We are embarrassed to say, but 0.15.0 had a number of showstopper bugs that required a quick update to 0.15.1. The sources for 0.15.1 were posted yesterday and the package maintainers were informed so that they could get a head start on packaging. Packages for Arch Linux and Debian (via debian.saltstack.org) are up. Packages will hit Fedora and EPEL this afternoon and Ubuntu packages are being finished. Windows installers will be released this afternoon as well.
In
light of the bugs found in 0.15.0 we are looking into changing our
release cycle to better allow for such issues to be found and we are
looking at spending more time developing tests. We have also hired a few
more full time employees to assist in the efforts to better stabilize
Salt. The details about new hires and new release processes will be made public shortly.
This release fixes a serious security issue found in the way that RSA keys were being generated. Over the past year the cryptography in Salt has been reviewed privately by several security teams and have reported any issues or holes back to us. Somehow this one has slipped through. As a result, we are recommending that existing Salt keys be regenerated once 0.15.1 has been deployed on the master and all minions. A ‘key_regen’ routine has been added to 0.15.1 to make this transition easier. The following sequence is a convenient way to regenerate all keys in an environment:
salt-run manage.key_regen
You will be prompted to restart the master. Once completed, all keys in the environment will have been regenerated and you will need to accept the new keys using the following command:
salt-key -A
This security issue was discovered on Tuesday and we’ve been working non-stop to fix the issue, have the code re-audited and prepare the release.
As usual the source can be downloaded from pypi:
https://pypi.python.org/packages/source/s/salt/salt-0.15.1.tar.gz
Suse packagrs are alsook ready since yesterday.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
EPEL packages hit epel testing first and sit there for a few weeks. Take a look at epel testing
Well, technically long-term support is what Salt Stack Enterprise is for. ;-)That said, we are working towards release candidates and similar.
--
--