2018.3.3 Released - Security Advisory

Skip to first unread message


Oct 24, 2018, 11:40:07 AM10/24/18
We are pleased to announce the 2018.3.3 release of Salt!

Release notes can be found here:
Instructions for installing the latest packages can be found here:

Sources are available on PyPI:

Please note that this means that the version of Salt in /latest/ on the SaltStack repo has changed. If you wish to pin to a specific release rather than
updating to the latest version, please follow the instructions on repo.saltstack.com for each distribution.

2018.3.3 is a security release. The following CVE's were fixed as part of this release:

CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.

CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.

NOTE: We are still currently continuing the following release tasks and will update here when they are completed: Building Docs for Release (This includes Release Notes) and Testing the Downloads of Live Packages.

Thank you, as always, for your contributions.

Megan Wilhite

Oct 24, 2018, 2:16:32 PM10/24/18
to Salt-users
All other release steps have been completed. Thank you for your patience.
Reply all
Reply to author
0 new messages