This security issue was first reported on 2022-03-22: * https://saltproject.io/security_announcements/attention-some-critical-vulnerabilities-have-been-discovered-in-salt-versions-3004-and-earlier/ The new versions were released yesterday (2022-03-28): * https://saltproject.io/security_announcements/salt-security-advisory-release/ > Updated packages for the versions below can be found at https://repo.saltproject.io for these supported versions of Salt: > > * 3004.1 > * 3003.4 > * 3002.8
Thanks for reporting! Is there a mailing list or something where these are announced? Maintainer, please stabilize 3002.7 and 3003.3.
> Is there a mailing list or something where these are announced? Yes, there are a variety of places. * https://groups.google.com/g/salt-announce - This group is mainly announcements for all new releases. * https://saltproject.io/security_announcements/ - This is the main page for security leases (and info). - This can be tracked using its RSS feed: + https://saltproject.io/feed/?post_type=security * https://app.slack.com/client/T7KPDM7M3/CNZKJMQ1E - Probably not so helpful here but there's also the `#announcements` channel on the community Slack instance.
(In reply to Imran Iqbal from comment #2) > > Is there a mailing list or something where these are announced? > > Yes, there are a variety of places. > > * https://groups.google.com/g/salt-announce > - This group is mainly announcements for all new releases. > * https://saltproject.io/security_announcements/ > - This is the main page for security leases (and info). > - This can be tracked using its RSS feed: > + https://saltproject.io/feed/?post_type=security > * https://app.slack.com/client/T7KPDM7M3/CNZKJMQ1E > - Probably not so helpful here but there's also the `#announcements` > channel on the community Slack instance. Thanks! Should be subscribed to that Google Group now, so I shouldn't miss these in the future.
