Version 2014.7.4 is a bugfix release for 2014.7.0.
This is a security release. The security issues fixed have only been present since 2014.7.0, and only users of the two listed modules are vulnerable. The following CVEs have been resolved:
CVE-2015-1838 SaltStack: insecure /tmp file handling in salt/modules/serverdensity_device.py
CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py
Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters.
Fix bug wherein network.iface could produce stack traces.
net.arp will no longer be made available unless arp is installed on the system.
Major performance improvements to Saltnado
Allow KVM module to operate under KVM itself or VMware Fusion
Various fixes to the Windows installation scripts
Fix issue where the syndic would not correctly propagate loads to the master job cache.
Improve error handling on invalid /etc/network/interfaces file in salt networking modules
Fix bug where a response status was not checked for in fileclient.get_url
Enable eauth when running salt in batch mode
Increase timeout in Boto Route53 module
Fix bugs with Salt's 'tar' module option parsing
Fix parsing of NTP servers on Windows
Fix issue with blockdev tuning not reporting changes correctly
Update to the latest Salt bootstrap script
Update Linode salt-cloud driver to use either linode-python or apache-libcloud
Fix for s3.query function to return correct headers
Fix for s3.head returning None for files that exist
Fix the disable function in win_service module so that the service is disabled correctly
Fix race condition between master and minion when making a directory when both daemons are on the same host
Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint
Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint
Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint
Add status.master capability for Windows.
Various fixes to ssh_known_hosts
Various fixes to states.network bonding for Debian
The debian_ip.get_interfaces module no longer removes nameservers.
Better integration between grains.virtual and systemd-detect-virt and virt-what
Fix traceback in sysctl.present state output
Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (extended=True). Also mount.mounted various fixes for Solaris and FreeBSD.
Fix error where datetimes were not correctly safeguarded before being passed into msgpack.
Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if backup is False, and if a pre-existing file exists with extension .bak, then that backup file will be overwritten. This backup behavior is a result of how fileinput works. Fixing it requires either passing through the file twice (the first time only to search for content and set a flag), or rewriting file.replace so it doesn't use fileinput
VCS filreserver fixes/optimizations
Catch fileserver configuration errors on master start
Raise errors on invalid gitfs configurations
set_locale when locale file does not exist (Redhat family)
Fix to correctly count active devices when created mdadm array with spares
Fix to correctly target minions in batch mode
Support ssh:// urls using the gitfs dulwhich backend
New fileserver runner
Fix various bugs with argument parsing to the publish module.
Fix disk.usage for Synology OS
Fix issue with tags occurring twice with docker.pulled
Fix incorrect key error in SMTP returner
Fix condition which would remount loopback filesystems on every state run
Remove requsites from listens after they are called in the state system
Make system implementation of service.running aware of legacy service calls
Fix issue where publish.publish would not handle duplicate responses gracefully.
Accept Kali Linux for aptpkg salt execution module
Fix bug where cmd.which could not handle a dirname as an argument
Fix issue in ps.pgrep where exceptions were thrown on Windows.
In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods.
There are known issues with batch mode operating on the incorrect number of minions. This bug can be patched with the change in Pull Request #22464.
The fun, state, and unless keywords are missing from the state internals, which can cause problems running some states. This bug can be patched with the change in Pull Request #22365.