Skip to content

Latest commit

 

History

History
821 lines (734 loc) · 72.3 KB

CHANGELOG.md

File metadata and controls

821 lines (734 loc) · 72.3 KB

All notable changes to Salt will be documented in this file.

This changelog follows keepachangelog format, and is intended for human consumption.

This project versioning is similar to Semantic Versioning, and is documented in SEP 14. Versions are MAJOR.PATCH.

Changelog

Salt 3001.4 (2020-12-01)

Fixed

  • Fixes salt-ssh authentication when using tty (#58922)

Salt 3001.3 (2020-09-16)

Fixed

  • CVE-2020-16804 - Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)

Salt 3001.2 (2020-08-18)

Fixed

  • CVE-2020-16804 - Prevent shell injections in netapi ssh client (cve-2020-16846)
  • Fix CVE-2020-17490 Prevent creating world readable private keys with the tls execution module. (#58216)

Salt 3001.1 (2020-07-27)

Changed

  • Change the enable_fqdns_grains setting to default to False on Windows to address some issues with slowness. (#56296, #57529)
  • Handle the UCRT libraries the same way they are handled in the Python 3 installer (#57594)
  • Changes the 'SSDs' grain name to 'ssds' as all grains needs to be resolved in lowered case. (#57612)
  • Updated requirement to psutil 5.6.7 due to vulnerability in psutil 5.6.6. (#58018)
  • Updated requirement to PyYAML 5.3.1 due to vulnerability in PyYAML 5.2.1. (#58019)

Fixed

  • When running scheduled jobs from a proxy minion with multiprocessing turned off (default) a recursive error occurs as __pub_fun_args is repeated over and over again in the kwargs element in the data dictionary. Now we make a copy of data['kwargs'] instead of using a reference. (#57941)
  • The x509.certificate_managed state no longer triggers a change because of sorting issues if the certificate being evaluated was previously generated under Python 2. (#56556)
  • Added support to lo ip alias in network.managed state by checking if lo inet data from network.interfaces contains label with the name of managed interface. Return status True if match found. (#56901)
  • Redact passwords in the return when setting credentials using win_iis.container_setting (#57285)
  • Fixes issue with cmd.powershell. Some powershell commands do not return anything in stdout. This causes the JSON parser to fail because an empty string is not valid JSON. This changes an empty string to {} which is valid JSON and will not cause the JSON loader to stacktrace. (#57493)
  • Improves performance. Profiling test.ping on Windows shows that 13 of 17 seconds are wasted when the esxi grain loads vsphere before noting that the OS is not a esxi host. (#57529)
  • Fixed permissions issue with certain pip/virtualenv states/modules when configured for non-root user. (#57550)
  • Allow running nox sessions either using our nox-py2 fork <https://github.com/s0undt3ch/nox/tree/hotfix/py2-release>_ or upstream nox <https://github.com/theacodes/nox>_. (#57583)
  • Fixes issue with lgpo.get when there are unicode characters in the hostname (#57591)
  • Fixes issue with virtual block devices, like loopbacks and LVMs, wrongly populating the "disks" or "ssds" grains. (#57612)
  • Due to some optimization the virtual grain was never updated on illumos. Move the fallback in prtdiag output parsing outside the loop that now gets skipped due to the command exiting non-zero. (#57714)
  • Grains module delkey and delval methods now support the force option. This is needed for deleting grains with complex (nested) values. (#57718)
  • Moving import salt.modules.vsphere into __virtual__ so we have access to test proxytype in opts, previously this was causing a traceback when run on proxy minion as __opts__ does not exist outside of any functions. Introducing a new utils function, is_proxytype, to check that the device is a proxy minion and also that the proxy type matches. (#57743)
  • Fixed fail_with_changes in the test state to use the comment argument when passed. (#57766)
  • Adds a fix so salt can run on the latest macOS version Big Sur. (#57787)
  • Fixes UnpackValueError when using GPG cache by using atomic open. (#57798)
  • The gid_from_name argument was removed from the user.present state in version 3001, with no deprecation path. It has been restored and put on a proper deprecation path. (#57843)
  • Fixes dictionary being changed during iteration. (#57845)
  • Fixed bug with distro version breaking osrelease on Centos 7. (#57781)
  • Fixed macOS build scripts. (#57973)
  • Fixed Salt-API startup failure. (#57975)

Added

  • Added docs demonstrating how to apply an MSI patch with winrepo (#32780)

Salt 3001 (2020-06-17)

Removed

  • Removed long-deprecated repo option from pip state. (#51060)
  • Removed noisy debug logging from config.get. (#54205)
  • Removed needless dbus warnings from snapper module. (#56286)
  • Removed obsolete MSI functionality from version tools. (#56352)
  • Removed deprecated virt functionality. (#56514)
  • Dropped requirement for enum34 dependency. (#57108)
  • On macOS pkg.installed (using brew) no longer swaps caskroom/cask/ for homebrew/cask/ when using outdated package names. (#57361)
  • napalm_network.load_template module - removed deprecated arguments template_user, template_attrs, template_group, template_mode, and native NAPALM template support. Use Salt's rendering pipeline instead. (#57362)
  • selinux.fcontext_add_or_delete_policy module removed - use selinux.fcontext_add_policy or selinux.fcontext_delete_pollicy instead. (#57363)
  • Deprecated refresh_db removed from pkgrepo state. Use refresh instead. (#57366)
  • Deprecated internal functions salt.utils.locales.sdecode and .sdecode_if_string removed. Use salt.utils.data.decode instead. (#57367)
  • Removed deprecated misc. internal Salt functions. See saltstack#57368 for more info. (#57368)

Changed

  • file.rename no longer returns False when force:False. (#49843)
  • Brought localclient command line args functionality into line with regular salt calls. (#49886)
  • Updated requisites documentation. (#49962)
  • Changed eauth "not enabled" log message level from debug to warning. (#50946)
  • (#52546)
  • Refactored x509.certificate_managed to be easier to use. (#52935)
  • Don't log error when running "alternatives --display" on nonexistant target (#53911)
  • Improved logging for user auth issues. (#53990)
  • No longer emit extra logs when checking alternatives.display and .check_exists. (#53991)
  • Use lazy loading to get SLS data from master - significantly improves state.apply times when using gitfs with many branches. (#54468)
  • Changed Salt icon for Windows. (#56194)
  • Update libnacl to 1.7.1 (#56350)
  • Now require pycryptodomex for crypto on all platforms. (#56625)
  • Updated to sphinx 3.0.1 when building docs. (#56671)
  • Now __salt__ is automatically refreshed when a package is pip installed, allowing pip installing a dependency and using that dependency in the same state run. (#56867)
  • Use pygit2>=1.2.0 for Python>=3.8. (#56905)
  • Now provides a more meaningful error for win_groupadd for unmapped accounts. (#56921)
  • Significantly improve call times by only checking one frame in depends. (#57062)
  • Salt scripts shebang now specifies python3. (#57083)
  • Upgraded dependency to use boto3>=1.13.5. (#57161)
  • Changed to consistent file location handling across APIs for Juniper network devices. (#57399)
  • Use Python's hashlib (sha256) instead of shelling out (SipHash24) to generate server_id. (#57415)

Fixed

  • pkgrepo.managed now checks for a changed key_url. (#4438)
  • Allow passing extra args to file.rename. (#29001)
  • Fixed issue with overeager recursion detection. (#37646)
  • Correctly set DNS search domain in VMware virtual machine. (#37709)
  • Fixed trim_output logic in archive.extracted state (#40491)
  • Updated documentation on service state. (#40819)
  • Changed error message on postgres_database.absent to report correct error when database is in use. (#42833)
  • Fixed issue in sysctl when kernel parameters were adjusted via grub. (#45195)
  • Added termination protection option to salt-cloud ec2. (#45496)
  • Refactored debian_ip module. (#46388)
  • Log error when reactor tasks go to a full queue instead of silently fail. (#46431)
  • Fixed issue with failure on comments in MySQL files. (#47488)
  • Properly handle multibyte characters that span blocks of data. (#48473)
  • Fixed failure in user.present when gid_from_name is True. Argument was removed and replaced by the usergroup argument. (#48640)
  • Properly obtain hostname (#48906)
  • Fixed nilrt_ip disabled function. (#48971)
  • Fixed static configuration in nilrt_ip module. (#48990)
  • Added missing ARPCHECK option to rh7_eth template. (#49074)
  • Fixed to use the correct LetsEncrypt path on FreeBSD. (#49129)
  • Updated docs for netapi logs - log.access_file and log.error_file. (#49247)
  • Retry proxmox queries instead of failing immediately. (#49485)
  • Fixed AMD GPU vendor detection. (#49492)
  • Fixed aptpkg.normalize_name to respect architecture. (#49637)
  • Add error message for proxmox failures. (#49562)
  • Fixed nilrt_ip.enable/disable idempotency. (#49624)
  • Fixed issue with file.line doing a partial comparison to determine replacement need, instead compare actual content of lines. (#49855)
  • Return actual error message to user or hex code for win_task.create_task_from_xml. (#49981)
  • Use minion name as ssh_host for saltify cloud provider. (#50135)
  • Fixed misconfiguration of syndic. (#50139)
  • Re-added onfail_all, fixed onfail always triggering with other reqs, and onfail and onchanges not working when both present. (#50264)
  • Fixed broken scaleway cloud module. (#50334)
  • Fixed issue not cleaning up schedule and beacons. (#50505)
  • Fixed opkg install/remove to return potential changes, rather than always an empty dictionary. (#50516)
  • Fixed pycrypto.gen_hash to use strongest available algorithm by default. (#50544)
  • Fixed error leaving an empty first line on .ini file edits. (#50614)
  • Fixes error in tcp transport publish port default value. (#50646)
  • Changed internal functionality for deprecated Python inspect.formatargspec. (#50911)
  • Allows clone_from setting in proxmox salt-cloud to be able to be an integer. (#51001)
  • Stopped reading Windows registry value that might not be there. (#51095)
  • Fixed complaint about unused variables. (#51196)
  • salt-ssh no longer ignores pillar argument on state.sls_id. (#51353)
  • Stop treating MSI as a hard dependency. (#51470)
  • Fixed error handling for route53 to ignore SignatureDoesNotMatch errors (which cannot be retried). (#51572)
  • Fixed extract_hash to use the correct value. (#51670)
  • Fixed hard failure if chocolately.installed is for a non-existent package. (#51700)
  • fail_with and succeed_with now correctly use comment argument. (#51821)
  • Updated is_enabled to allow optional arguments. (#51823)
  • Fixed issue producing an error trying to resolve the unresolvable Capability SIDs. (#51868)
  • Additional fixes for using cron state with non-root Minion (#51872)
  • Fixed proxy module for Windows by using __utils__ instead of __salt__ for code that accesses the registry. (#52013)
  • Added support for parsing Gluster cli banner. (#52318)
  • Fixed failure to require target argument in git states. (#52364)
  • Fixed issue failing hard on uninstalled win updates. (#52387)
  • Fixed issue with artifactory not correctly evaluating has_classifier first. (#52517)
  • Fixed compound matches with nodegroups. (#52678)
  • Removed some noisy logging that have a tendency to fill up the logs on larger installations. (#52763)
  • Use __utils__ for all registry calls. (#52992)
  • Added syndic log rotation to RPM. (#53040)
  • Use correct output in zpool.present when test=true. (#53145)
  • Fix s3fs cache byte/str mismatch (#53244)
  • Fixed win_system module to skip unavailable system info. (#53287)
  • Ignore invalid product_name files. (#53326)
  • Fixed error with pkg.list_pkgs to explicitly set utf-8 encoding when writing, to match when reading. (#53340)
  • Fixed issue with encoding/decoding on circular references, discovered with iptables when state_aggregate was enabled. (#53353)
  • No longer fail when blkid -o export does not provide TYPE output. (#53447)
  • Fixed guesseed -> guessed typo in archive state. (#53480)
  • Fixed error with incorrect import statement masking real import error. (#53508)
  • Added some error handling around missing results from external returners. (#53517)
  • Changed to match repo paramter against repo name on salt-run git_pillar.update, so remote name can be used instead of full remote URL. (#56605)
  • Changed returner function error message to be useful/less misleading. (#53628)
  • Fixed utils.user to use correct chugid and umask. (#53681)
  • Fixed SmartOS grains under Python 3. (#53740)
  • Fixed error when trying to delete more than one key using ini.options_absent. (#53874)
  • Fixed error with cmd.run when run in a chroot environment. (#53992)
  • Fixed Zabbix configuration.import to use the correct values for the API version. (#54020)
  • Fixed broken sdb.get_or_set_hash when using Hashicorp's Vault. (#54199)
  • Fixed mac_softwareupdate.list_available for Catalina. (#54220)
  • Fixed bug blocking user.present createhome on macOS. (#54288)
  • Fixed postfix.show_queue issue where queue_id, size, timestamp, sender, and recipient must exist before trying to append them. (#54298)
  • Fixed issue erroneously adding ssh_interface to DigitalOcean. (#54373)
  • Fixed issue not using correct package keys from group info on group install on yum. (#54458)
  • Fixed issue breaking state output on test=true with retry. (#54501)
  • Ignore absent filter.lfs in gitconfig. (#54817)
  • Changed to use Salt's CaseInsensitiveDict, so it can be msgpack serialized. (#54899)
  • Fixed trying to set too large a queue on AIX. (#54912)
  • Fixed issue when Vultr API returns "not supported" as default password during VM setup. (#54933)
  • Fixed issue with Jinja renderer ignoring argline. (#55124)
  • Fixed osrelease grain for MS Hyper-V 2019 by providing a default year. (#55212)
  • Fixed napalm support in bgp and net runners. (#55222)
  • Fixed Indefinitely code in win_task. (#55273)
  • Fixed file.replace idempotency. (#55297)
  • Fix incorrectly reported fileserver changes. (#55304)
  • Fixed XML RPC-REPLy error in Junos by passing huge_tree. (#55318)
  • Fixed error trying to treat binary files as text when doing spm install under Python 3. (#55330)
  • Correctly determine if Debian repo should be skipped. (#55402)
  • Set a hard dependency on distro module, for Python 3.8. (#55410)
  • Fixed config_data parameter when compiling DSC via win_dsc module. (#55425)
  • Fixed Solaris virtual grain to return better info instead of always LDOM. (#55444)
  • Documentation on syncing custom modules slightly inaccurate and missing info on sync to master (#55514)
  • Fixed crashes in ansiblegate on Python 3 minions. (#55585)
  • Fixed traceback on http.query when errors with the URL. (#55586)
  • Fixed failure to cache gpg data when gpg_cache=True. (#55772)
  • Added __prerequired__ to the state runtime keywords filter, to prevent failures on file.replace. (#55775)
  • Fixed several Junos-related issues. (#55824)
  • Fixed Vault KV version 2 support. (#55842)
  • Removed remaning pchanges occurrences from state modules. (#55934)
  • Fixed issues in Slack webhook returner. (#55968)
  • Fixed onlyif/unless requisites being ignored in some cases. (#55974)
  • Fixed skip_files_list_verify when keep_source=False in archive.extracted state. (#55975)
  • Fixed seed.apply not waiting for the disk to be free. (#56002)
  • Fixed issue that ignored trim_output argument intermittently. (#56041)
  • Fixed shadow.set_password failing to set password when user isn't in /etc/shadow. (#56044)
  • Fixed failure in user state when moving the user's default group into the groups arg. (#56061)
  • Fixed issue incorrectly parsing YAML on command line. (#56067)
  • Fixed Azure VM creation when using Python3. (#56091)
  • Reverted slspath changes that broke a lot of states without proper deprecation. (#56119)
  • Lack of FQDN for host no longer blocks master startup. (#56179)
  • Pillar data is correctly included from init.sls file. (#56186)
  • Fixed check_password for newer RabbitMQ versions. (#56193)
  • Fixed timeout parameter not being passed to cmd_subset and cmd_batch, and misnamed (sub -> subset) parameter. (#56203)
  • Added support for virtualenv>=20.0.0 --version strings. (#56205)
  • No longer ignore slots on states when parallel: true. (#56221)
  • Fix deprecation warnings for imports from collections. (#56225)
  • Fixed Napalm beacons failing under Python 3. (#56243)
  • Fixed failure in tomcat module. (#56269)
  • Added salt-api log file to log rotation to prevent filling up the disk. (#56274)
  • Fixed issue using undocumented abbreviation on zypper - now uses the full option. (#56278)
  • Fixed issue parsing new restorecon output. (#56287)
  • Fixed failure for returner only working via cli and not LocalClient. (#56322)
  • Fixed version issues with empty minor string. (#56358)
  • Upgraded psutil dependency to 5.6.6 due to CVE-2019-18874. (#56363)
  • Fixed vendored tornado to use salt.ext.backports_abc. (#56369)
  • Fixed x509 module incorrectly writing error messages as the cert. (#56372)
  • Fixed error doing a pip install salt on Windows. (#56376)
  • Fixed AzureRM create_object_model util. (#56379)
  • Fixed issue toxml error in virt.cpu_baseline. (#56383)
  • Fixed issue with exeption being raised on virt._get_domain when there's no VM. (#56392)
  • Fixed crash in aptpkg on long description strings. (#56396)
  • Fixed keyword mismatch with cassandra_cql and cassandra_cql_return. (#56328)
  • Now uses the correct zero value for LockoutDuration in win_lgpo. (#56406)
  • Fixed issue reporting incorrect Salt version. (#56415)
  • Corrected documentation for docker_image.load. (#56420)
  • Fixed defaults.merge documentation. (#56432)
  • Fixed error always reporting changes with custom index-url for pip. (#56433)
  • Matching int keys within nested dictionaries now works. (#56444)
  • Fixed failure to support annotated tags when using pygit2. (#56451)
  • Better handle virt.pool_rebuild in virt.pool_running and virt.pool_defined states (#56454)
  • Fixed gitpython Windows requirements. (#56455)
  • Added grains_cache_expiration to minion conf documentation. (#56458)
  • Fixed incorrect handling of renew=force by acme.cert function. (#56462)
  • Fixed issue with incorrect msgpack version string check. (#56463)
  • Fixed infinite recursion in pkg.group_info. (#56476)
  • Fixed failure to sanitize grains for salt-ssh executions. (#56491)
  • Relax version requirements for pdbedit, also handle Debian branding in the version string. (#56553)
  • Fixed indentation error on cmd.run orchestration output. (#56554)
  • Fixed issue with getting incorrect SELinux context. (#56557)
  • Fixed bug updating boot parameters with virt. (#56562)
  • Correctly handle pymysql.err.InternalError in mysql module. (#56570)
  • Fixed panos commit example in docs. (#56581)
  • Fixed issue with salt.utils.functools.call_functions not checking for expected arguments. (#56584)
  • Fixed a broken statement when using arbitrary kwargs in mine.value. (#56593)
  • Fixed support for booting VMs with UEFI on virt. (#56613)
  • Updated old redirects and http->https fixes in docs. (#56655)
  • Renamed salt/utils/docker/ to salt/utils/dockermod/ to avoid clashes with the docker package from pypi. (#56669)
  • Changed behavior to implicitly ignore package epochs and just use the latest one. (#56681)
  • Avoid throwing exception for missing security group in boto under test mode. (#56695)
  • Fix some function prompts in myssql module. (#56719)
  • Add appropriate comment for svn export state. (#56757)
  • Updated default master config file and updated the docs (#56053)
  • Workaround upstream bug in jinja2 indent filter. (#56833)
  • Fixed issue when raid.destroy is called but zero-superblock is not executed (#56838)
  • Allow correct failure information to show up when calling win_interfaces (#56844)
  • Add a note about service.running (#56846)
  • Updated Windows installer scripts to use Python 3.7.4. (#56873)
  • Nullsoft Salt Install now uninstalls MSI installed salt. (#56883)
  • Fallback to ASCII sorting when pillar keys are integers. (#56909)
  • Fixed hwaddr and macaddr not being added to RedHat network config, even if they were provided. (#56910)
  • Fixed literal comparisons. (#56931)
  • Fixed win_system rawunicodeescape errors. (#56940)
  • Fixed ps.top failures with newer psutil library. (#56942)
  • Provides better stacktrace in win_pkg return. (#56955)
  • Fixed reg.present to respect (Default) REG_SZ value of an empty string. (#56959)
  • OpenStack driver can now attach to multiple networks, also now respects provided conn. (#56960)
  • Fixed literal comparsion in user state. (#56972)
  • Additional fixes for using cron state with non-root Minion (#56973)
  • Added ARPCHECK to the template for RHEL8 networking. (#57047)
  • Fixed aptpkg to use force-confnew on it's own, and force-confold with force-confdef. (#57051)
  • Fixed acme.certs state to return /etc/letsencrypt/live subdirectories (#57056)
  • Fixed error with fileserver.update failing with gitfs backend was git, and fileserver.clear_file_list_cache not clearing gitfs cache when the backend was not git. (#57063)
  • Fixed LazyLoader crashing when using ssh client via salt-api. (#57119)
  • Publisher ACL doc fixes (#48915)
  • Fixed acl.present to properly detect changes for default ACLs and recursive folders. (#57147)
  • Fixed Minion/Minon typo in docs. (#57181)
  • Fix UnicodeDecodeError when apply file.managed with binary contents in test mode. (#57184)
  • Ensure errors are returned for missing pillars. (#57208)
  • Fix ps.top failures on macOS when iterating over zombie processes. (#57216)
  • Add vcredist_2013 (specifically msvcr120.dll) for OpenSSL/M2Crypto support on Windows. Fixes x509 module support. (#57266)
  • Fix systemd invocation on latest Linux Arch version. (#57299)
  • Updated rpm_lowpkg.version_cmp log messages and unit tests (#57347)
  • Added rotation for proxy logs. (#57353)
  • Fixed win_system.join_domain failures. (#57360)
  • Fixed template_vars functionality on Junos. (#57388)
  • Filter out aliases/duplicates from zypperpkg for <=SLE12SP4. (#57392)

Added

  • Added support for list in include_pat/exclude_pat in file.recurse. (#2747)
  • Added validate to tls module. (#7424)
  • Pillar relative includes. (#8875)
  • Added silent recurse option to file.directory state. (#44553)
  • Added bhvye support to virt. (#47619)
  • Added kernelparams grain for Linux. (#48501)
  • Added systempath PATH grain. (#49049)
  • Added appoptics returner. (#49066)
  • Added ability to use the minion's region if specified. (#49097)
  • Added reactor tuning documentation. (#49214)
  • Added support for ipaddr/ipv6ipaddrs, loopback devices, dns_nameservers/dns_serach lists or strings, and multiple addresses per interface. (#49355)
  • Added slsutil.banner for creating managed by salt message in files, and slsutil.boolstr for converting Pillar bool values to appropriate string representation. (#49396)
  • Added normalize_name to pkgin module. (#49469)
  • Added ability to use regex pattern with ps.pgrep. (#49565)
  • Added merge option to match.filter_by. (#49845)
  • Added ability to disable requisites during state runs. (#49955)
  • Add a reactor "leader", especially useful for multimaster hot-hot environments. (#50053)
  • Added method_call Jinja filter to help reduce boilerplate. (#50152)
  • Added ability for async pillar refresh. (#50168)
  • Added shutdown_host to vmware cloud. (#50177)
  • Added drbd.status module. (#50410)
  • Added file.keyvalue state. (#50627)
  • Added JID lookup message in case minion times out. (#50704)
  • Niceness control options added to the master config, for POSIX platforms. (#50905)
  • Added serial_type to virt module. (#50930)
  • Added RPC process documentation. (#50954)
  • Added advanced initdb option support to postgres_cluster.present. (#50998)
  • Added support for GCE accellerators in Salt Cloud. (#51033)
  • Added broadcast address to network.convert_cidr return. (#51521)
  • Added options for gitfs and git_pillar fallback branch. (#51971)
  • Add fat as a valid fs_type for parted module. (#52016)
  • Added support for comments in the host state/module. (#52185)
  • Added offline bootstrap for Chocolatey. (#52233)
  • Added support for listing all active running jobs on the master. (#52241)
  • Added ability to get expected cache location. (#52305)
  • Added ability to pass a timeout value to beacons. (#52314)
  • Added support for btrfs property command. (#52699)
  • Added ability to get minion's network information. (#53100)
  • Added support for not_before and not_after for x509 certificates. (#53148)
  • Added support for extra modules that will be loaded before checking the rest of the path. (#53167)
  • Added initial execution module to kubeadm. (#53345)
  • Added firstboot function to systemd_service. (#53381)
  • Added ability to pass arbitrary kwargs to zypper pkg. (#53693)
  • Added options for multi-use tokens for vault. (#54094)
  • Added devinfo module to get hardware information. (#54267)
  • Adds versionlock plugin detection for yum/dnf. (#54798)
  • Improved nxos support. (#54931)
  • Added root and no_recommends parameters for Zypper and RPM. (#54954)
  • Added token parameter in blkid. (#54964)
  • Added cron.get_entry. (#54985)
  • Added support for newer monit versions. (#55140)
  • Added btrfs and xfs as valid fstypes for parted and mkfs. (#55209)
  • Added functionality for cmd.run_all to accept a list when using powershell. (#55213)
  • Added Azure Blob Storage as an optional external pillar. (#55493)
  • Added ability to turn off FQDNs grains with enable_fqdns_grains: False. (#55581)
  • Added virt.*defined states. (#55814)
  • Add towncrier tool to the Salt project to help manage CHANGELOG.md file. (#55836)
  • Added Pull Request requirements to documentation (#55862)
  • Add selinux support to file.managed (#40703)
  • Added hold and unhold support for mac_brew_pkg. (#55978)
  • States/modules added for managing Helm. (#56081)
  • Added parallel run support for saltcheck. (#56097)
  • Added multiple asserts against module output for saltcheck. (#56101)
  • Added state.test as an alias for state.apply ... test=True. (#56298)
  • Added default argumetn to vault.read_secret and vault.list_secrets. (#56311)
  • Added fromrepo to pkg.upgrade for pkgng. (#56368)
  • Added IP filtering by network. (#56394)
  • Added more information for __virtual__ failures. (#56395)
  • Added logout functionality to docker. (#56439)
  • Added ability to fetch master public key from minion. (#56449)
  • Added pending_reboot grain for Windows systems. (#56489)
  • Added support for forcing refresh in zypper. (#56519)
  • Added refresh_pillar arg to grains.setval. (#56573)
  • Added new roster option ssh_pre_flight. (#56488)
  • Added ability to minions to read pillar files from local filesystem, and get commands from remote master. (#56611)
  • Added support for rendering toml states. (#56615)
  • Added set_path option for salt-ssh shim. (#56627)
  • Added win_wua.installed to check a list of updates that apply to the current Windows build. (#56640)
  • Added ability to compare package versions in Jinja templates. (#56678)
  • Add auto_detect feature for ssh_ext_alternatives. (#56894)
  • Add ability to display sys.doc style outputs but without actually loading the module. (#56902)
  • Added plist serializer. (#56954)
  • Added support for onedir/pop-build Salt in the pip module. (#56988)
  • Add support for disks volumes in virt.running state (#57005)
  • Add virt.all_capabilities helper function (#57009)
  • supervisord.status_bool method (#57049)
  • Added support for msgpack versions>=1.0 (#57122)
  • Added Python 2 deprecation FAQ (#57273)
  • Added support for # of hashing rounds when using pycrypto. (#57355)
  • fetchonly parameter added for pkg.upgrade when using pkgng (FreeBSD). (#57371)
  • Added efi parameter to virt module, so uefi firmware can be auto selected. (#57397)
  • #56637 - Add win_wua.installed to the win_wua execution module

Salt 3000.6

Fixed

  • Fixes salt-ssh authentication when using tty (#58922)

Salt 3000.5

Fixed

  • Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)

Salt 3000.4

Fixed

  • Prevent shell injections in netapi ssh client (cve-2020-16846)
  • Prevent creating world readable private keys with the tls execution module. (cve-2020-17490)

3000.3

Fixed

  • #57100 - Address Issues in CVE Release

Changed

Fixed

  • #56237 - Fix alphabetical ordering and remove duplicates across all documentation indexes - @myii
  • #56325 - Fix hyperlinks to salt.serializers and other documentation issues - @myii

Added

  • #56627 - Add new salt-ssh set_path option
  • #51379 - Backport 51379 : Adds .set_domain_workgroup to win_system

3000.1

Removed

Deprecated

Changed

3000.2

Fixed

3000.1

Fixed

  • #56082 - Fix saltversioninfo grain for new version
  • #56143 - Use encoding when caching pillar data
  • #56172 - Only change mine data if using new allow_tgt feature
  • #56094 - Fix type error in TornadoImporter
  • #56174 - MySQL module fixes
  • #56149 - Fix to scheduler for use of when and splay
  • #56197 - Allows use of inline powershell for cmd.script args
  • #55894 - pdbedit module should check for version 4.8.x or newer
  • #55906 - smartos.vm_present could not handle nics with vrrp_vrid property
  • #56218 - Changed StrictVersion checking of setuptools to LooseVersion
  • #56099 - Fix Windows and macOS requirements handling in setup.py
  • #56068 - Update the bootstrap script to latest version, v2020.02.24
  • #56185 - Fix regression in service states with reload argument
  • #56341 - Revert "Don't remove one directory level from slspath"
  • #56290 - Ensures popping lgpo.secedit_data does not throw KeyError
  • #56339 - Fix win_dns_client when used with scheduler
  • #56215 - Fix for unless requisite when pip is not installed
  • #56060 - Fix regex string for Del and DelVals
  • #56337 - Handle Adapter Type 53 and Undefined Types
  • #56160 - Fix issue with existing reg_dword entries
  • #56358 - Fix version instantiation when minor is an empty string
  • #56272 - Properly resolve the policy name
  • #56310 - Only process ADMX files when loading policies
  • #56327 - keep cache_copied_files variable a list
  • #56360 - dont require virtualenv.virtualenv_version call, removed in 20.0.10
  • #56378 - Include _version.py if building wheel
  • #56376 - Fix win deps
  • #56418 - Ensure version.py included before we install
  • #56435 - Update mac build scripts

Added

3000 - Neon [2020-02-10]

Removed

  • #54474 via #54475 - virt.pool_delete fast parameter removed. - @cbosdo
  • #54943 - Removed RAET transport method per the deprecation schedule - @s0undt3ch
  • #54983 - Removed Hipchat module, due to Hipchat discontinuation - @mchugh19
  • #55197 - Removed Google+ link since Google+ is gone - @sramkrishna
  • #55539 - Removed salt.auth.Authorize class and the any_auth method
  • #55552 - Removed the config options hgfs_env_whitelist, hgfs_env_blacklist, svnfs_env_whitelist, and svnfs_env_whitelist in favor of hgfs_saltenv_whitelist, hgfs_saltenv_blacklist, svnfs_saltenv_whitelist, svnfs_saltenv_blacklist.
  • #55569 - Removed nova cloud driver in favor of the openstack driver.
  • #55573 - Removed quiet kwarg in cmd.run state module. Please set output_loglevel to quiet instead.
  • #55609 - Removed smartos grains hypervisor_uuid and datacenter in favor of mdata:sdc:server_uuid and mdata:sdc:datacenter_name.
  • #55641 - Removed enviroment kwarg from heat state and execution module. Please use correct spelling environment.
  • #55680 - Removed deprecated args from several dockermod functions - @Ch3LL
  • #55682 - Removed get_known_host and recv_known_host functions from ssh module.
  • #55722 - Removed all functions in salt/utils/init.py.
  • #55725 - Removed gitfs_env_whitelist and gitfs_env_blacklist in favor of gitfs_saltenv_whitelist and gitfs_saltenv_blacklist.

Deprecated

  • #55592 - Add deprecation warning for glance state and execution module - @Ch3LL
  • #55612 - Bump keystone deprecation to Sodium - @Ch3LL
  • #55614 - Deprecate jinja filters for Neon - @Ch3LL
  • #55664 - Bump deprecation warning to Aluminium for neutron module - @Ch3LL
  • #55679 - Deprecate boto_vpc.describe_route_table in Magnesium - @Ch3LL
  • #55726 - Deprecate override_name in Sodium - @Ch3LL

Changed

  • SEP 1, SEP 14 - Adopted keepachangelog format.
  • SEP 14 - Changed to numeric versions.
  • #49078 via #54572 - Use ip link set iface up/down instead of ifup/ifdown - @dmurphy18
  • #50023 via #54620 - Change to reduce roster_matcher internal complexity - @kojiromike
  • #50579 via #55389 - Update kafka returner to use confluent kafka - @justindesilets
  • #52749 - Padding change in versions report output - @dwoz
  • #54013 - Set session_id cookie in the rest_tornado backend.
  • #55002 - Changed mdadm_raid metadata to text to allow float pillar data - @aplanas
  • #55354 - Changed naive usage to use wrapped msgpack - @Akm0d
  • #55423 - Changed default configs to be immutable - @s0undt3ch
  • #55464 - Changed to name subprocesses - @s0undt3ch
  • #55500 - Start Linting Under Py3 - @s0undt3ch
  • #55643 - Remove deprecation for refresh_db in aptpkg - @Ch3LL
  • #55660 - Use wrapped json module for ThreadsafeProxy - @Akm0d
  • #55683 - Changed prune_services in the firewall state module to be False by default. And update force_masquerade to be False by default in the firewall execution module.
  • #55739 - Microoptimized the command to set FreeBSD's virtual grain - @asomers

Fixed

Added


[2019.2.2]

Changed

  • #54758 - Missing sls file during state.show_states displays message instead of failing - @Ch3LL

Fixed

Added

[2019.2.1] - 2019-09-25 [YANKED]