关键漏洞信息 安全漏洞修复 CVE-2025-62349 - Patched Tornado for BDSA-2024-3438 (#68377). - Patched Tornado for BDSA-2024-3439 (#68379). - Patched Tornado for BDSA-2025-4645 (#68364). CVE-2025-62348 - Fixed authentication protocol version downgrade vulnerability by adding configuration option (default: 3) to prevent minions from bypassing security features through protocol downgrade attacks (#68467). CVE-2025-62348 - Fixed unsafe YAML loader usage in Junos execution module (#68469). 其他安全相关修复 Fixed leak in SaltMessageServer where the unpacker was re-used on a stream disconnect (#68394). 重要配置变化 Breaking Change: The default value enforces authentication protocol version 3 or higher. If upgrading a deployment with older minions that do not support protocol v3, you must temporarily set in the master configuration before upgrading the master, then upgrade all minions before removing this override (#68467).