037$$$$$$read ret:* or load:* directly may see them in a different order. #69037$$$$$$Fixed$$$Fixed win_pkg functions ignoring the saltenv setting in minion configuration. All public functions (refresh_db; genrepo; install; remove; list_pkgs; latest_version; upgrade_available; list_upgrades; list_available; version; get_repo_data; get_package_info) now fall back to __opts__[saltenv] when saltenv is not passed explicitly; instead of always defaulting to base. #38551$$$$$$Added encoding parameter to file.replace execution module and state to support UTF-16; UTF-32; and other multi-byte encoded files that would otherwise be incorrectly treated as binary. #52793$$$$$$Improved documentation for the runas and password parameters in cmd.run; cmd.script; and all salt.modules.cmdmod execution functions on Windows. The docs now accurately describe when a password is required: only when the salt-minion is not running as SYSTEM or as an elevated Administrator. Removed the inaccurate claim that the target user account must be in the Administrators group. Also changed cmd.script to log a warning instead of hard-failing when runas is used without a password on Windows; since a password is not always required. #57951
Salt Minion LTS EXE x64 Version 3008.1
Salt 3008.1 release notes$$$Changelog$$$Changed$$$Changed salt.returners.redis_return to enumerate the Redis keyspace #69037$$$$$$with SCAN instead of the blocking KEYS pattern command in both #69037$$$$$$get_jids and clean_old_jobs. KEYS walks the entire keyspace #69037$$$$$$synchronously and stalls the Redis server for the duration; on a #69037$$$$$$master with hundreds of thousands of jobs this can block all clients #69037$$$$$$of that Redis instance for seconds. SCAN is incremental and #69037$$$$$$non-blocking. Order of returned keys is no longer guaranteed (the #69037$$$$$$returner does not rely on order); operators with custom scripts that #69037$$$$$$read ret:* or load:* directly may see them in a different order. #69037$$$$$$Fixed$$$Fixed win_pkg functions ignoring the saltenv setting in minion configuration. All public functions (refresh_db; genrepo; install; remove; list_pkgs; latest_version; upgrade_available; list_upgrades; list_available; version; get_repo_data; get_package_info) now fall back to __opts__[saltenv] when saltenv is not passed explicitly; instead of always defaulting to base. #38551
Salt Version 3008.0
Automation and infrastructure management engine
Salt Minion LTS EXE x64 Version 3008.0
Changelog$$$Removed$$$Remove commuity extensions from Salt codebase #65970$$$Remove deprecated module search path priority (features.enable_deprecated_module_search_path_priority) #66025$$$Remove the orchestration key from salt.runner and salt.wheel return data. #66151$$$Removed linode-python package dependency for retired Linode API v3 #68871$$$Removed legacy salt.transport.ipc module and unused PushChannel / PullChannel factories; local events use ipc_publish_client / ipc_publish_server (TCP transport). #69001$$$Deprecated$$$Deprecated the use of egrep in favor of grep -E #65608$$$Changed$$$Make sure every auth event has the act key set #56200$$$Ansiblegate discover_playbooks was changed to find playbooks as either *.yml or *.yaml files #66048$$$re-work the aptpkg module to remove system libraries that onedir and virtualenvs do not have access. Streamline testing; and code use to needed libraries only. #66056$$$Made gpg modules respect users GNUPGHOME if set in shell environment #66313$$$Made gpg.present attempt to refresh keys if they are expired #66314$$$Made x509_v2 the default x509 modules. Until they are removed in the next major release; you can still revert to the old modules by setting features: {x509_v2: false} in the configuration #66384$$$Included Salt extensions in Salt-SSH thin archive #66559$$$Add support for additional options in several mac_brew_pkg methods #66611$$$Make test_pip and test_fileserver tests compatible with venv execution #66703$$$Do not use ssl.PROTOCOL_TLS which has been #66767$$$deprecated in #66767$$$Python 3.10 will be removed in the future. #66767$$$Remove warning when running slsutil.renderer on non-SLS files #67067$$$PillarCache: reimplement using salt.cache #68030$$$fix minion data cache organization/move pillar and grains to dedicated cache banks #68030$$$salt.cache: allow cache.store() to set expires per key #68030$$$$$$Provide token storage using the salt.cache interface #68039$$$Update packaged python from 3.10 to 3.11 #68148$$$Added ceph to the specialFSes to match on name for set_fstab #68207$$$Removed networkx module dependency by adding MultiDiGraph implementation to salt.utils.requisite to avoid extra dependencies. #68748$$$Expanded Thorium documentation with concrete examples and added unit coverage for the documented Thorium workflows. #68857$$$Add stub 3008.0 release notes (and template) so tools docs man and CI prepare-release can resolve the current-release doc target. Exclude doc/topics/proposals/*.md from Sphinx so stand-alone proposal files do not fail strict man builds. #68964$$$Refer -https://docs.saltproject.io/en/latest/topics/releases/3008.0.html
Salt Minion LTS MSI x64 Version 30.08.0
Changelog$$$Removed$$$Remove commuity extensions from Salt codebase #65970$$$$$$Remove deprecated module search path priority (features.enable_deprecated_module_search_path_priority) #66025$$$$$$Remove the orchestration key from salt.runner and salt.wheel return data. #66151$$$$$$Removed linode-python package dependency for retired Linode API v3 #68871$$$$$$Removed legacy salt.transport.ipc module and unused PushChannel / PullChannel factories; local events use ipc_publish_client / ipc_publish_server (TCP transport). #69001$$$$$$Deprecated$$$Deprecated the use of egrep in favor of grep -E #65608$$$$$$Changed$$$Make sure every auth event has the act key set #56200$$$$$$Ansiblegate discover_playbooks was changed to find playbooks as either *.yml or *.yaml files #66048$$$$$$re-work the aptpkg module to remove system libraries that onedir and virtualenvs do not have access. Streamline testing; and code use to needed libraries only. #66056$$$$$$Made gpg modules respect users GNUPGHOME if set in shell environment #66313$$$$$$Made gpg.present attempt to refresh keys if they are expired #66314$$$$$$Made x509_v2 the default x509 modules. Until they are removed in the next major release; you can still revert to the old modules by setting features: {x509_v2: false} in the configuration #66384$$$$$$Included Salt extensions in Salt-SSH thin archive #66559$$$$$$Add support for additional options in several mac_brew_pkg methods #66611$$$$$$Make test_pip and test_fileserver tests compatible with venv execution #66703$$$$$$Do not use ssl.PROTOCOL_TLS which has been #66767$$$$$$deprecated in #66767$$$$$$Python 3.10 will be removed in the future. #66767$$$$$$Remove warning when running slsutil.renderer on non-SLS files #67067$$$$$$PillarCache: reimplement using salt.cache #68030$$$$$$fix minion data cache organization/move pillar and grains to dedicated cache banks #68030$$$$$$salt.cache: allow cache.store() to set expires per key #68030$$$$$$Provide token storage using the salt.cache interface #68039$$$$$$Update packaged python from 3.10 to 3.11 #68148$$$$$$Added ceph to the specialFSes to match on name for set_fstab #68207$$$$$$Removed networkx module dependency by adding MultiDiGraph implementation to salt.utils.requisite to avoid extra dependencies. #68748$$$$$$Expanded Thorium documentation with concrete examples and added unit coverage for the documented Thorium workflows. #68857$$$$$$Add stub 3008.0 release notes (and template) so tools docs man and CI prepare-release can resolve the current-release doc target. Exclude doc/topics/proposals/*.md from Sphinx so stand-alone proposal files do not fail strict man builds. #68964$$$$$$Refer -https://docs.saltproject.io/en/latest/topics/releases/3008.0.html
Salt Minion LTS EXE x64 Version 3006.25
Salt 3006.25 release notes$$$Changelog$$$Fixed$$$Fixed multiline powershell -Command { } blocks failing with Missing closing } when used in a cmd.run state on Windows. Salt now collapses embedded newlines and re-encodes the script block as -EncodedCommand; ensuring correct execution and suppressing CLIXML noise from stderr. #68397$$$$$$Quote cmd /c payloads on Windows so compound commands (e.g. cd ... & dir) work with runas; with cmd; that wrapping is applied whenever runas is set; not only when python_shell is true #68448$$$$$$Reduced salt-api memory growth on busy installations by stopping the ZeroMQ REQ clients send/recv coroutine before tearing down the IOLoop and sockets: on close; queue a shutdown marker and run the ILOop once via run_sync so Tornado Queue.get waiters unwind cleanly while retaining the Tornado Queue for low-latency wakeups. #68637$$$$$$Fixed a regression in win_pkg where msiexec install flags containing Windows-style quoting (e.g. MYPROPERTY=C:\some file.txt) were mangled into MYPROPERTY=C:\some file.txt causing msiexec to hang. Restored the pre-regression behaviour where shlex_split is not applied to command strings on Windows; preserving Windows-style argument quoting when the command is passed directly to CreateProcess. #68950$$$$$$Fixed salt.returners.pgjsonb.save_load silently swallowing all psycopg2.IntegrityErrors. The catch is now narrowed to psycopg2.errors.UniqueViolation only — the legacy duplicate-jid case from #22171 on PostgreSQL < 9.5 — and emits a warning. Other integrity errors (foreign-key; NOT NULL; CHECK violations) now surface to the caller instead of being dropped. #69046$$$$$$Fixed salt.returners.pgjsonb mutating a module-global SQL string (PG_SAVE_LOAD_SQL) inside _get_serv on every connection. The SQL form is now chosen per-call inside save_load from the actual connections server_version; so a master that talks to PostgreSQL clusters with mixed versions (e.g. through a failover) no longer sends UPSERT syntax to a pre-9.5 server after the first 9.5+ connection. #69052$$$$$$Fix pip install -e salt #69101$$$$$$Added$$$Added support for the AdministratorLockout (Allow Administrator account lockout) policy in salt.modules.win_lgpo; allowing the built-in Administrator account lockout behaviour to be enabled or disabled via Local Group Policy on Windows. #69132
Salt Minion LTS MSI x64 Version 30.08.0
Changelog$$$Removed$$$Remove commuity extensions from Salt codebase #65970$$$$$$Remove deprecated module search path priority (features.enable_deprecated_module_search_path_priority) #66025$$$$$$Remove the orchestration key from salt.runner and salt.wheel return data. #66151$$$$$$Removed linode-python package dependency for retired Linode API v3 #68871$$$$$$Removed legacy salt.transport.ipc module and unused PushChannel / PullChannel factories; local events use ipc_publish_client / ipc_publish_server (TCP transport). #69001$$$$$$Deprecated$$$Deprecated the use of egrep in favor of grep -E #65608$$$$$$Changed$$$Make sure every auth event has the act key set #56200$$$$$$Ansiblegate discover_playbooks was changed to find playbooks as either *.yml or *.yaml files #66048$$$$$$re-work the aptpkg module to remove system libraries that onedir and virtualenvs do not have access. Streamline testing; and code use to needed libraries only. #66056$$$$$$Made gpg modules respect users GNUPGHOME if set in shell environment #66313$$$$$$Made gpg.present attempt to refresh keys if they are expired #66314$$$$$$Made x509_v2 the default x509 modules. Until they are removed in the next major release; you can still revert to the old modules by setting features: {x509_v2: false} in the configuration #66384$$$$$$Included Salt extensions in Salt-SSH thin archive #66559$$$$$$Add support for additional options in several mac_brew_pkg methods #66611$$$$$$Make test_pip and test_fileserver tests compatible with venv execution #66703$$$$$$Do not use ssl.PROTOCOL_TLS which has been #66767$$$$$$deprecated in #66767$$$$$$Python 3.10 will be removed in the future. #66767$$$$$$Remove warning when running slsutil.renderer on non-SLS files #67067$$$$$$PillarCache: reimplement using salt.cache #68030$$$$$$fix minion data cache organization/move pillar and grains to dedicated cache banks #68030$$$$$$salt.cache: allow cache.store() to set expires per key #68030$$$$$$Provide token storage using the salt.cache interface #68039$$$$$$Update packaged python from 3.10 to 3.11 #68148$$$$$$Added ceph to the specialFSes to match on name for set_fstab #68207$$$$$$Removed networkx module dependency by adding MultiDiGraph implementation to salt.utils.requisite to avoid extra dependencies. #68748$$$$$$Expanded Thorium documentation with concrete examples and added unit coverage for the documented Thorium workflows. #68857$$$$$$Add stub 3008.0 release notes (and template) so tools docs man and CI prepare-release can resolve the current-release doc target. Exclude doc/topics/proposals/*.md from Sphinx so stand-alone proposal files do not fail strict man builds. #68964$$$$$$Refer -https://docs.saltproject.io/en/latest/topics/releases/3008.0.html
Salt Minion LTS MSI x64 Version 30.06.25
Salt 3006.25 release notes$$$Changelog$$$Fixed$$$Fixed multiline powershell -Command { } blocks failing with Missing closing } when used in a cmd.run state on Windows. Salt now collapses embedded newlines and re-encodes the script block as -EncodedCommand; ensuring correct execution and suppressing CLIXML noise from stderr. #68397$$$$$$Quote cmd /c payloads on Windows so compound commands (e.g. cd ... & dir) work with runas; with cmd; that wrapping is applied whenever runas is set; not only when python_shell is true #68448$$$$$$Reduced salt-api memory growth on busy installations by stopping the ZeroMQ REQ clients send/recv coroutine before tearing down the IOLoop and sockets: on close; queue a shutdown marker and run the ILOop once via run_sync so Tornado Queue.get waiters unwind cleanly while retaining the Tornado Queue for low-latency wakeups. #68637$$$$$$Fixed a regression in win_pkg where msiexec install flags containing Windows-style quoting (e.g. MYPROPERTY=C:\some file.txt) were mangled into MYPROPERTY=C:\some file.txt causing msiexec to hang. Restored the pre-regression behaviour where shlex_split is not applied to command strings on Windows; preserving Windows-style argument quoting when the command is passed directly to CreateProcess. #68950$$$$$$Fixed salt.returners.pgjsonb.save_load silently swallowing all psycopg2.IntegrityErrors. The catch is now narrowed to psycopg2.errors.UniqueViolation only — the legacy duplicate-jid case from #22171 on PostgreSQL < 9.5 — and emits a warning. Other integrity errors (foreign-key; NOT NULL; CHECK violations) now surface to the caller instead of being dropped. #69046$$$$$$Fixed salt.returners.pgjsonb mutating a module-global SQL string (PG_SAVE_LOAD_SQL) inside _get_serv on every connection. The SQL form is now chosen per-call inside save_load from the actual connections server_version; so a master that talks to PostgreSQL clusters with mixed versions (e.g. through a failover) no longer sends UPSERT syntax to a pre-9.5 server after the first 9.5+ connection. #69052$$$$$$Fix pip install -e salt #69101$$$$$$Added$$$Added support for the AdministratorLockout (Allow Administrator account lockout) policy in salt.modules.win_lgpo; allowing the built-in Administrator account lockout behaviour to be enabled or disabled via Local Group Policy on Windows. #69132
Salt Minion LTS MSI x64 Version 30.06.25
Salt 3006.25 release notes$$$Changelog$$$Fixed$$$Fixed multiline powershell -Command { } blocks failing with Missing closing } when used in a cmd.run state on Windows. Salt now collapses embedded newlines and re-encodes the script block as -EncodedCommand; ensuring correct execution and suppressing CLIXML noise from stderr. #68397$$$$$$Quote cmd /c payloads on Windows so compound commands (e.g. cd ... & dir) work with runas; with cmd; that wrapping is applied whenever runas is set; not only when python_shell is true #68448$$$$$$Reduced salt-api memory growth on busy installations by stopping the ZeroMQ REQ clients send/recv coroutine before tearing down the IOLoop and sockets: on close; queue a shutdown marker and run the ILOop once via run_sync so Tornado Queue.get waiters unwind cleanly while retaining the Tornado Queue for low-latency wakeups. #68637$$$$$$Fixed a regression in win_pkg where msiexec install flags containing Windows-style quoting (e.g. MYPROPERTY=C:\some file.txt) were mangled into MYPROPERTY=C:\some file.txt causing msiexec to hang. Restored the pre-regression behaviour where shlex_split is not applied to command strings on Windows; preserving Windows-style argument quoting when the command is passed directly to CreateProcess. #68950$$$$$$Fixed salt.returners.pgjsonb.save_load silently swallowing all psycopg2.IntegrityErrors. The catch is now narrowed to psycopg2.errors.UniqueViolation only — the legacy duplicate-jid case from #22171 on PostgreSQL < 9.5 — and emits a warning. Other integrity errors (foreign-key; NOT NULL; CHECK violations) now surface to the caller instead of being dropped. #69046$$$$$$Fixed salt.returners.pgjsonb mutating a module-global SQL string (PG_SAVE_LOAD_SQL) inside _get_serv on every connection. The SQL form is now chosen per-call inside save_load from the actual connections server_version; so a master that talks to PostgreSQL clusters with mixed versions (e.g. through a failover) no longer sends UPSERT syntax to a pre-9.5 server after the first 9.5+ connection. #69052$$$$$$Fix pip install -e salt #69101$$$$$$Added$$$Added support for the AdministratorLockout (Allow Administrator account lockout) policy in salt.modules.win_lgpo; allowing the built-in Administrator account lockout behaviour to be enabled or disabled via Local Group Policy on Windows. #69132
Salt Minion LTS EXE x64 Version 3006.25
Salt 3006.25 release notes$$$Changelog$$$Fixed$$$Fixed multiline powershell -Command { } blocks failing with Missing closing } when used in a cmd.run state on Windows. Salt now collapses embedded newlines and re-encodes the script block as -EncodedCommand; ensuring correct execution and suppressing CLIXML noise from stderr. #68397$$$$$$Quote cmd /c payloads on Windows so compound commands (e.g. cd ... & dir) work with runas; with cmd; that wrapping is applied whenever runas is set; not only when python_shell is true #68448$$$$$$Reduced salt-api memory growth on busy installations by stopping the ZeroMQ REQ clients send/recv coroutine before tearing down the IOLoop and sockets: on close; queue a shutdown marker and run the ILOop once via run_sync so Tornado Queue.get waiters unwind cleanly while retaining the Tornado Queue for low-latency wakeups. #68637$$$$$$Fixed a regression in win_pkg where msiexec install flags containing Windows-style quoting (e.g. MYPROPERTY=C:\some file.txt) were mangled into MYPROPERTY=C:\some file.txt causing msiexec to hang. Restored the pre-regression behaviour where shlex_split is not applied to command strings on Windows; preserving Windows-style argument quoting when the command is passed directly to CreateProcess. #68950$$$$$$Fixed salt.returners.pgjsonb.save_load silently swallowing all psycopg2.IntegrityErrors. The catch is now narrowed to psycopg2.errors.UniqueViolation only — the legacy duplicate-jid case from #22171 on PostgreSQL < 9.5 — and emits a warning. Other integrity errors (foreign-key; NOT NULL; CHECK violations) now surface to the caller instead of being dropped. #69046$$$$$$Fixed salt.returners.pgjsonb mutating a module-global SQL string (PG_SAVE_LOAD_SQL) inside _get_serv on every connection. The SQL form is now chosen per-call inside save_load from the actual connections server_version; so a master that talks to PostgreSQL clusters with mixed versions (e.g. through a failover) no longer sends UPSERT syntax to a pre-9.5 server after the first 9.5+ connection. #69052$$$$$$Fix pip install -e salt #69101$$$$$$Added$$$Added support for the AdministratorLockout (Allow Administrator account lockout) policy in salt.modules.win_lgpo; allowing the built-in Administrator account lockout behaviour to be enabled or disabled via Local Group Policy on Windows. #69132
Salt Version 3007.14
Automation and infrastructure management engine
Salt Minion STS MSI x64 Version 30.07.14
Salt 3007.14 release notes$$$Changelog$$$Fixed$$$Fix mac_brew_pkg.list_pkgs crashing or producing incorrect results when Homebrew returns null values for cask metadata:$$$$$$When the installed version of a cask is null (e.g. Homebrew cannot determine the installed version); it is now reported as unknown instead of raising an error.$$$$$$When full_token is null; it is now filtered out so that None is never used as a package name key in the returned dictionary. #68763
Salt Minion STS EXE x64 Version 3007.14
Salt 3007.14 release notes$$$Changelog$$$Fixed$$$Fix mac_brew_pkg.list_pkgs crashing or producing incorrect results when Homebrew returns null values for cask metadata:$$$$$$When the installed version of a cask is null (e.g. Homebrew cannot determine the installed version); it is now reported as unknown instead of raising an error.$$$$$$When full_token is null; it is now filtered out so that None is never used as a package name key in the returned dictionary. #68763
Salt Version 3007.14
Automation and infrastructure management engine
Salt Version 3007.14
Automation and infrastructure management engine
Salt Minion LTS EXE x64 Version 3006.24
Salt 3006.24 release notes$$$Changelog$$$Fixed$$$Fixed inotify file descriptor leak in beacons. When beacons are refreshed (e.g. during module refresh or pillar refresh); the old beacon modules are now properly closed before creating new ones; preventing exhaustion of the inotify instance limit. Also fixed beacon delete not calling the beacons close function; causing resource leaks and CPU spin after deleting beacons at runtime via beacons.delete. #66449$$$$$$Fixed x509_v2.certificate_managed state fails if another state.apply is queued #66929$$$$$$Fixed x509_v2 private_key_managed failing on Windows due to default mode argument #66942$$$$$$Windows LGPO / audit policy: Advanced audit policy is now read and applied through the Windows security API (AuditQuerySystemPolicy / AuditSetSystemPolicy) instead of parsing auditpol output; so behavior no longer depends on the system locale. #68354$$$$$$Decouple the pub timeout from opts timeout. Programatic useage of client now has a 30 second timeout. #68597$$$$$$Fix salt-call and salt-pip to honor configured user for privilege dropping #68684$$$$$$Fix mac_brew_pkg.list_pkgs crashing or producing incorrect results when Homebrew returns null values for cask metadata:$$$$$$When the installed version of a cask is null (e.g. Homebrew cannot determine the installed version); it is now reported as unknown instead of raising an error.$$$$$$When full_token is null; it is now filtered out so that None is never used as a package name key in the returned dictionary. #68763$$$$$$Prevented generation of spurious ppbt toolchain in /root/.local on RPM upgrade$$$$$$Stale pycache files now get cleaned up on RPM upgrade #68781$$$$$$Ensure Salt file and directory ownership is correctly detected and preserved when upgrading RPM and Debian packages; particularly when running Salt as a non-root user. #68793$$$$$$Upgrade relenv to 0.22.5 which pins openssl to an LTS version (3.5.x) #68803$$$$$$Patch the vendored tornado version to account for CVE patches that have been applied. #68820$$$$$$Made x509_v2 certificate_managed respect copypath and prepend_cn parameters #68828$$$$$$Upgrade pyopenssl to >= 26.0.0$$$$$$CVE-2026-27459$$$$$$CVE-2026-27448 #68832$$$$$$Patch tornado for BDSA-2025-60810 #68853$$$$$$Patch tornado for BDSA-2026-3867 #68854$$$$$$Fixed source package builds (DEB/RPM) failing with LookupError: hatchling is already being built by adding hatchling to the --only-binary allow-list so pip uses its universal wheel instead of attempting a circular source build. #68858$$$$$$Upgrade relenv to 0.22.7$$$$$$Upgread Python Versions 3.12.13; 3.11.15; 3.10.20$$$$$$CVE-2024-6923: Header injection in email module$$$$$$CVE-2026-24515; CVE-2026-25210; CVE-2025-59375: XML memory amplification and libexpat vulnerabilities$$$$$$SQLite 3.51.3.0$$$$$$CVE-2025-70873: Heap memory disclosure in zipfile extension$$$$$$CVE-2025-7709: Integer overflow in FTS5 extension$$$$$$Fixes WAL-reset bug preventing database corruption$$$$$$XZ Utils 5.8.3
Salt Minion LTS EXE x64 Version 3006.24
Salt 3006.24 release notes$$$Changelog$$$Fixed$$$Fixed inotify file descriptor leak in beacons. When beacons are refreshed (e.g. during module refresh or pillar refresh); the old beacon modules are now properly closed before creating new ones; preventing exhaustion of the inotify instance limit. Also fixed beacon delete not calling the beacons close function; causing resource leaks and CPU spin after deleting beacons at runtime via beacons.delete. #66449$$$$$$Fixed x509_v2.certificate_managed state fails if another state.apply is queued #66929$$$$$$Fixed x509_v2 private_key_managed failing on Windows due to default mode argument #66942$$$$$$Windows LGPO / audit policy: Advanced audit policy is now read and applied through the Windows security API (AuditQuerySystemPolicy / AuditSetSystemPolicy) instead of parsing auditpol output; so behavior no longer depends on the system locale. #68354$$$$$$Decouple the pub timeout from opts timeout. Programatic useage of client now has a 30 second timeout. #68597$$$$$$Fix salt-call and salt-pip to honor configured user for privilege dropping #68684$$$$$$Fix mac_brew_pkg.list_pkgs crashing or producing incorrect results when Homebrew returns null values for cask metadata:$$$$$$When the installed version of a cask is null (e.g. Homebrew cannot determine the installed version); it is now reported as unknown instead of raising an error.$$$$$$When full_token is null; it is now filtered out so that None is never used as a package name key in the returned dictionary. #68763$$$$$$Prevented generation of spurious ppbt toolchain in /root/.local on RPM upgrade$$$$$$Stale pycache files now get cleaned up on RPM upgrade #68781$$$$$$Ensure Salt file and directory ownership is correctly detected and preserved when upgrading RPM and Debian packages; particularly when running Salt as a non-root user. #68793$$$$$$Upgrade relenv to 0.22.5 which pins openssl to an LTS version (3.5.x) #68803$$$$$$Patch the vendored tornado version to account for CVE patches that have been applied. #68820$$$$$$Made x509_v2 certificate_managed respect copypath and prepend_cn parameters #68828$$$$$$Upgrade pyopenssl to >= 26.0.0$$$$$$CVE-2026-27459$$$$$$CVE-2026-27448 #68832$$$$$$Patch tornado for BDSA-2025-60810 #68853$$$$$$Patch tornado for BDSA-2026-3867 #68854$$$$$$Fixed source package builds (DEB/RPM) failing with LookupError: hatchling is already being built by adding hatchling to the --only-binary allow-list so pip uses its universal wheel instead of attempting a circular source build. #68858$$$$$$Upgrade relenv to 0.22.7$$$$$$Upgread Python Versions 3.12.13; 3.11.15; 3.10.20$$$$$$CVE-2024-6923: Header injection in email module$$$$$$CVE-2026-24515; CVE-2026-25210; CVE-2025-59375: XML memory amplification and libexpat vulnerabilities$$$$$$SQLite 3.51.3.0$$$$$$CVE-2025-70873: Heap memory disclosure in zipfile extension$$$$$$CVE-2025-7709: Integer overflow in FTS5 extension$$$$$$Fixes WAL-reset bug preventing database corruption$$$$$$XZ Utils 5.8.3
Salt Minion LTS MSI x64 Version 30.06.24
Changelog$$$Fixed$$$Fixed inotify file descriptor leak in beacons. When beacons are refreshed (e.g. during module refresh or pillar refresh); the old beacon modules are now properly closed before creating new ones; preventing exhaustion of the inotify instance limit. Also fixed beacon delete not calling the beacons close function; causing resource leaks and CPU spin after deleting beacons at runtime via beacons.delete. #66449$$$$$$Fixed x509_v2.certificate_managed state fails if another state.apply is queued #66929$$$$$$Fixed x509_v2 private_key_managed failing on Windows due to default mode argument #66942$$$$$$Windows LGPO / audit policy: Advanced audit policy is now read and applied through the Windows security API (AuditQuerySystemPolicy / AuditSetSystemPolicy) instead of parsing auditpol output; so behavior no longer depends on the system locale. #68354$$$$$$Decouple the pub timeout from opts timeout. Programatic useage of client now has a 30 second timeout. #68597$$$$$$Fix salt-call and salt-pip to honor configured user for privilege dropping #68684$$$$$$Fix mac_brew_pkg.list_pkgs crashing or producing incorrect results when Homebrew returns null values for cask metadata:$$$$$$When the installed version of a cask is null (e.g. Homebrew cannot determine the installed version); it is now reported as unknown instead of raising an error.$$$$$$When full_token is null; it is now filtered out so that None is never used as a package name key in the returned dictionary. #68763$$$$$$Prevented generation of spurious ppbt toolchain in /root/.local on RPM upgrade$$$$$$Stale pycache files now get cleaned up on RPM upgrade #68781$$$$$$Ensure Salt file and directory ownership is correctly detected and preserved when upgrading RPM and Debian packages; particularly when running Salt as a non-root user. #68793$$$$$$Upgrade relenv to 0.22.5 which pins openssl to an LTS version (3.5.x) #68803$$$$$$Patch the vendored tornado version to account for CVE patches that have been applied. #68820$$$$$$Made x509_v2 certificate_managed respect copypath and prepend_cn parameters #68828$$$$$$Upgrade pyopenssl to >= 26.0.0$$$$$$CVE-2026-27459$$$$$$CVE-2026-27448 #68832$$$$$$Patch tornado for BDSA-2025-60810 #68853$$$$$$Patch tornado for BDSA-2026-3867 #68854$$$$$$Fixed source package builds (DEB/RPM) failing with LookupError: hatchling is already being built by adding hatchling to the --only-binary allow-list so pip uses its universal wheel instead of attempting a circular source build. #68858$$$$$$Upgrade relenv to 0.22.7$$$$$$Upgread Python Versions 3.12.13; 3.11.15; 3.10.20$$$$$$CVE-2024-6923: Header injection in email module$$$$$$CVE-2026-24515; CVE-2026-25210; CVE-2025-59375: XML memory amplification and libexpat vulnerabilities$$$$$$SQLite 3.51.3.0$$$$$$CVE-2025-70873: Heap memory disclosure in zipfile extension$$$$$$CVE-2025-7709: Integer overflow in FTS5 extension$$$$$$Fixes WAL-reset bug preventing database corruption$$$$$$XZ Utils 5.8.3$$$$$$CVE-2026-34743: Buffer overflow in lzma_index_append()$$$$$$Expat 2.7.5$$$$$$CVE-2026-32776: NULL pointer dereference in external parameter entities$$$$$$CVE-2026-32777: Infinite loop in entityValueProcessor$$$$$$CVE-2026-32778: NULL pointer dereference during OOM recovery #68884$$$$$$Minion properly closes pub channel when authentication to the master failes; prevents leaking file handles. #68901$$$$$$Patch tornado for BDSA-2026-6522 #68920$$$$$$Perl 5.42.2.1 CVE-2026-4176: Memory corruption in Compress::Raw::Zlib core module CVE-2026-3381 / CVE-2026-27171: zlib vulnerabilities within compression capabilities OpenSSL 3.5.6 CVE-2026-31790: Leakage from uninitialized memory in RSA KEM RSASVE CVE-2026-2673: Loss of key agreement group tuple structure CVE-2026-28387: Potential use-after-free in DANE client code CVE-2026-28388: DoS via NULL pointer dereference in delta CRL processing CVE-2026-31789: Heap buffer overflow in hexadecimal conversion CVE-2026-28389 / CVE-2026-28390: NULL pointer dereferences in CMS processing SQLite 3.53.0.0 CVE-2025-6965: High-severity memory co
Salt Minion LTS MSI x64 Version 30.06.24
Changelog$$$Fixed$$$Fixed inotify file descriptor leak in beacons. When beacons are refreshed (e.g. during module refresh or pillar refresh); the old beacon modules are now properly closed before creating new ones; preventing exhaustion of the inotify instance limit. Also fixed beacon delete not calling the beacons close function; causing resource leaks and CPU spin after deleting beacons at runtime via beacons.delete. #66449$$$$$$Fixed x509_v2.certificate_managed state fails if another state.apply is queued #66929$$$$$$Fixed x509_v2 private_key_managed failing on Windows due to default mode argument #66942$$$$$$Windows LGPO / audit policy: Advanced audit policy is now read and applied through the Windows security API (AuditQuerySystemPolicy / AuditSetSystemPolicy) instead of parsing auditpol output; so behavior no longer depends on the system locale. #68354$$$$$$Decouple the pub timeout from opts timeout. Programatic useage of client now has a 30 second timeout. #68597$$$$$$Fix salt-call and salt-pip to honor configured user for privilege dropping #68684$$$$$$Fix mac_brew_pkg.list_pkgs crashing or producing incorrect results when Homebrew returns null values for cask metadata:$$$$$$When the installed version of a cask is null (e.g. Homebrew cannot determine the installed version); it is now reported as unknown instead of raising an error.$$$$$$When full_token is null; it is now filtered out so that None is never used as a package name key in the returned dictionary. #68763$$$$$$Prevented generation of spurious ppbt toolchain in /root/.local on RPM upgrade$$$$$$Stale pycache files now get cleaned up on RPM upgrade #68781$$$$$$Ensure Salt file and directory ownership is correctly detected and preserved when upgrading RPM and Debian packages; particularly when running Salt as a non-root user. #68793$$$$$$Upgrade relenv to 0.22.5 which pins openssl to an LTS version (3.5.x) #68803$$$$$$Patch the vendored tornado version to account for CVE patches that have been applied. #68820$$$$$$Made x509_v2 certificate_managed respect copypath and prepend_cn parameters #68828$$$$$$Upgrade pyopenssl to >= 26.0.0$$$$$$CVE-2026-27459$$$$$$CVE-2026-27448 #68832$$$$$$Patch tornado for BDSA-2025-60810 #68853$$$$$$Patch tornado for BDSA-2026-3867 #68854$$$$$$Fixed source package builds (DEB/RPM) failing with LookupError: hatchling is already being built by adding hatchling to the --only-binary allow-list so pip uses its universal wheel instead of attempting a circular source build. #68858$$$$$$Upgrade relenv to 0.22.7$$$$$$Upgread Python Versions 3.12.13; 3.11.15; 3.10.20$$$$$$CVE-2024-6923: Header injection in email module$$$$$$CVE-2026-24515; CVE-2026-25210; CVE-2025-59375: XML memory amplification and libexpat vulnerabilities$$$$$$SQLite 3.51.3.0$$$$$$CVE-2025-70873: Heap memory disclosure in zipfile extension$$$$$$CVE-2025-7709: Integer overflow in FTS5 extension$$$$$$Fixes WAL-reset bug preventing database corruption$$$$$$XZ Utils 5.8.3$$$$$$CVE-2026-34743: Buffer overflow in lzma_index_append()$$$$$$Expat 2.7.5$$$$$$CVE-2026-32776: NULL pointer dereference in external parameter entities$$$$$$CVE-2026-32777: Infinite loop in entityValueProcessor$$$$$$CVE-2026-32778: NULL pointer dereference during OOM recovery #68884$$$$$$Minion properly closes pub channel when authentication to the master failes; prevents leaking file handles. #68901$$$$$$Patch tornado for BDSA-2026-6522 #68920$$$$$$Perl 5.42.2.1 CVE-2026-4176: Memory corruption in Compress::Raw::Zlib core module CVE-2026-3381 / CVE-2026-27171: zlib vulnerabilities within compression capabilities OpenSSL 3.5.6 CVE-2026-31790: Leakage from uninitialized memory in RSA KEM RSASVE CVE-2026-2673: Loss of key agreement group tuple structure CVE-2026-28387: Potential use-after-free in DANE client code CVE-2026-28388: DoS via NULL pointer dereference in delta CRL processing CVE-2026-31789: Heap buffer overflow in hexadecimal conversion CVE-2026-28389 / CVE-2026-28390: NULL pointer dereferences in CMS processing SQLite 3.53.0.0 CVE-2025-6965: High-severity memory co
Salt Minion LTS MSI x64 Version 30.06.23
Salt 3006.23 release notes$$$Changelog$$$No significant changes.
Salt Minion LTS EXE x64 Version 3006.23
Salt 3006.23 release notes$$$Changelog$$$No significant changes.
Salt Minion LTS MSI x64 Version 30.06.23
Salt 3006.23 release notes$$$Changelog$$$No significant changes.
Salt Minion LTS EXE x64 Version 3006.23
Salt 3006.23 release notes$$$Changelog$$$No significant changes.
Salt Version 3007.13
Automation and infrastructure management engine
Salt Version 3007.13
Automation and infrastructure management engine
Salt Version 3007.13
Automation and infrastructure management engine
Salt Minion STS MSI x64 Version 30.07.13
Salt 3007.13 release notes$$$Changelog$$$Fixed$$$Fix user.info when querying domain users. Uses DsGetDcName for more dependable domain controller lookup. #68612$$$Fixed minion instability and resource exhaustion under high load by implementing resource-aware job queuing and backpressure. Added process_count_max enforcement and disk-based queuing to prevent unbounded process spawning and file descriptor exhaustion. #68703
Salt Minion STS EXE x64 Version 3007.13
Salt 3007.13 release notes$$$Changelog$$$Fixed$$$Fix user.info when querying domain users. Uses DsGetDcName for more dependable domain controller lookup. #68612$$$Fixed minion instability and resource exhaustion under high load by implementing resource-aware job queuing and backpressure. Added process_count_max enforcement and disk-based queuing to prevent unbounded process spawning and file descriptor exhaustion. #68703
Salt Minion STS MSI x64 Version 30.07.13
Salt 3007.13 release notes$$$Changelog$$$Fixed$$$Fix user.info when querying domain users. Uses DsGetDcName for more dependable domain controller lookup. #68612$$$Fixed minion instability and resource exhaustion under high load by implementing resource-aware job queuing and backpressure. Added process_count_max enforcement and disk-based queuing to prevent unbounded process spawning and file descriptor exhaustion. #68703
Salt Minion STS EXE x64 Version 3007.13
Salt 3007.13 release notes$$$Changelog$$$Fixed$$$Fix user.info when querying domain users. Uses DsGetDcName for more dependable domain controller lookup. #68612$$$Fixed minion instability and resource exhaustion under high load by implementing resource-aware job queuing and backpressure. Added process_count_max enforcement and disk-based queuing to prevent unbounded process spawning and file descriptor exhaustion. #68703
Salt Version 3007.12
Automation and infrastructure management engine
Salt Version 3007.11
Automation and infrastructure management engine
Salt Version 3007.11
Automation and infrastructure management engine
Salt Minion STS MSI x64 Version 30.07.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS MSI x64 Version 30.06.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS EXE x64 Version 3006.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion STS EXE x64 Version 3007.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion STS MSI x64 Version 30.07.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS MSI x64 Version 30.06.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS EXE x64 Version 3006.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion STS EXE x64 Version 3007.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion STS MSI x64 Version 30.07.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS MSI x64 Version 30.06.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion STS MSI x64 Version 30.07.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS MSI x64 Version 30.06.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion LTS EXE x64 Version 3006.19
Salt 3006.19 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Minion STS EXE x64 Version 3007.11
Salt 3007.11 release notes$$$Changelog$$$Fixed$$$Fixed a typo in salt.util.cloud to detect the version of winrm #68561$$$$$$Patched tornado for BDSA-2025-60811 and BDSA-2025-60812 #68594$$$$$$Increase pub and pub_async timeouts on LocalClient from 5 to 15 for better handling of network delays. This change only affects programatic usage of LocalClient. #68597$$$$$$Added lazy_loader_strict_matching minion configuration option to reduce memory usage by skipping the expensive fallback search that scans through every module file. #68606$$$$$$Upgrade relenv to 0.22.2:$$$$$$Remove RPATH from shared libraries that do not link to any other libraries in our environment.$$$$$$Ensure we always return a proper and consistang default python version for create; fetch; build commands. #68607$$$$$$Mitigate CVE-2025-13836 in nxos utils #68618
Salt Version 3007.10
Automation and infrastructure management engine
Salt Version 3007.10
Automation and infrastructure management engine
Salt Minion STS EXE x64 Version 3007.9
Salt 3007.9 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix gnupghome directory translation for some versions of git for windows; e.g. 2.51.0.windows.2 #68392$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Version 3007.9
Automation and infrastructure management engine
Salt Minion STS EXE x64 Version 3007.9
Salt 3007.9 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix gnupghome directory translation for some versions of git for windows; e.g. 2.51.0.windows.2 #68392$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Version 3007.9
Automation and infrastructure management engine
Salt Minion STS MSI x64 Version 30.07.9
Salt 3007.9 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix gnupghome directory translation for some versions of git for windows; e.g. 2.51.0.windows.2 #68392$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Minion LTS MSI x64 Version 30.06.17
Salt 3006.17 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Minion LTS EXE x64 Version 3006.17
Salt 3006.17 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Minion STS MSI x64 Version 30.07.9
Salt 3007.9 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix gnupghome directory translation for some versions of git for windows; e.g. 2.51.0.windows.2 #68392$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Minion LTS MSI x64 Version 30.06.17
Salt 3006.17 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Minion LTS EXE x64 Version 3006.17
Salt 3006.17 release notes$$$Changelog$$$Fixed$$$Render post/pre up/down and hwaddr options for debian-ip. See #58210 and #57820. #58210$$$$$$Fix event flood by ensuring we do not retry sending the event indefinitely to the Master of Masters. #61845$$$$$$Prevent _pygit2.GitError: error loading known_hosts with certain pygit2/libgit2 versions. #64121$$$$$$salt-ssh now supports state.sls_exists (#66893) #66893$$$$$$Allows file.symlink to pass a string to cmd_check #66939$$$$$$Simplied and sped up utils.json.find_json function #68258$$$$$$Improved runtime performance of chocolatey.installed #68308$$$$$$Add check for vault in opts var #68312$$$$$$Fixed user.present not having capability to persist home directory by adding persist_home flag. #68322$$$$$$Fixed pkg.installed state from showing warning if python rpm package not installed. Fixed pkg.installed state from showing warning and using slow process fork for version comparison when rpmdevtools is installed #68341$$$$$$Update pre-commit version used in github workflows to 4.3.0 #68349$$$$$$Fixed issue with network grains in interfaces that dont support ip4 or ip6 #68355$$$$$$Patch tornado for BDSA-2024-3438 #68377$$$$$$Patch tornado for BDSA-2024-3439 #68379$$$$$$Patch tornado for BDSA-2025-4215 #68381$$$$$$Patch tornado for BDSA-2024-9026 #68383$$$$$$Update LZMA to 5.8.2$$$$$$Update ncurses to 6.5$$$$$$Update openssl to 3.5.4$$$$$$Fix shebang creating to work with pip >=25.2$$$$$$Fix python source hash checking$$$$$$Update to recent python versions: 3.12.12; 3.11.14; 3.10.19 and 3.9.24. #68385$$$$$$Fixed the lgpo_reg error when reading REG_BINARY type data in the registry.pol file. #68387$$$$$$Fix leak in SaltMessageServer where the unpacker was re-used on a stream disconnect. #68394$$$$$$Upgrade relenv to 0.21.2:$$$$$$We refresh the ensurepip bundle during every build so new runtimes ship with pip 25.2 and setuptools 80.9.0.$$$$$$Windows builds now pull newer SQLite (3.50.4.0) and XZ (5.6.2) sources; copy in a missing XZ config file; and tweak SBOM metadata; the libexpat update is prepared but only runs on older maintenance releases.$$$$$$Our downloader helpers log more clearly; know about more archive formats; and retry cleanly on transient errors.$$$$$$pip’s changing install API is handled by runtime wrappers that adapt to all of the current signatures.$$$$$$Linux verification tests install pip 25.2/25.3 before building setuptools to make sure that flow keeps working. #68431$$$$$$salt/utils/odict.py has been deprecated and will be removed in 3009. Use the standard library implementation instead. #68440$$$$$$Fixed issue in cmd execution module that always return Invalid user for domain users. #68450$$$$$$Fixed authentication protocol version downgrade vulnerability (CVE-2025-62349) by adding minimum_auth_version configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks.$$$$$$BREAKING CHANGE: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3; you must temporarily set minimum_auth_version: 0 in the master configuration before upgrading the master; then upgrade all minions before removing this override. #68467$$$$$$Fixed unsafe YAML loader usage in junos execution module (CVE-2025-62348) #68469
Salt Minion STS MSI x64 Version 30.07.8
SALT 3007.8 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix filedescriptor out of range problem in tcp.py by replacing select.sect() with the higher-level selectors API #68136$$$$$$Fixed loader handling of already loaded modules; thereby fixed an interaction between the x509_v2 state module and any following state having a prereq on a file state #68281$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion LTS MSI x64 Version 30.06.16
SALT 3006.16 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion STS EXE x64 Version 3007.8
SALT 3007.8 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix filedescriptor out of range problem in tcp.py by replacing select.sect() with the higher-level selectors API #68136$$$$$$Fixed loader handling of already loaded modules; thereby fixed an interaction between the x509_v2 state module and any following state having a prereq on a file state #68281$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion LTS EXE x64 Version 3006.16
SALT 3006.16 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion STS MSI x64 Version 30.07.8
SALT 3007.8 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix filedescriptor out of range problem in tcp.py by replacing select.sect() with the higher-level selectors API #68136$$$$$$Fixed loader handling of already loaded modules; thereby fixed an interaction between the x509_v2 state module and any following state having a prereq on a file state #68281$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion LTS MSI x64 Version 30.06.16
SALT 3006.16 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion STS EXE x64 Version 3007.8
SALT 3007.8 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix filedescriptor out of range problem in tcp.py by replacing select.sect() with the higher-level selectors API #68136$$$$$$Fixed loader handling of already loaded modules; thereby fixed an interaction between the x509_v2 state module and any following state having a prereq on a file state #68281$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion LTS EXE x64 Version 3006.16
SALT 3006.16 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion STS MSI x86 Version 30.07.8
SALT 3007.8 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix filedescriptor out of range problem in tcp.py by replacing select.sect() with the higher-level selectors API #68136$$$$$$Fixed loader handling of already loaded modules; thereby fixed an interaction between the x509_v2 state module and any following state having a prereq on a file state #68281$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion LTS MSI x86 Version 30.06.16
SALT 3006.16 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Minion STS EXE x86 Version 3007.8
SALT 3007.8 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix filedescriptor out of range problem in tcp.py by replacing select.sect() with the higher-level selectors API #68136$$$$$$Fixed loader handling of already loaded modules; thereby fixed an interaction between the x509_v2 state module and any following state having a prereq on a file state #68281$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Version 3007.8
Automation and infrastructure management engine
Salt Minion LTS EXE x86 Version 3006.16
SALT 3006.16 RELEASE NOTES$$$CHANGELOG$$$FIXED$$$Fixed an issue with the win_network salt.util to select interfaces by name instead of description. #58138$$$$$$Fixes debug logging for master AES and session keys to be consistent across crypt.AsyncAuth._authenticate() and crypt.SAuth.authenticate(). Now differentiates between master key rotation and session key rotation. #68113$$$$$$Fix potential race conditions an memory usage in zeromq request client tranport. #68297$$$$$$Revert change to store cargo home as a temporary directory #68311$$$$$$Update openssl FIPS provider to 3.1.2 (certified until 2030) #68317$$$$$$ADDED$$$Added the ability to pass the context to pyobjects renderer #68224
Salt Version 3007.8
Automation and infrastructure management engine
Salt Version 3007.7
Automation and infrastructure management engine
Salt Minion STS MSI x86 Version 30.07.7
Salt 3007.7 release notes$$$Changelog$$$$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS MSI x86 Version 30.06.15
Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS MSI x64 Version 30.07.7
Salt 3007.7 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS MSI x64 Version 30.06.15
Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS EXE x86 Version 3007.7
Salt 3007.7 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS EXE x64 Version 3007.7
Salt 3007.7 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS MSI x86 Version 30.07.7
Salt 3007.7 release notes$$$Changelog$$$$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS MSI x86 Version 30.06.15
Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS MSI x64 Version 30.07.7
Salt 3007.7 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS MSI x64 Version 30.06.15
Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS EXE x86 Version 3007.7
Salt 3007.7 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion STS EXE x64 Version 3007.7
Salt 3007.7 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead.$$$Fixed max_depth not respected in file.directory state$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings.$$$Ensure the right HOME environment value is set during Pygit2 remote initialization. $$$Fix sync_renderers failure when the custom renderer is specified via config$$$modules.aptpkg: correct handling of foreign-arch packages$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$cmdmod: fix special character handling on Windows $$$cmdmod: fix quotation handling with Windows and Powershell $$$Fix test mode causing unintended execution when non-boolean values are passed.$$$Fixed ssh_known_hosts.present failure when ssh host keys changed $$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability $$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$win_runas: fix output decoding exceptions win_runas: ensure opened handles are closed $$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback. $$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$Upgrade onedir relenv to 0.20.5:$$$Update gdbm from 1.25 to 1.26$$$Update libffi from 3.5.1 to 3.5.2$$$Update readline from 8.2.13 to 8.3$$$Update sqlite from 3.50.2 to 3.50.4$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965) $$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$win_runas: support cmdmod parameters bg; env; redirect_stderr; timeout$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS EXE x86 Version 3006.15
Salt 3006.15 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS EXE x64 Version 3006.15
Salt 3006.15 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS EXE x86 Version 3006.15
Salt 3006.15 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Minion LTS EXE x64 Version 3006.15
Salt 3006.15 release notes$$$Changelog$$$Changed$$$cmdmod: invoke a shell only with cmd.shell or when using the shell parameter cmdmod: run PowerShell scripts via -File instead of -Command cmdmod: allow passing args as a list for cmd.script cmdmod: return an error when running a bad command with cmd.powershell $$$$$$Fixed$$$Fixes issue with the minion.restart function not working with systemd. Will now detect if the system is using systemd or is a Windows system and use service.restart instead. $$$$$$Fixed max_depth not respected in file.directory state $$$$$$Updated CLI examples in docs to conform to bash syntax. Standardized documentation on Windows modules to Google Style Python Docstrings. $$$Ensure the right HOME environment value is set during Pygit2 remote initialization.$$$$$$Ensure network connections are cleanly closed in ipc and tcp transports $$$$$$cmdmod: fix special character handling on Windows $$$$$$cmdmod: fix quotation handling with Windows and Powershell $$$$$$Fixed ssh_known_hosts.present failure when ssh host keys changed$$$$$$Revert ipc_write_timeout change (3006.13) due to multiple reports of this change causing instability$$$$$$cmdmod: handle cases where the temp script is not removed with cmd.script$$$$$$Fixed MinionManager.stop() to allow processing of minion event bus when called; to allow jobs returns from service.restart salt-minion no_block=True to reach master. $$$$$$grains.disks: fix exception with incompatible output of Get-PhysicalDisk $$$$$$Log a useful error if the minions key is overwritten with bad data; instead of a traceback.$$$$$$win_lgpo_reg only applies user settings to the registry.pol file. It no longer applies those same settings to the user registry. Those settings will be applied to all users the next time they log in. $$$$$$salt.crypt.AsyncAuth and salt.crypt.SAuth read the private key from the filesystem a single time. $$$$$$Modifies systemd_service.{restart;stop} to default to using no_block=True when the service being stopped or restarted is the salt-minion. $$$$$$Upgrade onedir relenv to 0.20.5:$$$$$$Update gdbm from 1.25 to 1.26$$$$$$Update libffi from 3.5.1 to 3.5.2$$$$$$Update readline from 8.2.13 to 8.3$$$$$$Update sqlite from 3.50.2 to 3.50.4$$$$$$Update sqlite on windows from 3.40.1 to 0.35.4 (CVE-2025-6965)$$$$$$Added$$$Added a new force option to pkg.install on Windows to force the installer to run even if the package is already installed $$$$$$Adds support for creating a scheduled job to restart the minion if the initial attempt at restarting it via minion.restart has failed.
Salt Version 3007.6
Automation and infrastructure management engine
Salt Minion STS MSI x64 Version 30.07.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS MSI x86 Version 30.07.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS EXE x64 Version 3007.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS MSI x64 Version 30.07.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS MSI x86 Version 30.07.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS EXE x64 Version 3007.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion LTS EXE x86 Version 3006.13
Salt Minion LTS EXE x64 Version 3006.13
Salt Minion LTS MSI x86 Version 30.06.13
Salt Minion LTS MSI x64 Version 30.06.13
Salt Minion STS EXE x64 Version 3007.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS MSI x86 Version 30.07.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS MSI x64 Version 30.07.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion LTS EXE x86 Version 3006.13
Salt Minion LTS EXE x64 Version 3006.13
Salt Minion LTS MSI x86 Version 30.06.13
Salt Minion LTS MSI x64 Version 30.06.13
Salt Minion STS EXE x64 Version 3007.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS MSI x86 Version 30.07.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS MSI x64 Version 30.07.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS MSI x86 Version 30.07.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.$$$$$$CVSS Score 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N$$$$$$CVE-2025-22236 Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).$$$$$$CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Salt Minion STS MSI x64 Version 30.07.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Salt Minion STS MSI x86 Version 30.07.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.$$$$$$CVSS Score 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N$$$$$$CVE-2025-22236 Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).$$$$$$CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Salt Minion STS MSI x64 Version 30.07.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Salt Minion STS MSI x86 Version 30.07.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.$$$$$$CVSS Score 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N$$$$$$CVE-2025-22236 Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).$$$$$$CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Salt Minion STS MSI x64 Version 30.07.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Salt Minion STS EXE x64 Version 3007.4
Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt Minion LTS EXE x86 Version 3006.12
Salt Minion LTS EXE x64 Version 3006.12
Salt Minion STS EXE x64 Version 3007.4
Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt Minion LTS MSI x86 Version 30.06.12
Salt Minion LTS MSI x64 Version 30.06.12
Salt Minion LTS EXE x86 Version 3006.12
Salt Minion LTS EXE x64 Version 3006.12
Salt Minion STS EXE x64 Version 3007.4
Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt Minion LTS MSI x86 Version 30.06.12
Salt Minion LTS MSI x64 Version 30.06.12
Salt Minion STS EXE x86 Version 3007.3
Salt 3007.3 release notes$$$Changelog$$$Added$$$Added the ability to configure the cluster event port and added documentation for it #66627
Salt Minion STS MSI x86 Version 30.07.3
Salt 3007.3 release notes$$$Changelog$$$Added$$$Added the ability to configure the cluster event port and added documentation for it #66627
Salt Minion STS MSI x64 Version 30.07.3
Salt 3007.3 release notes$$$Changelog$$$Added$$$Added the ability to configure the cluster event port and added documentation for it #66627
Salt Minion STS EXE x64 Version 3007.3
Salt 3007.3 release notes$$$Changelog$$$Added$$$Added the ability to configure the cluster event port and added documentation for it #66627
Salt Minion LTS EXE x64 Version 3006.11
Salt Minion LTS MSI x86 Version 30.06.11
Salt Minion LTS MSI x64 Version 30.06.11
Salt Minion LTS EXE x86 Version 3006.11
Salt Minion LTS EXE x64 Version 3006.11
Salt Minion STS EXE x86 Version 3007.2
Salt Minion STS EXE x64 Version 3007.2
Salt Minion STS MSI x86 Version 30.07.2
Salt Minion STS MSI x64 Version 30.07.2
Not updated by vendor$$$https://github.com/saltstack/salt/releases/tag/v3007.2
Salt Minion LTS MSI x86 Version 30.06.10
Salt 3006.10 release notes$$$Changelog$$$Removed$$$Remove psutil_compat.py file; which should have been removed when RHEL 6 EOL #66467$$$$$$Removed dependency on bsdmainutils package for Debian and Ubuntu #67184$$$$$$Deprecated$$$Drop Arch Linux support #66886$$$$$$Removed support for end of life Python 3.7 and 3.8 from pre-commit and requirements #67729$$$$$$Fixed$$$Commands on Windows are now prefixed with cmd /c so that compound commands (commands separated by &&) run properly when using runas #44736$$$$$$Issue 58969: Fixes an issue with saltclass.expand_classes_in_order function where it was losing nested classes states during class expansion. The logic now use salt.utils.odict.OrderedDict to keep the inclusion ordering. #58969$$$$$$Fix issue with RunAs on Windows so that usernames of all numeric characters are handled as strings #59344$$$$$$Fixed an issue on Windows where checking success_retcodes when using the runas parameter would fail. Now success_retcodes are checked correctly #59977$$$$$$Fix an issue with cmd.script in Windows so that the exit code from a script will be passed through to the retcode of the state #60884$$$$$$Fixed an issue uninstalling packages on Windows using pkg.removed where there are multiple versions of the same software installed #61001$$$$$$Ensure file clients for runner; wheel; local and caller are available from the client_cache if called upon. #61416$$$$$$Convert stdin string to bytes regardless of stdin_raw_newlines #62501$$$$$$Issue 63933: Fixes an issue with saltclass.expanded_dict_from_minion function where it was passing a reference to minion dict which was overridden by nested classes during class expansion. Copy the node definition with copy.deepcopy instead of passing a reference. #63933$$$$$$Fixed an intermittent issue with file.recurse where the state would report failure even on success. Makes sure symlinks are created after the target file is created #64630$$$$$$The profile outputter does not crash with incorrectly formatted data #65104$$$$$$Updating version comparison for rpm and removed obsolete comparison methods for rpms #65443$$$$$$Fix batch mode hang indefinitely in some scenarios #66249$$$$$$Applying selinux.fcontext_policy_present to a shorter path than an existing entry now works #66252$$$$$$Correct bash-completion for Debian / Ubuntu #66560$$$$$$Fix minion config option startup_states #66592$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fixes an issue when getting account names using the get_name function in the win_dacl.py salt util. Capability SIDs return None. SIDs for deleted accounts return the SID. SIDs for domain accounts where the system is not connected to the domain return the SID. #66637$$$$$$Fixed an issue where status.master wasnt detecting a connection to the specified master properly #66716$$$$$$Fixed win_wua.available when some of the update objects are empty CDispatch objects. The available function no longer crashes #66718$$$$$$Clean up multiprocessing file handles on minion #66726$$$$$$Fixed nacl.keygen for not yet existing sk_file or pk_file #66772$$$$$$fix yaml output #66783$$$$$$Fixed an issue where enabling grain_opts in the minion config would cause some core grains to be overwritten. #66784$$$$$$Fix an issue where files created using salt.utils.atomicile.atomic_open() were created with restrictive permissions instead of respecting the umask. #66786$$$$$$Fix bad async_method name on AsyncPubClient class #66789$$$$$$Ensure Manjaro ARM reports the correct os_family of Arch. #66796$$$$$$Removed salt.utils.data.decode usage from the fileserver. This function was necessary to support Python 2. This speeds up loading the list cache by 80-90x. #66835$$$$$$Issue 66837: Fixes an issue with the network.local_port_tcp function where it was not parsing the IPv4 mapped IPv6 address correctly. The ::ffff: is now removed and only the IP address is returned. #66837$$$$$$Better handling output of systemctl --version with salt.grains.core._systemd #66856$$$$$$Upgrade relenv to 0.
Salt Minion LTS MSI x64 Version 30.06.10
Salt 3006.10 release notes$$$Changelog$$$Removed$$$Remove psutil_compat.py file; which should have been removed when RHEL 6 EOL #66467$$$$$$Removed dependency on bsdmainutils package for Debian and Ubuntu #67184$$$$$$Deprecated$$$Drop Arch Linux support #66886$$$$$$Removed support for end of life Python 3.7 and 3.8 from pre-commit and requirements #67729$$$$$$Fixed$$$Commands on Windows are now prefixed with cmd /c so that compound commands (commands separated by &&) run properly when using runas #44736$$$$$$Issue 58969: Fixes an issue with saltclass.expand_classes_in_order function where it was losing nested classes states during class expansion. The logic now use salt.utils.odict.OrderedDict to keep the inclusion ordering. #58969$$$$$$Fix issue with RunAs on Windows so that usernames of all numeric characters are handled as strings #59344$$$$$$Fixed an issue on Windows where checking success_retcodes when using the runas parameter would fail. Now success_retcodes are checked correctly #59977$$$$$$Fix an issue with cmd.script in Windows so that the exit code from a script will be passed through to the retcode of the state #60884$$$$$$Fixed an issue uninstalling packages on Windows using pkg.removed where there are multiple versions of the same software installed #61001$$$$$$Ensure file clients for runner; wheel; local and caller are available from the client_cache if called upon. #61416$$$$$$Convert stdin string to bytes regardless of stdin_raw_newlines #62501$$$$$$Issue 63933: Fixes an issue with saltclass.expanded_dict_from_minion function where it was passing a reference to minion dict which was overridden by nested classes during class expansion. Copy the node definition with copy.deepcopy instead of passing a reference. #63933$$$$$$Fixed an intermittent issue with file.recurse where the state would report failure even on success. Makes sure symlinks are created after the target file is created #64630$$$$$$The profile outputter does not crash with incorrectly formatted data #65104$$$$$$Updating version comparison for rpm and removed obsolete comparison methods for rpms #65443$$$$$$Fix batch mode hang indefinitely in some scenarios #66249$$$$$$Applying selinux.fcontext_policy_present to a shorter path than an existing entry now works #66252$$$$$$Correct bash-completion for Debian / Ubuntu #66560$$$$$$Fix minion config option startup_states #66592$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fixes an issue when getting account names using the get_name function in the win_dacl.py salt util. Capability SIDs return None. SIDs for deleted accounts return the SID. SIDs for domain accounts where the system is not connected to the domain return the SID. #66637$$$$$$Fixed an issue where status.master wasnt detecting a connection to the specified master properly #66716$$$$$$Fixed win_wua.available when some of the update objects are empty CDispatch objects. The available function no longer crashes #66718$$$$$$Clean up multiprocessing file handles on minion #66726$$$$$$Fixed nacl.keygen for not yet existing sk_file or pk_file #66772$$$$$$fix yaml output #66783$$$$$$Fixed an issue where enabling grain_opts in the minion config would cause some core grains to be overwritten. #66784$$$$$$Fix an issue where files created using salt.utils.atomicile.atomic_open() were created with restrictive permissions instead of respecting the umask. #66786$$$$$$Fix bad async_method name on AsyncPubClient class #66789$$$$$$Ensure Manjaro ARM reports the correct os_family of Arch. #66796$$$$$$Removed salt.utils.data.decode usage from the fileserver. This function was necessary to support Python 2. This speeds up loading the list cache by 80-90x. #66835$$$$$$Issue 66837: Fixes an issue with the network.local_port_tcp function where it was not parsing the IPv4 mapped IPv6 address correctly. The ::ffff: is now removed and only the IP address is returned. #66837$$$$$$Better handling output of systemctl --version with salt.grains.core._systemd #66856$$$$$$Upgrade relenv to 0.
Salt Minion LTS EXE x86 Version 3006.10
Salt 3006.10 release notes$$$Changelog$$$Removed$$$Remove psutil_compat.py file; which should have been removed when RHEL 6 EOL #66467$$$$$$Removed dependency on bsdmainutils package for Debian and Ubuntu #67184$$$$$$Deprecated$$$Drop Arch Linux support #66886$$$$$$Removed support for end of life Python 3.7 and 3.8 from pre-commit and requirements #67729$$$$$$Fixed$$$Commands on Windows are now prefixed with cmd /c so that compound commands (commands separated by &&) run properly when using runas #44736$$$$$$Issue 58969: Fixes an issue with saltclass.expand_classes_in_order function where it was losing nested classes states during class expansion. The logic now use salt.utils.odict.OrderedDict to keep the inclusion ordering. #58969$$$$$$Fix issue with RunAs on Windows so that usernames of all numeric characters are handled as strings #59344$$$$$$Fixed an issue on Windows where checking success_retcodes when using the runas parameter would fail. Now success_retcodes are checked correctly #59977$$$$$$Fix an issue with cmd.script in Windows so that the exit code from a script will be passed through to the retcode of the state #60884$$$$$$Fixed an issue uninstalling packages on Windows using pkg.removed where there are multiple versions of the same software installed #61001$$$$$$Ensure file clients for runner; wheel; local and caller are available from the client_cache if called upon. #61416$$$$$$Convert stdin string to bytes regardless of stdin_raw_newlines #62501$$$$$$Issue 63933: Fixes an issue with saltclass.expanded_dict_from_minion function where it was passing a reference to minion dict which was overridden by nested classes during class expansion. Copy the node definition with copy.deepcopy instead of passing a reference. #63933$$$$$$Fixed an intermittent issue with file.recurse where the state would report failure even on success. Makes sure symlinks are created after the target file is created #64630$$$$$$The profile outputter does not crash with incorrectly formatted data #65104$$$$$$Updating version comparison for rpm and removed obsolete comparison methods for rpms #65443$$$$$$Fix batch mode hang indefinitely in some scenarios #66249$$$$$$Applying selinux.fcontext_policy_present to a shorter path than an existing entry now works #66252$$$$$$Correct bash-completion for Debian / Ubuntu #66560$$$$$$Fix minion config option startup_states #66592$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fixes an issue when getting account names using the get_name function in the win_dacl.py salt util. Capability SIDs return None. SIDs for deleted accounts return the SID. SIDs for domain accounts where the system is not connected to the domain return the SID. #66637$$$$$$Fixed an issue where status.master wasnt detecting a connection to the specified master properly #66716$$$$$$Fixed win_wua.available when some of the update objects are empty CDispatch objects. The available function no longer crashes #66718$$$$$$Clean up multiprocessing file handles on minion #66726$$$$$$Fixed nacl.keygen for not yet existing sk_file or pk_file #66772$$$$$$fix yaml output #66783$$$$$$Fixed an issue where enabling grain_opts in the minion config would cause some core grains to be overwritten. #66784$$$$$$Fix an issue where files created using salt.utils.atomicile.atomic_open() were created with restrictive permissions instead of respecting the umask. #66786$$$$$$Fix bad async_method name on AsyncPubClient class #66789$$$$$$Ensure Manjaro ARM reports the correct os_family of Arch. #66796$$$$$$Removed salt.utils.data.decode usage from the fileserver. This function was necessary to support Python 2. This speeds up loading the list cache by 80-90x. #66835$$$$$$Issue 66837: Fixes an issue with the network.local_port_tcp function where it was not parsing the IPv4 mapped IPv6 address correctly. The ::ffff: is now removed and only the IP address is returned. #66837$$$$$$Better handling output of systemctl --version with salt.grains.core._systemd #66856$$$$$$Upgrade relenv to 0.
Salt Minion LTS EXE x64 Version 3006.10
Salt 3006.10 release notes$$$Changelog$$$Removed$$$Remove psutil_compat.py file; which should have been removed when RHEL 6 EOL #66467$$$$$$Removed dependency on bsdmainutils package for Debian and Ubuntu #67184$$$$$$Deprecated$$$Drop Arch Linux support #66886$$$$$$Removed support for end of life Python 3.7 and 3.8 from pre-commit and requirements #67729$$$$$$Fixed$$$Commands on Windows are now prefixed with cmd /c so that compound commands (commands separated by &&) run properly when using runas #44736$$$$$$Issue 58969: Fixes an issue with saltclass.expand_classes_in_order function where it was losing nested classes states during class expansion. The logic now use salt.utils.odict.OrderedDict to keep the inclusion ordering. #58969$$$$$$Fix issue with RunAs on Windows so that usernames of all numeric characters are handled as strings #59344$$$$$$Fixed an issue on Windows where checking success_retcodes when using the runas parameter would fail. Now success_retcodes are checked correctly #59977$$$$$$Fix an issue with cmd.script in Windows so that the exit code from a script will be passed through to the retcode of the state #60884$$$$$$Fixed an issue uninstalling packages on Windows using pkg.removed where there are multiple versions of the same software installed #61001$$$$$$Ensure file clients for runner; wheel; local and caller are available from the client_cache if called upon. #61416$$$$$$Convert stdin string to bytes regardless of stdin_raw_newlines #62501$$$$$$Issue 63933: Fixes an issue with saltclass.expanded_dict_from_minion function where it was passing a reference to minion dict which was overridden by nested classes during class expansion. Copy the node definition with copy.deepcopy instead of passing a reference. #63933$$$$$$Fixed an intermittent issue with file.recurse where the state would report failure even on success. Makes sure symlinks are created after the target file is created #64630$$$$$$The profile outputter does not crash with incorrectly formatted data #65104$$$$$$Updating version comparison for rpm and removed obsolete comparison methods for rpms #65443$$$$$$Fix batch mode hang indefinitely in some scenarios #66249$$$$$$Applying selinux.fcontext_policy_present to a shorter path than an existing entry now works #66252$$$$$$Correct bash-completion for Debian / Ubuntu #66560$$$$$$Fix minion config option startup_states #66592$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fixes an issue when getting account names using the get_name function in the win_dacl.py salt util. Capability SIDs return None. SIDs for deleted accounts return the SID. SIDs for domain accounts where the system is not connected to the domain return the SID. #66637$$$$$$Fixed an issue where status.master wasnt detecting a connection to the specified master properly #66716$$$$$$Fixed win_wua.available when some of the update objects are empty CDispatch objects. The available function no longer crashes #66718$$$$$$Clean up multiprocessing file handles on minion #66726$$$$$$Fixed nacl.keygen for not yet existing sk_file or pk_file #66772$$$$$$fix yaml output #66783$$$$$$Fixed an issue where enabling grain_opts in the minion config would cause some core grains to be overwritten. #66784$$$$$$Fix an issue where files created using salt.utils.atomicile.atomic_open() were created with restrictive permissions instead of respecting the umask. #66786$$$$$$Fix bad async_method name on AsyncPubClient class #66789$$$$$$Ensure Manjaro ARM reports the correct os_family of Arch. #66796$$$$$$Removed salt.utils.data.decode usage from the fileserver. This function was necessary to support Python 2. This speeds up loading the list cache by 80-90x. #66835$$$$$$Issue 66837: Fixes an issue with the network.local_port_tcp function where it was not parsing the IPv4 mapped IPv6 address correctly. The ::ffff: is now removed and only the IP address is returned. #66837$$$$$$Better handling output of systemctl --version with salt.grains.core._systemd #66856$$$$$$Upgrade relenv to 0.
Salt Version 3007.1
Automation and infrastructure management engine
Salt Minion LTS MSI x86 Version 30.06.9
Salt 3006.9 release notes$$$Changelog$$$Deprecated$$$Drop CentOS 7 support #66623$$$$$$No longer build RPM packages with CentOS Stream 9 #66624$$$$$$Fixed$$$Made slsutil.renderer work with salt-ssh #50196$$$$$$Fixed defaults.merge is not available when using salt-ssh #51605$$$$$$Fixed config.get does not support merge option with salt-ssh #56441$$$$$$Update to include croniter in pkg requirements #57649$$$$$$Fixed state.test does not work with salt-ssh #61100$$$$$$Made slsutil.findup work with salt-ssh #61143$$$$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$file.replace and file.search work properly with /proc files #63102$$$$$$Fix utf8 handling in pass renderer #64300$$$$$$Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. #64563$$$$$$salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. #64728$$$$$$Fixed slsutil.update with salt-ssh during template rendering #65067$$$$$$Fix config.items when called on minion #65251$$$$$$Ensure on rpm and deb systems; that user and group for existing Salt; is maintained on upgrade #65264$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$pkg.installed state aggregate does not honors requires requisite #65304$$$$$$Added SSH wrapper for logmod #65630$$$$$$Fix for GitFS failure to unlock lock file; and resource cleanup for process SIGTERM #65816$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Make sure the root minion process handles SIGUSR1 and emits a traceback like its child processes #66095$$$$$$Replaced pyvenv with builtin venv for virtualenv_mod #66132$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fix win_task ExecutionTimeLimit and result/error code interpretation #66347; #66441$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key #66414$$$$$$Fixed parallel state execution with Salt-SSH #66514$$$$$$Fix support for FIPS approved encryption and signing algorithms. #66579$$$$$$Fix relative file_roots paths #66588$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fix RPM package provides #66604$$$$$$Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip #66632$$$$$$Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) #66663$$$$$$Upgrade dependencies due to security issues:$$$$$$pymysql>=1.1.1$$$$$$requests>=2.32.0$$$$$$docker>=7.1.0 #66666$$$$$$Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 #66683$$$$$$Remove debug output from shell scripts for packaging #66747$$$$$$Added$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) #66624$$$$$$Security$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488$$$$$$CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is encountered. #66702
Salt Minion LTS MSI x64 Version 30.06.9
Salt 3006.9 release notes$$$Changelog$$$Deprecated$$$Drop CentOS 7 support #66623$$$$$$No longer build RPM packages with CentOS Stream 9 #66624$$$$$$Fixed$$$Made slsutil.renderer work with salt-ssh #50196$$$$$$Fixed defaults.merge is not available when using salt-ssh #51605$$$$$$Fixed config.get does not support merge option with salt-ssh #56441$$$$$$Update to include croniter in pkg requirements #57649$$$$$$Fixed state.test does not work with salt-ssh #61100$$$$$$Made slsutil.findup work with salt-ssh #61143$$$$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$file.replace and file.search work properly with /proc files #63102$$$$$$Fix utf8 handling in pass renderer #64300$$$$$$Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. #64563$$$$$$salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. #64728$$$$$$Fixed slsutil.update with salt-ssh during template rendering #65067$$$$$$Fix config.items when called on minion #65251$$$$$$Ensure on rpm and deb systems; that user and group for existing Salt; is maintained on upgrade #65264$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$pkg.installed state aggregate does not honors requires requisite #65304$$$$$$Added SSH wrapper for logmod #65630$$$$$$Fix for GitFS failure to unlock lock file; and resource cleanup for process SIGTERM #65816$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Make sure the root minion process handles SIGUSR1 and emits a traceback like its child processes #66095$$$$$$Replaced pyvenv with builtin venv for virtualenv_mod #66132$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fix win_task ExecutionTimeLimit and result/error code interpretation #66347; #66441$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key #66414$$$$$$Fixed parallel state execution with Salt-SSH #66514$$$$$$Fix support for FIPS approved encryption and signing algorithms. #66579$$$$$$Fix relative file_roots paths #66588$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fix RPM package provides #66604$$$$$$Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip #66632$$$$$$Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) #66663$$$$$$Upgrade dependencies due to security issues:$$$$$$pymysql>=1.1.1$$$$$$requests>=2.32.0$$$$$$docker>=7.1.0 #66666$$$$$$Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 #66683$$$$$$Remove debug output from shell scripts for packaging #66747$$$$$$Added$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) #66624$$$$$$Security$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488$$$$$$CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is encountered. #66702
Salt Minion LTS EXE x86 Version 3006.9
Changelog$$$Deprecated$$$Drop CentOS 7 support #66623$$$$$$No longer build RPM packages with CentOS Stream 9 #66624$$$$$$Fixed$$$Made slsutil.renderer work with salt-ssh #50196$$$$$$Fixed defaults.merge is not available when using salt-ssh #51605$$$$$$Fixed config.get does not support merge option with salt-ssh #56441$$$$$$Update to include croniter in pkg requirements #57649$$$$$$Fixed state.test does not work with salt-ssh #61100$$$$$$Made slsutil.findup work with salt-ssh #61143$$$$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$file.replace and file.search work properly with /proc files #63102$$$$$$Fix utf8 handling in pass renderer #64300$$$$$$Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. #64563$$$$$$salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. #64728$$$$$$Fixed slsutil.update with salt-ssh during template rendering #65067$$$$$$Fix config.items when called on minion #65251$$$$$$Ensure on rpm and deb systems; that user and group for existing Salt; is maintained on upgrade #65264$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$pkg.installed state aggregate does not honors requires requisite #65304$$$$$$Added SSH wrapper for logmod #65630$$$$$$Fix for GitFS failure to unlock lock file; and resource cleanup for process SIGTERM #65816$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Make sure the root minion process handles SIGUSR1 and emits a traceback like its child processes #66095$$$$$$Replaced pyvenv with builtin venv for virtualenv_mod #66132$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fix win_task ExecutionTimeLimit and result/error code interpretation #66347; #66441$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key #66414$$$$$$Fixed parallel state execution with Salt-SSH #66514$$$$$$Fix support for FIPS approved encryption and signing algorithms. #66579$$$$$$Fix relative file_roots paths #66588$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fix RPM package provides #66604$$$$$$Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip #66632$$$$$$Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) #66663$$$$$$Upgrade dependencies due to security issues:$$$$$$pymysql>=1.1.1$$$$$$requests>=2.32.0$$$$$$docker>=7.1.0 #66666$$$$$$Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 #66683$$$$$$Remove debug output from shell scripts for packaging #66747$$$$$$Added$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) #66624$$$$$$Security$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488$$$$$$CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is encountered. #66702
Salt Minion LTS EXE x64 Version 3006.9
Salt 3006.9 release notes$$$Changelog$$$Deprecated$$$Drop CentOS 7 support #66623$$$$$$No longer build RPM packages with CentOS Stream 9 #66624$$$$$$Fixed$$$Made slsutil.renderer work with salt-ssh #50196$$$$$$Fixed defaults.merge is not available when using salt-ssh #51605$$$$$$Fixed config.get does not support merge option with salt-ssh #56441$$$$$$Update to include croniter in pkg requirements #57649$$$$$$Fixed state.test does not work with salt-ssh #61100$$$$$$Made slsutil.findup work with salt-ssh #61143$$$$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$file.replace and file.search work properly with /proc files #63102$$$$$$Fix utf8 handling in pass renderer #64300$$$$$$Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. #64563$$$$$$salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. #64728$$$$$$Fixed slsutil.update with salt-ssh during template rendering #65067$$$$$$Fix config.items when called on minion #65251$$$$$$Ensure on rpm and deb systems; that user and group for existing Salt; is maintained on upgrade #65264$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$pkg.installed state aggregate does not honors requires requisite #65304$$$$$$Added SSH wrapper for logmod #65630$$$$$$Fix for GitFS failure to unlock lock file; and resource cleanup for process SIGTERM #65816$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Make sure the root minion process handles SIGUSR1 and emits a traceback like its child processes #66095$$$$$$Replaced pyvenv with builtin venv for virtualenv_mod #66132$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fix win_task ExecutionTimeLimit and result/error code interpretation #66347; #66441$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key #66414$$$$$$Fixed parallel state execution with Salt-SSH #66514$$$$$$Fix support for FIPS approved encryption and signing algorithms. #66579$$$$$$Fix relative file_roots paths #66588$$$$$$Fixed an issue with cmd.run with requirements when the shell is not the default #66596$$$$$$Fix RPM package provides #66604$$$$$$Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip #66632$$$$$$Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) #66663$$$$$$Upgrade dependencies due to security issues:$$$$$$pymysql>=1.1.1$$$$$$requests>=2.32.0$$$$$$docker>=7.1.0 #66666$$$$$$Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 #66683$$$$$$Remove debug output from shell scripts for packaging #66747$$$$$$Added$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) #66624$$$$$$Security$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488$$$$$$CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is encountered. #66702
Salt Minion STS EXE x86 Version 3007.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS EXE x86 Version 3007.6
Salt 3007.6 release notes$$$Changelog$$$Fixed$$$Onedir packages include relenv 0.19.4.$$$$$$Update sqlite to 3500200$$$$$$Update libffi to 3.5.1$$$$$$Update python 3.13 to 3.13.5$$$$$$Load default openssl modules when no system openssl binary exists #68014$$$$$$pkgrepo.managed not applying changes / account for name attr being part of the state #68107$$$$$$Fix test mode causing unintended execution when non-boolean values are passed. #68121
Salt Minion STS EXE x86 Version 3007.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS EXE x86 Version 3007.5
(release-3007.5)=$$$$$$Salt 3007.5 release notes$$$Changelog$$$Fixed$$$Zeromq RequestServer continues to serve requests after encountering an un-handled exception #66519$$$$$$Added support for icmpv6-type to salt.modules.nftables #67882
Salt Minion STS EXE x86 Version 3007.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt Minion STS EXE x86 Version 3007.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt Minion STS EXE x86 Version 3007.4
Salt 3007.4 release notes$$$Changelog$$$Fixed$$$CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.$$$$$$CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38823 Salts request server is vulnerable to replay attacks when not using a TLS encrypted transport.$$$$$$CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N$$$$$$CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.$$$$$$CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N$$$$$$CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The password field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication; as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt Minion STS MSI x86 Version 30.07.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS MSI x64 Version 30.07.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS EXE x86 Version 3007.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS EXE x64 Version 3007.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS MSI x86 Version 30.07.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS MSI x64 Version 30.07.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS EXE x86 Version 3007.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS EXE x64 Version 3007.1
SALT 3007.1 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please use the psutil module directly. #66160$$$$$$FIXED$$$Fixes multiple issues with the cmd module on Windows. Scripts are called using the -File parameter to the powershell binary. CLIXML data in stderr is now removed (only applies to encoded commands). Commands can now be sent to cmd.powershell as a list. Makes sure JSON data returned is valid. Strips whitespace from the return when using runas. #61166$$$$$$Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a rewrite to use PowerShell instead of netsh to make the changes on the system #61534$$$$$$Fix typo in nftables module to ensure unique nft family values #65295$$$$$$Corrected x509_v2 CRL creation last_update and next_update values when system timezone is not UTC #65837$$$$$$Fix for NoneType cant be used in await expression error. #66177$$$$$$Log Publish server binding pub to messages to debug instead of error level. #66179$$$$$$Fix syndic startup by making payload handler a coroutine #66237$$$$$$Fixed aptpkg.remove unable to locate package error for non-existent package #66260$$$$$$Fixed pillar.ls doesnt accept kwargs #66262$$$$$$Fix cache directory setting in Master Cluster tutorial #66264$$$$$$Change log level of successful master cluster key exchange from error to info. #66266$$$$$$Made file.managed skip download of a remote source if the managed file already exists with the correct hash #66342$$$$$$Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses #66382$$$$$$ADDED$$$Added the ability to pass a version of chocolatey to install to the chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap chocolatey. #64722$$$$$$Add Ubuntu 24.04 support #66180$$$$$$Add Fedora 40 support; replacing Fedora 39 #66300$$$$$$SECURITY$$$Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv #66433$$$$$$Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj #66488
Salt Minion STS EXE x64 Version 3007.0
***Refer this page for full details*** $$$https://docs.saltproject.io/en/latest/topics/releases/3007.0.html $$$$$$CHANGELOG$$$REMOVED$$$Removed RHEL 5 support since long since end-of-lifed #62520$$$$$$Removing Azure-Cloud modules from the code base. #64322$$$$$$Dropped Python 3.7 support since its EOL in 27 Jun 2023 #64417$$$$$$Remove salt.payload.Serial #64459$$$$$$Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod #64460$$$$$$Removed transport arg from salt.utils.event.get_event #64461$$$$$$Removed the usage of retired Linode API v3 from Salt Cloud #64517$$$$$$DEPRECATED$$$Deprecate all Proxmox cloud modules #64224$$$$$$Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. #64893$$$$$$Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. #64894$$$$$$Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. #64896$$$$$$Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. #64909$$$$$$Deprecation warning for Salts backport of OrderedDict class which will be removed in 3009 #65542$$$$$$Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 #65565$$$$$$Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 #65567$$$$$$Removed deprecated code:$$$$$$All of salt/log/ which has been on a deprecation path for a long time.$$$$$$Some of the logging handlers found in salt/_logging/handlers have been removed since the standard library provides them.$$$$$$Removed the deprecated salt/modules/cassandra_mod.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/cassandra_return.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/django_return.py module and any tests for it. #65986$$$$$$CHANGED$$$Masquerade property will not default to false turning off masquerade if not specified. #53120$$$$$$Addressed Python 3.11 deprecations:$$$$$$Switch to FullArgSpec since Py 3.11 no longer has ArgSpec; deprecated since Py 3.0$$$$$$Stopped using the deprecated cgi module.$$$$$$Stopped using the deprecated pipes module$$$$$$Stopped using the deprecated imp module #64457$$$$$$changed gpg_decrypt_must_succeed default from False to True #64462
Salt Minion STS MSI x64 Version 30.07.0
***Refer this page for full details*** $$$https://docs.saltproject.io/en/latest/topics/releases/3007.0.html $$$$$$CHANGELOG$$$REMOVED$$$Removed RHEL 5 support since long since end-of-lifed #62520$$$$$$Removing Azure-Cloud modules from the code base. #64322$$$$$$Dropped Python 3.7 support since its EOL in 27 Jun 2023 #64417$$$$$$Remove salt.payload.Serial #64459$$$$$$Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod #64460$$$$$$Removed transport arg from salt.utils.event.get_event #64461$$$$$$Removed the usage of retired Linode API v3 from Salt Cloud #64517$$$$$$DEPRECATED$$$Deprecate all Proxmox cloud modules #64224$$$$$$Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. #64893$$$$$$Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. #64894$$$$$$Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. #64896$$$$$$Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. #64909$$$$$$Deprecation warning for Salts backport of OrderedDict class which will be removed in 3009 #65542$$$$$$Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 #65565$$$$$$Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 #65567$$$$$$Removed deprecated code:$$$$$$All of salt/log/ which has been on a deprecation path for a long time.$$$$$$Some of the logging handlers found in salt/_logging/handlers have been removed since the standard library provides them.$$$$$$Removed the deprecated salt/modules/cassandra_mod.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/cassandra_return.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/django_return.py module and any tests for it. #65986$$$$$$CHANGED$$$Masquerade property will not default to false turning off masquerade if not specified. #53120$$$$$$Addressed Python 3.11 deprecations:$$$$$$Switch to FullArgSpec since Py 3.11 no longer has ArgSpec; deprecated since Py 3.0$$$$$$Stopped using the deprecated cgi module.$$$$$$Stopped using the deprecated pipes module$$$$$$Stopped using the deprecated imp module #64457$$$$$$changed gpg_decrypt_must_succeed default from False to True #64462
Salt Minion STS MSI x86 Version 30.07.0
***Refer this page for full details*** $$$https://docs.saltproject.io/en/latest/topics/releases/3007.0.html $$$$$$CHANGELOG$$$REMOVED$$$Removed RHEL 5 support since long since end-of-lifed #62520$$$$$$Removing Azure-Cloud modules from the code base. #64322$$$$$$Dropped Python 3.7 support since its EOL in 27 Jun 2023 #64417$$$$$$Remove salt.payload.Serial #64459$$$$$$Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod #64460$$$$$$Removed transport arg from salt.utils.event.get_event #64461$$$$$$Removed the usage of retired Linode API v3 from Salt Cloud #64517$$$$$$DEPRECATED$$$Deprecate all Proxmox cloud modules #64224$$$$$$Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. #64893$$$$$$Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. #64894$$$$$$Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. #64896$$$$$$Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. #64909$$$$$$Deprecation warning for Salts backport of OrderedDict class which will be removed in 3009 #65542$$$$$$Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 #65565$$$$$$Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 #65567$$$$$$Removed deprecated code:$$$$$$All of salt/log/ which has been on a deprecation path for a long time.$$$$$$Some of the logging handlers found in salt/_logging/handlers have been removed since the standard library provides them.$$$$$$Removed the deprecated salt/modules/cassandra_mod.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/cassandra_return.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/django_return.py module and any tests for it. #65986$$$$$$CHANGED$$$Masquerade property will not default to false turning off masquerade if not specified. #53120$$$$$$Addressed Python 3.11 deprecations:$$$$$$Switch to FullArgSpec since Py 3.11 no longer has ArgSpec; deprecated since Py 3.0$$$$$$Stopped using the deprecated cgi module.$$$$$$Stopped using the deprecated pipes module$$$$$$Stopped using the deprecated imp module #64457$$$$$$changed gpg_decrypt_must_succeed default from False to True #64462
Salt Minion STS EXE x86 Version 3007.0
***Refer this page for full details*** $$$https://docs.saltproject.io/en/latest/topics/releases/3007.0.html $$$$$$CHANGELOG$$$REMOVED$$$Removed RHEL 5 support since long since end-of-lifed #62520$$$$$$Removing Azure-Cloud modules from the code base. #64322$$$$$$Dropped Python 3.7 support since its EOL in 27 Jun 2023 #64417$$$$$$Remove salt.payload.Serial #64459$$$$$$Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod #64460$$$$$$Removed transport arg from salt.utils.event.get_event #64461$$$$$$Removed the usage of retired Linode API v3 from Salt Cloud #64517$$$$$$DEPRECATED$$$Deprecate all Proxmox cloud modules #64224$$$$$$Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. #64893$$$$$$Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. #64894$$$$$$Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. #64896$$$$$$Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. #64909$$$$$$Deprecation warning for Salts backport of OrderedDict class which will be removed in 3009 #65542$$$$$$Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 #65565$$$$$$Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 #65567$$$$$$Removed deprecated code:$$$$$$All of salt/log/ which has been on a deprecation path for a long time.$$$$$$Some of the logging handlers found in salt/_logging/handlers have been removed since the standard library provides them.$$$$$$Removed the deprecated salt/modules/cassandra_mod.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/cassandra_return.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/django_return.py module and any tests for it. #65986$$$$$$CHANGED$$$Masquerade property will not default to false turning off masquerade if not specified. #53120$$$$$$Addressed Python 3.11 deprecations:$$$$$$Switch to FullArgSpec since Py 3.11 no longer has ArgSpec; deprecated since Py 3.0$$$$$$Stopped using the deprecated cgi module.$$$$$$Stopped using the deprecated pipes module$$$$$$Stopped using the deprecated imp module #64457$$$$$$changed gpg_decrypt_must_succeed default from False to True #64462
Salt Minion STS EXE x64 Version 3007.0
***Refer this page for full details*** $$$https://docs.saltproject.io/en/latest/topics/releases/3007.0.html $$$$$$CHANGELOG$$$REMOVED$$$Removed RHEL 5 support since long since end-of-lifed #62520$$$$$$Removing Azure-Cloud modules from the code base. #64322$$$$$$Dropped Python 3.7 support since its EOL in 27 Jun 2023 #64417$$$$$$Remove salt.payload.Serial #64459$$$$$$Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod #64460$$$$$$Removed transport arg from salt.utils.event.get_event #64461$$$$$$Removed the usage of retired Linode API v3 from Salt Cloud #64517$$$$$$DEPRECATED$$$Deprecate all Proxmox cloud modules #64224$$$$$$Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. #64893$$$$$$Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. #64894$$$$$$Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. #64896$$$$$$Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. #64909$$$$$$Deprecation warning for Salts backport of OrderedDict class which will be removed in 3009 #65542$$$$$$Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 #65565$$$$$$Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 #65567$$$$$$Removed deprecated code:$$$$$$All of salt/log/ which has been on a deprecation path for a long time.$$$$$$Some of the logging handlers found in salt/_logging/handlers have been removed since the standard library provides them.$$$$$$Removed the deprecated salt/modules/cassandra_mod.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/cassandra_return.py module and any tests for it.$$$$$$Removed the deprecated salt/returners/django_return.py module and any tests for it. #65986$$$$$$CHANGED$$$Masquerade property will not default to false turning off masquerade if not specified. #53120$$$$$$Addressed Python 3.11 deprecations:$$$$$$Switch to FullArgSpec since Py 3.11 no longer has ArgSpec; deprecated since Py 3.0$$$$$$Stopped using the deprecated cgi module.$$$$$$Stopped using the deprecated pipes module$$$$$$Stopped using the deprecated imp module #64457$$$$$$changed gpg_decrypt_must_succeed default from False to True #64462
Salt Minion EXE x86 Version 3006.5
SALT 3006.5 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$Tech Debt - support for pysss removed due to functionality addition in Python 3.3 #65029$$$$$$FIXED$$$Improved error message when state arguments are accidentally passed as a string #38098$$$$$$Allow pip.install to create a log file that is passed in if the parent directory is writeable #44722$$$$$$Fixed merging of complex pillar overrides with salt-ssh states #59802$$$$$$Fixed gpg pillar rendering with salt-ssh #60002$$$$$$Made salt-ssh states not re-render pillars unnecessarily #62230$$$$$$Made Salt maintain options in Debian package repo definitions #64130$$$$$$Migrated all invoke tasks to python-tools-scripts.$$$$$$tasks/docs.py -> tools/precommit/docs.py$$$$$$tasks/docstrings.py -> tools/precommit/docstrings.py$$$$$$tasks/loader.py -> tools/precommit/loader.py$$$$$$tasks/filemap.py -> tools/precommit/filemap.py #64374$$$$$$Fix salt user login shell path in Debian packages #64377$$$$$$Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data #64473$$$$$$Fixed an issue in the file.directory state where the children_only keyword argument was not being respected. #64497$$$$$$Move salt.ufw to correct location /etc/ufw/applications.d/ #64572$$$$$$Fixed salt-ssh stacktrace when retcode is not an integer #64575$$$$$$Fixed SSH shell seldomly fails to report any exit code #64588$$$$$$Fixed some issues in x509_v2 execution module private key functions #64597$$$$$$Fixed grp.getgrall() in utils/user.py causing performance issues #64888$$$$$$Fix user.list_groups omits remote groups via sssd; etc. #64953$$$$$$Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file #65027$$$$$$Moved gitfs locks to salt working dir to avoid lock wipes #65086$$$$$$Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI #65093$$$$$$Fix nonce verification; request server replies do not stomp on eachother. #65114$$$$$$speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. #65152$$$$$$Fix pkg.latest failing on windows for winrepo packages where the package is already up to date #65165$$$$$$Ensure kwarg is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy; which had kwargs popped when targeting multiple minions id. #65179$$$$$$Fixes traceback when state id is an int in a reactor SLS file. #65210$$$$$$Install logrotate config as /etc/logrotate.d/salt-common for Debian packages Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. #65231$$$$$$Use sha256 as the default hash_type. It has been the default since Salt v2016.9 #65287$$$$$$Preserve ownership on log rotation #65288$$$$$$Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. #65302$$$$$$Uprade relenv to 0.14.2$$$$$$Update openssl to address CVE-2023-5363.$$$$$$Fix bug in openssl setup when openssl binary cant be found.$$$$$$Add M1 mac support. #65316$$$$$$Fix regex for filespec adding/deleting fcontext policy in selinux #65340$$$$$$Ensure CLI options take priority over Saltfile options #65358$$$$$$Test mode for state function saltmod.wheel no longer sets result to (None;) #65372$$$$$$Client only process events which tag conforms to an event return. #65400$$$$$$Fixes an issue setting user or machine policy on Windows when the Group Policy directory is missing #65411$$$$$$Fix regression in file module which was not re-using a file client. #65450$$$$$$pip.installed state will now properly fail when a specified user does not exists #65458$$$$$$Publish channel connect callback method properly closes its request channel. #65464$$$$$$Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed #65483$$$$$$Fix file.comment ignore_missing not working with multiline char #65501$$$$$$Warn when an un-closed transport client is being garbage collected. #65554$$$$$$Only generate the HMACs for libssl.so.1.1 and libcrypto.so.1.1 if those
Salt Minion EXE x64 Version 3006.5
SALT 3006.5 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$Tech Debt - support for pysss removed due to functionality addition in Python 3.3 #65029$$$$$$FIXED$$$Improved error message when state arguments are accidentally passed as a string #38098$$$$$$Allow pip.install to create a log file that is passed in if the parent directory is writeable #44722$$$$$$Fixed merging of complex pillar overrides with salt-ssh states #59802$$$$$$Fixed gpg pillar rendering with salt-ssh #60002$$$$$$Made salt-ssh states not re-render pillars unnecessarily #62230$$$$$$Made Salt maintain options in Debian package repo definitions #64130$$$$$$Migrated all invoke tasks to python-tools-scripts.$$$$$$tasks/docs.py -> tools/precommit/docs.py$$$$$$tasks/docstrings.py -> tools/precommit/docstrings.py$$$$$$tasks/loader.py -> tools/precommit/loader.py$$$$$$tasks/filemap.py -> tools/precommit/filemap.py #64374$$$$$$Fix salt user login shell path in Debian packages #64377$$$$$$Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data #64473$$$$$$Fixed an issue in the file.directory state where the children_only keyword argument was not being respected. #64497$$$$$$Move salt.ufw to correct location /etc/ufw/applications.d/ #64572$$$$$$Fixed salt-ssh stacktrace when retcode is not an integer #64575$$$$$$Fixed SSH shell seldomly fails to report any exit code #64588$$$$$$Fixed some issues in x509_v2 execution module private key functions #64597$$$$$$Fixed grp.getgrall() in utils/user.py causing performance issues #64888$$$$$$Fix user.list_groups omits remote groups via sssd; etc. #64953$$$$$$Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file #65027$$$$$$Moved gitfs locks to salt working dir to avoid lock wipes #65086$$$$$$Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI #65093$$$$$$Fix nonce verification; request server replies do not stomp on eachother. #65114$$$$$$speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. #65152$$$$$$Fix pkg.latest failing on windows for winrepo packages where the package is already up to date #65165$$$$$$Ensure kwarg is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy; which had kwargs popped when targeting multiple minions id. #65179$$$$$$Fixes traceback when state id is an int in a reactor SLS file. #65210$$$$$$Install logrotate config as /etc/logrotate.d/salt-common for Debian packages Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. #65231$$$$$$Use sha256 as the default hash_type. It has been the default since Salt v2016.9 #65287$$$$$$Preserve ownership on log rotation #65288$$$$$$Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. #65302$$$$$$Uprade relenv to 0.14.2$$$$$$Update openssl to address CVE-2023-5363.$$$$$$Fix bug in openssl setup when openssl binary cant be found.$$$$$$Add M1 mac support. #65316$$$$$$Fix regex for filespec adding/deleting fcontext policy in selinux #65340$$$$$$Ensure CLI options take priority over Saltfile options #65358$$$$$$Test mode for state function saltmod.wheel no longer sets result to (None;) #65372$$$$$$Client only process events which tag conforms to an event return. #65400$$$$$$Fixes an issue setting user or machine policy on Windows when the Group Policy directory is missing #65411$$$$$$Fix regression in file module which was not re-using a file client. #65450$$$$$$pip.installed state will now properly fail when a specified user does not exists #65458$$$$$$Publish channel connect callback method properly closes its request channel. #65464$$$$$$Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed #65483$$$$$$Fix file.comment ignore_missing not working with multiline char #65501$$$$$$Warn when an un-closed transport client is being garbage collected. #65554$$$$$$Only generate the HMACs for libssl.so.1.1 and libcrypto.so.1.1 if those
Salt Minion MSI x86 Version 30.06.5
SALT 3006.5 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$Tech Debt - support for pysss removed due to functionality addition in Python 3.3 #65029$$$$$$FIXED$$$Improved error message when state arguments are accidentally passed as a string #38098$$$$$$Allow pip.install to create a log file that is passed in if the parent directory is writeable #44722$$$$$$Fixed merging of complex pillar overrides with salt-ssh states #59802$$$$$$Fixed gpg pillar rendering with salt-ssh #60002$$$$$$Made salt-ssh states not re-render pillars unnecessarily #62230$$$$$$Made Salt maintain options in Debian package repo definitions #64130$$$$$$Migrated all invoke tasks to python-tools-scripts.$$$$$$tasks/docs.py -> tools/precommit/docs.py$$$$$$tasks/docstrings.py -> tools/precommit/docstrings.py$$$$$$tasks/loader.py -> tools/precommit/loader.py$$$$$$tasks/filemap.py -> tools/precommit/filemap.py #64374$$$$$$Fix salt user login shell path in Debian packages #64377$$$$$$Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data #64473$$$$$$Fixed an issue in the file.directory state where the children_only keyword argument was not being respected. #64497$$$$$$Move salt.ufw to correct location /etc/ufw/applications.d/ #64572$$$$$$Fixed salt-ssh stacktrace when retcode is not an integer #64575$$$$$$Fixed SSH shell seldomly fails to report any exit code #64588$$$$$$Fixed some issues in x509_v2 execution module private key functions #64597$$$$$$Fixed grp.getgrall() in utils/user.py causing performance issues #64888$$$$$$Fix user.list_groups omits remote groups via sssd; etc. #64953$$$$$$Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file #65027$$$$$$Moved gitfs locks to salt working dir to avoid lock wipes #65086$$$$$$Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI #65093$$$$$$Fix nonce verification; request server replies do not stomp on eachother. #65114$$$$$$speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. #65152$$$$$$Fix pkg.latest failing on windows for winrepo packages where the package is already up to date #65165$$$$$$Ensure kwarg is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy; which had kwargs popped when targeting multiple minions id. #65179$$$$$$Fixes traceback when state id is an int in a reactor SLS file. #65210$$$$$$Install logrotate config as /etc/logrotate.d/salt-common for Debian packages Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. #65231$$$$$$Use sha256 as the default hash_type. It has been the default since Salt v2016.9 #65287$$$$$$Preserve ownership on log rotation #65288$$$$$$Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. #65302$$$$$$Uprade relenv to 0.14.2$$$$$$Update openssl to address CVE-2023-5363.$$$$$$Fix bug in openssl setup when openssl binary cant be found.$$$$$$Add M1 mac support. #65316$$$$$$Fix regex for filespec adding/deleting fcontext policy in selinux #65340$$$$$$Ensure CLI options take priority over Saltfile options #65358$$$$$$Test mode for state function saltmod.wheel no longer sets result to (None;) #65372$$$$$$Client only process events which tag conforms to an event return. #65400$$$$$$Fixes an issue setting user or machine policy on Windows when the Group Policy directory is missing #65411$$$$$$Fix regression in file module which was not re-using a file client. #65450$$$$$$pip.installed state will now properly fail when a specified user does not exists #65458$$$$$$Publish channel connect callback method properly closes its request channel. #65464$$$$$$Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed #65483$$$$$$Fix file.comment ignore_missing not working with multiline char #65501$$$$$$Warn when an un-closed transport client is being garbage collected. #65554$$$$$$Only generate the HMACs for libssl.so.1.1 and libcrypto.so.1.1 if those
Salt Minion MSI x64 Version 30.06.5
SALT 3006.5 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$Tech Debt - support for pysss removed due to functionality addition in Python 3.3 #65029$$$$$$FIXED$$$Improved error message when state arguments are accidentally passed as a string #38098$$$$$$Allow pip.install to create a log file that is passed in if the parent directory is writeable #44722$$$$$$Fixed merging of complex pillar overrides with salt-ssh states #59802$$$$$$Fixed gpg pillar rendering with salt-ssh #60002$$$$$$Made salt-ssh states not re-render pillars unnecessarily #62230$$$$$$Made Salt maintain options in Debian package repo definitions #64130$$$$$$Migrated all invoke tasks to python-tools-scripts.$$$$$$tasks/docs.py -> tools/precommit/docs.py$$$$$$tasks/docstrings.py -> tools/precommit/docstrings.py$$$$$$tasks/loader.py -> tools/precommit/loader.py$$$$$$tasks/filemap.py -> tools/precommit/filemap.py #64374$$$$$$Fix salt user login shell path in Debian packages #64377$$$$$$Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data #64473$$$$$$Fixed an issue in the file.directory state where the children_only keyword argument was not being respected. #64497$$$$$$Move salt.ufw to correct location /etc/ufw/applications.d/ #64572$$$$$$Fixed salt-ssh stacktrace when retcode is not an integer #64575$$$$$$Fixed SSH shell seldomly fails to report any exit code #64588$$$$$$Fixed some issues in x509_v2 execution module private key functions #64597$$$$$$Fixed grp.getgrall() in utils/user.py causing performance issues #64888$$$$$$Fix user.list_groups omits remote groups via sssd; etc. #64953$$$$$$Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file #65027$$$$$$Moved gitfs locks to salt working dir to avoid lock wipes #65086$$$$$$Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI #65093$$$$$$Fix nonce verification; request server replies do not stomp on eachother. #65114$$$$$$speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. #65152$$$$$$Fix pkg.latest failing on windows for winrepo packages where the package is already up to date #65165$$$$$$Ensure kwarg is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy; which had kwargs popped when targeting multiple minions id. #65179$$$$$$Fixes traceback when state id is an int in a reactor SLS file. #65210$$$$$$Install logrotate config as /etc/logrotate.d/salt-common for Debian packages Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. #65231$$$$$$Use sha256 as the default hash_type. It has been the default since Salt v2016.9 #65287$$$$$$Preserve ownership on log rotation #65288$$$$$$Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. #65302$$$$$$Uprade relenv to 0.14.2$$$$$$Update openssl to address CVE-2023-5363.$$$$$$Fix bug in openssl setup when openssl binary cant be found.$$$$$$Add M1 mac support. #65316$$$$$$Fix regex for filespec adding/deleting fcontext policy in selinux #65340$$$$$$Ensure CLI options take priority over Saltfile options #65358$$$$$$Test mode for state function saltmod.wheel no longer sets result to (None;) #65372$$$$$$Client only process events which tag conforms to an event return. #65400$$$$$$Fixes an issue setting user or machine policy on Windows when the Group Policy directory is missing #65411$$$$$$Fix regression in file module which was not re-using a file client. #65450$$$$$$pip.installed state will now properly fail when a specified user does not exists #65458$$$$$$Publish channel connect callback method properly closes its request channel. #65464$$$$$$Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed #65483$$$$$$Fix file.comment ignore_missing not working with multiline char #65501$$$$$$Warn when an un-closed transport client is being garbage collected. #65554$$$$$$Only generate the HMACs for libssl.so.1.1 and libcrypto.so.1.1 if those
Salt Minion EXE x64 Version 3006.4
SALT 3006.4 RELEASE NOTES$$$CHANGELOG$$$SECURITY$$$Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. This only impacts salt-ssh users using the pre-flight option. #cve-2023-34049$$$$$$Update to gitpython>=3.1.35 due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65163$$$$$$Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 #65268$$$$$$Upgrade relenv to 0.13.12 to address CVE-2023-4807 #65316$$$$$$Bump to urllib3==1.26.17 or urllib3==2.0.6 due to https://github.com/advisories/GHSA-v845-jxx5-vc9f #65334$$$$$$Bump to gitpython==3.1.37 due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65383$$$$$$
Salt Minion MSI x86 Version 30.06.4
SALT 3006.4 RELEASE NOTES$$$CHANGELOG$$$SECURITY$$$Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. This only impacts salt-ssh users using the pre-flight option. #cve-2023-34049$$$$$$Update to gitpython>=3.1.35 due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65163$$$$$$Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 #65268$$$$$$Upgrade relenv to 0.13.12 to address CVE-2023-4807 #65316$$$$$$Bump to urllib3==1.26.17 or urllib3==2.0.6 due to https://github.com/advisories/GHSA-v845-jxx5-vc9f #65334$$$$$$Bump to gitpython==3.1.37 due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65383$$$$$$
Salt Minion MSI x64 Version 30.06.4
SALT 3006.4 RELEASE NOTES$$$CHANGELOG$$$SECURITY$$$Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. This only impacts salt-ssh users using the pre-flight option. #cve-2023-34049$$$$$$Update to gitpython>=3.1.35 due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65163$$$$$$Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 #65268$$$$$$Upgrade relenv to 0.13.12 to address CVE-2023-4807 #65316$$$$$$Bump to urllib3==1.26.17 or urllib3==2.0.6 due to https://github.com/advisories/GHSA-v845-jxx5-vc9f #65334$$$$$$Bump to gitpython==3.1.37 due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65383$$$$$$
Salt Minion EXE x86 Version 3006.4
SALT 3006.4 RELEASE NOTES$$$CHANGELOG$$$SECURITY$$$Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. This only impacts salt-ssh users using the pre-flight option. #cve-2023-34049$$$$$$Update to gitpython>=3.1.35 due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65163$$$$$$Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 #65268$$$$$$Upgrade relenv to 0.13.12 to address CVE-2023-4807 #65316$$$$$$Bump to urllib3==1.26.17 or urllib3==2.0.6 due to https://github.com/advisories/GHSA-v845-jxx5-vc9f #65334$$$$$$Bump to gitpython==3.1.37 due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c #65383
Salt Minion EXE x64 Version 3006.3
SALT 3006.3 RELEASE NOTES$$$CHANGELOG$$$REMOVED$$$Fedora 36 support was removed because it reached EOL #64315$$$$$$Handle deprecation warnings:$$$$$$Switch to FullArgSpec since Py 3.11 no longer has ArgSpec; deprecated since Py 3.0$$$$$$Stop using the deprecated cgi module$$$$$$Stop using the deprecated pipes module$$$$$$Stop using the deprecated imp module #64553$$$$$$CHANGED$$$Replace libnacl with PyNaCl #64372$$$$$$Dont hardcode the python version on the Salt Package tests and on the pkg/debian/salt-cloud.postinst file #64553$$$$$$Some more deprecated code fixes:$$$$$$Stop using the deprecated locale.getdefaultlocale() function$$$$$$Stop accessing deprecated attributes$$$$$$pathlib.Path.__enter__() usage is deprecated and not required; a no-op #64565$$$$$$Bump to pyyaml==6.0.1 due to https://github.com/yaml/pyyaml/issues/601 and address lint issues #64657$$$$$$FIXED$$$Fix for assume role when used salt-cloud to create aws ec2. #52501$$$$$$fixes aptpkg module by checking for blank comps. #58667$$$$$$wheel.file_roots.find is now able to find files in subdirectories of the roots. #59800$$$$$$pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel) #60931$$$$$$Do not update the credentials dictionary in utils/aws.py while iterating over it; and use the correct delete functionality #61049$$$$$$fixed runner not having a proper exit code when runner modules throw an exception. #61173$$$$$$pip.list_all_versions now works with index_url and extra_index_url #61610$$$$$$speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop. #61998$$$$$$Preserve test=True condition while running sub states. #62590
