Update docs 3000.7

Author: Frode Gundersen

doc/topics/releases/3000.7.rst

@@ -0,0 +1,41 @@
+.. _release-3000-7:
+
+===========================
+Salt 3000.7 Release Notes
+===========================
+
+Version 3000.7 is a CVE fix release for :ref:`3000 <release-3000>`.
+
+Fixed
+-----
+
+- CVE-2020-28243 - Fix local privilege escalation in the restartcheck module.
+
+- CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server
+  validates the SSL/TLS certificate by default. If you want to skip SSL verification
+  you can use `verify_ssl: False`.
+
+- CVE-2020-35662 - Ensure the asam runner, qingcloud, splunk returner, panos
+  proxy, cimc proxy, zenoss module, esxi module, vsphere module, glassfish
+  module, bigip module, and keystone module validate SSL by default. If you want
+  to skip SSL verification you can use `verify_ssl: False`.
+
+- CVE-2021-3148 - Fix a command injection in the Salt-API when using the
+  Salt-SSH client.
+
+- CVE-2021-3144 - Fix eauth tokens can be used once after expiration
+
+- CVE-2021-25281 - Fix salt-api so it honors eauth credentials for the
+  wheel_async client.
+
+- CVE-2021-25282 - Fix the salt.wheel.pillar_roots.write method so it is not
+  vulnerable to directory traversal.
+
+- CVE-2021-25283 - Fix the jinja render to protect against server side template
+  injection attacks.
+
+- CVE-2021-25284 - Fix cmdmod so it will not log credentials to log levels info
+  and error.
+
+- CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided
+  by cli and netapi.