About this Release
This release contains an issue that causes the
boto_* execution modules to
__salt__ not defined error (issue 30300). This issue will be
fixed in an upcoming release, but can be manually resolved by completing the
boto_* execution modules that you would like to update from
the 2015.8 branch of Salt. A complete list of affected modules with the
specific changes is available in PR #30867.
A simple way to get the updated modules is to download a zip file of the
2015.8 branch from GitHub. The updated modules are in the
boto_* modules to the
\srv\salt\_modules directory on your
Run the following command to sync these modules to all Salt minions:
salt '*' saltutil.sync_modules
2015.8.4 Release Notes
CVE-2016-1866: Improper handling of clear messages on the minion, which could result in executing commands not sent by the master.
This issue affects only the 2015.8.x releases of Salt. In order for an attacker to use this attack vector, they would have to execute a successful attack on an existing TCP connection between minion and master on the pub port. It does not allow an external attacker to obtain the shared secret or decrypt any encrypted traffic between minion and master. Thank you to Sebastian Krahmer <firstname.lastname@example.org> for bringing this issue to our attention.
We recommend everyone upgrade to 2015.8.4 as soon as possible.
PR #28994: timcharper Salt S3 module has learned how to assume IAM roles
state.highstate. This allows the salt
state compiler to process sls data in a state run without actually calling
the state functions, thus providing feedback on the validity of the arguments
used for the functions beyond the preprocessing validation provided by
state.show_sls (issue 30118 and issue 30189).
salt '*' state.sls core,edit.vim mock=True salt '*' state.highstate mock=True salt '*' state.apply edit.vim mock=True
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-01-25T17:48:35Z
Total Merges: 320