.. _release-3005-2:

=========================
Salt 3005.2 Release Notes
=========================

Version 3005.2 is a CVE security fix release for :ref:`3005 <release-3005>`.


Changed
-------

- Additional required package upgrades

  * It's now `pyzmq>=20.0.0` on all platforms, and `<=22.0.3` just for windows.
  * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. (#63757)


Security
--------

- fix CVE-2023-20897 by catching exception instead of letting exception disrupt connection (cve-2023-20897)
- Fixed gitfs cachedir_basename to avoid hash collisions. Added MP Lock to gitfs. These changes should stop race conditions. (cve-2023-20898)
- Upgrade to `requests==2.31.0`

  Due to:
    * https://github.com/advisories/GHSA-j8r2-6x86-q33q (#64336)
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)

  Also resolves the following cryptography advisories:

  Due to:
    * https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
    * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
    * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r

  There is no security upgrade available for Py3.5 (#64595)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7

  Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720)
