diff --git a/CHANGELOG.md b/CHANGELOG.md
index ec71450f23e7..834323eec49f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,374 @@ Versions are `MAJOR.PATCH`.
 
 # Changelog
 
+## 3006.0 (2023-04-18)
+
+
+### Removed
+
+- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+- Removed the PyObjC dependency.
+
+  This addresses problems with building a one dir build for macOS.
+  It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+  Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+
+### Deprecated
+
+- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+  `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+
+### Changed
+
+- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+- ``umask`` is now a global state argument, instead of only applying to ``cmd``
+  states. [#57803](https://github.com/saltstack/salt/issues/57803)
+- Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+- Add missing MariaDB Grants to mysql module.
+  MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+  Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+- netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+  By default all clients will now be disabled. Users of salt-api will need
+  to update their master config to enable the clients that they use. Not adding
+  the netapi_enable_clients option with required clients to the master config will
+  disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050)
+- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+- Upgraded to `relenv==0.9.0` [#63883](https://github.com/saltstack/salt/issues/63883)
+
+
+### Fixed
+
+- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+- linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+  states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+- state.orchestrate_single only passes a pillar if it is set to the state
+  function. This allows it to be used with state functions that don't accept a
+  pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+  Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+  `osfinger` grains if lsb-release is installed or not. They have been changed to
+  only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+- Pass executable path from _get_path_exec() is used when calling the program.
+  The $HOME env is no longer modified globally.
+  Only trailing newlines are stripped from the fetched secret.
+  Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+- Remove mako as a dependency in Windows and macOS. [#62785](https://github.com/saltstack/salt/issues/62785)
+- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+- Include UID and GID checks in modules.file.check_perms as well as comparing
+  ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+- The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+  already present, which makes it accessible via the
+  `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+- Fix mongo authentication for mongo ext_pillar and mongo returner
+
+  This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+- User responsible for the runner is now correctly reported in the events on the event bus for the runner. [#63148](https://github.com/saltstack/salt/issues/63148)
+- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+- ``service.status`` on Windows does no longer throws a CommandExecutionError if
+  the service is not found on the system. It now returns "Not Found" instead. [#63577](https://github.com/saltstack/salt/issues/63577)
+- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+- Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (``delete_after``) [#63650](https://github.com/saltstack/salt/issues/63650)
+- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+- have salt.template.compile_template_str cleanup its temp files. [#63724](https://github.com/saltstack/salt/issues/63724)
+- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+- Fixed an issue with generating fingerprints for public keys with different line endings [#63742](https://github.com/saltstack/salt/issues/63742)
+- Add `fileserver_interval` and `maintenance_interval` master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won't leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master's memory usage in check. [#63747](https://github.com/saltstack/salt/issues/63747)
+- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
+- Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org. [#63806](https://github.com/saltstack/salt/issues/63806)
+- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+- Ensure kwargs is passed along to _call_apt when passed into install function. [#63847](https://github.com/saltstack/salt/issues/63847)
+- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+- add linux_distribution to util to stop dep warning [#63904](https://github.com/saltstack/salt/issues/63904)
+- Fix valuerror when trying to close fileclient. Remove usage of __del__ and close the filclient properly. [#63920](https://github.com/saltstack/salt/issues/63920)
+- Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. [#63923](https://github.com/saltstack/salt/issues/63923)
+- Clarifying documentation for extension_modules configuration option. [#63929](https://github.com/saltstack/salt/issues/63929)
+- Windows pkg module now properly handles versions containing strings [#63935](https://github.com/saltstack/salt/issues/63935)
+- Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function. [#63948](https://github.com/saltstack/salt/issues/63948)
+- Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows [#63981](https://github.com/saltstack/salt/issues/63981)
+- Hardened permissions on workers.ipc and master_event_pub.ipc. [#64063](https://github.com/saltstack/salt/issues/64063)
+
+
+### Added
+
+- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+  but can be individually customized during installation by specifying
+  `--salt-lib-state-dir` during installation. Change the default `pki_dir` to
+  `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+  (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+- Added `openvswitch_db` state module and functions `bridge_to_parent`,
+  `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+  Also added optional `parent` and `vlan` parameters to the
+  `openvswitch_bridge.present` state module function and the
+  `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+  Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+  Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+  Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+- Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+- Fix running fast tests twice and add git labels to suite. [#63081](https://github.com/saltstack/salt/issues/63081)
+- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+  This allows users to enable state_events on a per use basis rather than having to
+  enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+- Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used. [#63956](https://github.com/saltstack/salt/issues/63956)
+- Add --next-release argument to salt/version.py, which prints the next upcoming release. [#64023](https://github.com/saltstack/salt/issues/64023)
+
+
+### Security
+
+- Upgrade Requirements Due to Security Issues.
+
+  * Upgrade to `cryptography>=39.0.1` due to:
+    * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
+    * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
+  * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade.
+  * Update to `markdown-it-py==2.2.0` due to:
+    * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3
+    * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 [#63882](https://github.com/saltstack/salt/issues/63882)
+
+
 ## 3006.0rc3 (2023-03-29)
 
 
diff --git a/changelog/31468.added.md b/changelog/31468.added.md
deleted file mode 100644
index f1b2b802ba99..000000000000
--- a/changelog/31468.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Allow users to enable 'queue=True' for all state runs via config file
diff --git a/changelog/3396.added.md b/changelog/3396.added.md
deleted file mode 100644
index 8a6987bb4a5e..000000000000
--- a/changelog/3396.added.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
-but can be individually customized during installation by specifying
-`--salt-lib-state-dir` during installation. Change the default `pki_dir` to
-`<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
-(for the minion).
diff --git a/changelog/36138.fixed.md b/changelog/36138.fixed.md
deleted file mode 100644
index 78b2e97cc44f..000000000000
--- a/changelog/36138.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Add kwargs to handle extra parameters for http.query
diff --git a/changelog/39292.fixed.md b/changelog/39292.fixed.md
deleted file mode 100644
index cbb472423aa8..000000000000
--- a/changelog/39292.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix mounted bind mounts getting active mount options added
diff --git a/changelog/40054.fixed.md b/changelog/40054.fixed.md
deleted file mode 100644
index 57641e5c186b..000000000000
--- a/changelog/40054.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix `sysctl.present` converts spaces to tabs.
diff --git a/changelog/42306.fixed.md b/changelog/42306.fixed.md
deleted file mode 100644
index d63927491711..000000000000
--- a/changelog/42306.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixes state pkg.purged to purge removed packages on Debian family systems
diff --git a/changelog/43287.added.md b/changelog/43287.added.md
deleted file mode 100644
index 90b47e65d443..000000000000
--- a/changelog/43287.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added pillar templating to vault policies
diff --git a/changelog/45823.fixed.md b/changelog/45823.fixed.md
deleted file mode 100644
index e419ad4f7e91..000000000000
--- a/changelog/45823.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix fun_args missing from syndic returns
diff --git a/changelog/47201.fixed.md b/changelog/47201.fixed.md
deleted file mode 100644
index 0dbb18186a9e..000000000000
--- a/changelog/47201.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True
diff --git a/changelog/48609.changed.md b/changelog/48609.changed.md
deleted file mode 100644
index 92f1dc00f8e5..000000000000
--- a/changelog/48609.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-More intelligent diffing in changes of file.serialize state.
diff --git a/changelog/49310.fixed.md b/changelog/49310.fixed.md
deleted file mode 100644
index ce6c5536b30b..000000000000
--- a/changelog/49310.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Issue #49310: Allow users to touch a file with Unix date of birth
diff --git a/changelog/49430.changed.md b/changelog/49430.changed.md
deleted file mode 100644
index 4e94ec3f596f..000000000000
--- a/changelog/49430.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead.
diff --git a/changelog/51088.added.md b/changelog/51088.added.md
deleted file mode 100644
index a87c8890668b..000000000000
--- a/changelog/51088.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray
diff --git a/changelog/51620.fixed.md b/changelog/51620.fixed.md
deleted file mode 100644
index 79deac1397fe..000000000000
--- a/changelog/51620.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Do not raise an exception in pkg.info_installed on nonzero return code
diff --git a/changelog/51739.fixed.md b/changelog/51739.fixed.md
deleted file mode 100644
index 97ee15c00197..000000000000
--- a/changelog/51739.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled.
diff --git a/changelog/52167.fixed.md b/changelog/52167.fixed.md
deleted file mode 100644
index 4a13253aaaa6..000000000000
--- a/changelog/52167.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement.
diff --git a/changelog/52354.fixed.md b/changelog/52354.fixed.md
deleted file mode 100644
index af885d77fa4f..000000000000
--- a/changelog/52354.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Don't check for cached pillar errors on state.apply
diff --git a/changelog/52400.fixed.md b/changelog/52400.fixed.md
deleted file mode 100644
index 1d806f80cbcf..000000000000
--- a/changelog/52400.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner.
diff --git a/changelog/53353.fixed.md b/changelog/53353.fixed.md
deleted file mode 100644
index cadda5448ccf..000000000000
--- a/changelog/53353.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess.
diff --git a/changelog/53377.fixed.md b/changelog/53377.fixed.md
deleted file mode 100644
index d1eac3cfff3e..000000000000
--- a/changelog/53377.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-When user_create or user_remove fail, return False instead of returning the error.
diff --git a/changelog/53914.fixed.md b/changelog/53914.fixed.md
deleted file mode 100644
index 5b08af666471..000000000000
--- a/changelog/53914.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Include sync_roster when sync_all is called.
diff --git a/changelog/53988.fixed.md b/changelog/53988.fixed.md
deleted file mode 100644
index 8220d4acddd6..000000000000
--- a/changelog/53988.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Avoid warning noise in lograte.get
diff --git a/changelog/54347.fixed.md b/changelog/54347.fixed.md
deleted file mode 100644
index 307e630eccf6..000000000000
--- a/changelog/54347.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed listing revoked keys with gpg.list_keys
diff --git a/changelog/54508.fixed.md b/changelog/54508.fixed.md
deleted file mode 100644
index 0292039705a1..000000000000
--- a/changelog/54508.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix mount.mounted does not handle blanks properly
diff --git a/changelog/54679.added.md b/changelog/54679.added.md
deleted file mode 100644
index c0d663f8926b..000000000000
--- a/changelog/54679.added.md
+++ /dev/null
@@ -1 +0,0 @@
-A new salt-ssh roster that generates a roster by parses a known_hosts file.
diff --git a/changelog/54682.fixed.md b/changelog/54682.fixed.md
deleted file mode 100644
index 87a958c2a79e..000000000000
--- a/changelog/54682.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering.
diff --git a/changelog/54713.added.md b/changelog/54713.added.md
deleted file mode 100644
index 174564b4162e..000000000000
--- a/changelog/54713.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added Windows Event Viewer support
diff --git a/changelog/54907.fixed.md b/changelog/54907.fixed.md
deleted file mode 100644
index 1f29c53b1adf..000000000000
--- a/changelog/54907.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix spelling error for python_shell argument in dpkg_lower module
diff --git a/changelog/55226.fixed.md b/changelog/55226.fixed.md
deleted file mode 100644
index 6947dc684aa7..000000000000
--- a/changelog/55226.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql)
diff --git a/changelog/55269.fixed.md b/changelog/55269.fixed.md
deleted file mode 100644
index 42543738580f..000000000000
--- a/changelog/55269.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed malformed state return when testing file.managed with unavailable source file
diff --git a/changelog/55295.deprecated.md b/changelog/55295.deprecated.md
deleted file mode 100644
index 71c9da60baae..000000000000
--- a/changelog/55295.deprecated.md
+++ /dev/null
@@ -1,2 +0,0 @@
-renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
-`keep_jobs` will be removed in the Argon release
diff --git a/changelog/56013.added.md b/changelog/56013.added.md
deleted file mode 100644
index a249f407a456..000000000000
--- a/changelog/56013.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file
diff --git a/changelog/56016.fixed.md b/changelog/56016.fixed.md
deleted file mode 100644
index de186daa9d09..000000000000
--- a/changelog/56016.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Included stdout in error message for Zypper calls in zypperpkg module.
diff --git a/changelog/56093.fixed.md b/changelog/56093.fixed.md
deleted file mode 100644
index 2b898dd72f37..000000000000
--- a/changelog/56093.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed pillar.filter_by with salt-ssh
diff --git a/changelog/57139.fixed.md b/changelog/57139.fixed.md
deleted file mode 100644
index af460e9b2a71..000000000000
--- a/changelog/57139.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix boto_route53 issue with (multiple) VPCs.
diff --git a/changelog/57180.fixed.md b/changelog/57180.fixed.md
deleted file mode 100644
index af885d77fa4f..000000000000
--- a/changelog/57180.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Don't check for cached pillar errors on state.apply
diff --git a/changelog/57463.fixed.md b/changelog/57463.fixed.md
deleted file mode 100644
index d0678bf0e286..000000000000
--- a/changelog/57463.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove log from mine runner which was not used.
diff --git a/changelog/57500.added.md b/changelog/57500.added.md
deleted file mode 100644
index 91af2f8bae25..000000000000
--- a/changelog/57500.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added resource tagging functions to boto_dynamodb execution module
diff --git a/changelog/57535.fixed.md b/changelog/57535.fixed.md
deleted file mode 100644
index 23e8ceaff939..000000000000
--- a/changelog/57535.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement.
diff --git a/changelog/57803.changed.md b/changelog/57803.changed.md
deleted file mode 100644
index f278bd479a76..000000000000
--- a/changelog/57803.changed.md
+++ /dev/null
@@ -1,2 +0,0 @@
-``umask`` is now a global state argument, instead of only applying to ``cmd``
-states.
diff --git a/changelog/57842.fixed.md b/changelog/57842.fixed.md
deleted file mode 100644
index c708020bd1ae..000000000000
--- a/changelog/57842.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Updating Slack engine to use slack_bolt library.
diff --git a/changelog/58165.fixed.md b/changelog/58165.fixed.md
deleted file mode 100644
index 31a76928f7a5..000000000000
--- a/changelog/58165.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module.
diff --git a/changelog/58202.fixed.md b/changelog/58202.fixed.md
deleted file mode 100644
index b4cf0c0add78..000000000000
--- a/changelog/58202.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix salt.modules.pip:is_installed doesn't handle locally installed packages
diff --git a/changelog/58297.fixed.md b/changelog/58297.fixed.md
deleted file mode 100644
index 4aaa88034131..000000000000
--- a/changelog/58297.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
diff --git a/changelog/58423.fixed.md b/changelog/58423.fixed.md
deleted file mode 100644
index ea678fb69856..000000000000
--- a/changelog/58423.fixed.md
+++ /dev/null
@@ -1,2 +0,0 @@
-linux_shadow: Fix cases where malformed shadow entries cause `user.present`
-states to fail.
diff --git a/changelog/58729.fixed.md b/changelog/58729.fixed.md
deleted file mode 100644
index 6e806784a369..000000000000
--- a/changelog/58729.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed salt.utils.compat.cmp to work with dictionaries
diff --git a/changelog/58953.fixed.md b/changelog/58953.fixed.md
deleted file mode 100644
index fd8b01baec65..000000000000
--- a/changelog/58953.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed formatting for terse output mode
diff --git a/changelog/58971.changed.md b/changelog/58971.changed.md
deleted file mode 100644
index d0d54ec84a15..000000000000
--- a/changelog/58971.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items.
diff --git a/changelog/58986.added.md b/changelog/58986.added.md
deleted file mode 100644
index ba03c9324b77..000000000000
--- a/changelog/58986.added.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Added `openvswitch_db` state module and functions `bridge_to_parent`,
-`bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
-Also added optional `parent` and `vlan` parameters to the
-`openvswitch_bridge.present` state module function and the
-`openvswitch.bridge_create` execution module function.
diff --git a/changelog/59017.fixed.md b/changelog/59017.fixed.md
deleted file mode 100644
index a34acd3429de..000000000000
--- a/changelog/59017.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed RecursiveDictDiffer with added nested dicts
diff --git a/changelog/59169.fixed.md b/changelog/59169.fixed.md
deleted file mode 100644
index 718be2a22e3b..000000000000
--- a/changelog/59169.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement.
diff --git a/changelog/59183.fixed.md b/changelog/59183.fixed.md
deleted file mode 100644
index 953c94b2b5da..000000000000
--- a/changelog/59183.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed saltnado websockets disconnecting immediately
diff --git a/changelog/59315.fixed.md b/changelog/59315.fixed.md
deleted file mode 100644
index 67fa822f6785..000000000000
--- a/changelog/59315.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement.
diff --git a/changelog/59339.fixed.md b/changelog/59339.fixed.md
deleted file mode 100644
index af885d77fa4f..000000000000
--- a/changelog/59339.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Don't check for cached pillar errors on state.apply
diff --git a/changelog/59439.changed.md b/changelog/59439.changed.md
deleted file mode 100644
index 282c55a658fe..000000000000
--- a/changelog/59439.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Improve support for listing macOS brew casks
diff --git a/changelog/59585.fixed.md b/changelog/59585.fixed.md
deleted file mode 100644
index c73593f7dec7..000000000000
--- a/changelog/59585.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix postgres_privileges.present not idempotent for functions
diff --git a/changelog/59766.fixed.md b/changelog/59766.fixed.md
deleted file mode 100644
index 24feb19ddf50..000000000000
--- a/changelog/59766.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create.
diff --git a/changelog/59786.fixed.md b/changelog/59786.fixed.md
deleted file mode 100644
index 00612d70fbf1..000000000000
--- a/changelog/59786.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url.
diff --git a/changelog/59909.fixed.md b/changelog/59909.fixed.md
deleted file mode 100644
index b16c524c7a92..000000000000
--- a/changelog/59909.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-add load balancing policy default option and ensure the module can be executed with arguments from CLI
diff --git a/changelog/59917.removed.md b/changelog/59917.removed.md
deleted file mode 100644
index a91e76d6acdf..000000000000
--- a/changelog/59917.removed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon.
diff --git a/changelog/60003.fixed.md b/changelog/60003.fixed.md
deleted file mode 100644
index 7b0ccd4010c5..000000000000
--- a/changelog/60003.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix salt-ssh when using imports with extra-filerefs.
diff --git a/changelog/60154.added.md b/changelog/60154.added.md
deleted file mode 100644
index 3957b19ce93b..000000000000
--- a/changelog/60154.added.md
+++ /dev/null
@@ -1 +0,0 @@
-State module to manage SysFS attributes
diff --git a/changelog/60170.fixed.md b/changelog/60170.fixed.md
deleted file mode 100644
index b19324a76cd0..000000000000
--- a/changelog/60170.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed cache directory corruption startup error
diff --git a/changelog/60227.fixed.md b/changelog/60227.fixed.md
deleted file mode 100644
index 60d46b466364..000000000000
--- a/changelog/60227.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Update docs remove dry_run in docstring of file.blockreplace state.
diff --git a/changelog/60249.fixed.md b/changelog/60249.fixed.md
deleted file mode 100644
index f44049f3f2bd..000000000000
--- a/changelog/60249.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Adds Parrot to OS_Family_Map in grains.
diff --git a/changelog/60365.fixed.md b/changelog/60365.fixed.md
deleted file mode 100644
index 778334ee4b39..000000000000
--- a/changelog/60365.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions
diff --git a/changelog/60430.added.md b/changelog/60430.added.md
deleted file mode 100644
index cee2d2758543..000000000000
--- a/changelog/60430.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value.
diff --git a/changelog/60467.fixed.md b/changelog/60467.fixed.md
deleted file mode 100644
index 6adc3e29cbfc..000000000000
--- a/changelog/60467.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Use return code in iptables --check to verify rule exists.
diff --git a/changelog/60476.removed.md b/changelog/60476.removed.md
deleted file mode 100644
index e72141263e1c..000000000000
--- a/changelog/60476.removed.md
+++ /dev/null
@@ -1 +0,0 @@
-Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12
diff --git a/changelog/60518.added.md b/changelog/60518.added.md
deleted file mode 100644
index 322ee04da17f..000000000000
--- a/changelog/60518.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname)
diff --git a/changelog/60557.fixed.md b/changelog/60557.fixed.md
deleted file mode 100644
index 0634bc839528..000000000000
--- a/changelog/60557.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix regression pip.installed does not pass env_vars when calling pip.list
diff --git a/changelog/60700.added.md b/changelog/60700.added.md
deleted file mode 100644
index 91eee4260d5e..000000000000
--- a/changelog/60700.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added autostart option to virt.defined and virt.running states, along with virt.update execution modules.
diff --git a/changelog/60722.added.md b/changelog/60722.added.md
deleted file mode 100644
index 183fbc8b8e95..000000000000
--- a/changelog/60722.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added .0 back to our versioning scheme for future versions (e.g. 3006.0)
diff --git a/changelog/60853.fixed.md b/changelog/60853.fixed.md
deleted file mode 100644
index 3264c66ad7cd..000000000000
--- a/changelog/60853.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix xfs module when additional output included in mkfs.xfs command.
diff --git a/changelog/60915.fixed.md b/changelog/60915.fixed.md
deleted file mode 100644
index f3c2644c723e..000000000000
--- a/changelog/60915.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed parsing new format of terraform states in roster.terraform
diff --git a/changelog/60994.fixed.md b/changelog/60994.fixed.md
deleted file mode 100644
index 3c4be7014888..000000000000
--- a/changelog/60994.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed recognizing installed ARMv7 rpm packages in compatible architectures.
diff --git a/changelog/60995.fixed.md b/changelog/60995.fixed.md
deleted file mode 100644
index 9a81e1b254a5..000000000000
--- a/changelog/60995.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixing changes dict in pkg state to be consistent when installing and test=True.
diff --git a/changelog/60997.fixed.md b/changelog/60997.fixed.md
deleted file mode 100644
index 779005f5014f..000000000000
--- a/changelog/60997.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix cron.present duplicating entries when changing timespec to special.
diff --git a/changelog/61083.fixed.md b/changelog/61083.fixed.md
deleted file mode 100644
index 2d78d777bd7a..000000000000
--- a/changelog/61083.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Made salt-ssh respect --wipe again
diff --git a/changelog/61092.fixed.md b/changelog/61092.fixed.md
deleted file mode 100644
index 6ca66839c962..000000000000
--- a/changelog/61092.fixed.md
+++ /dev/null
@@ -1,3 +0,0 @@
-state.orchestrate_single only passes a pillar if it is set to the state
-function. This allows it to be used with state functions that don't accept a
-pillar keyword argument.
diff --git a/changelog/61122.fixed.md b/changelog/61122.fixed.md
deleted file mode 100644
index 85fc69674aee..000000000000
--- a/changelog/61122.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix ipset state when the comment kwarg is set.
diff --git a/changelog/61153.added.md b/changelog/61153.added.md
deleted file mode 100644
index ad7b978a7f2f..000000000000
--- a/changelog/61153.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy.
diff --git a/changelog/61245.added.md b/changelog/61245.added.md
deleted file mode 100644
index 83b0b1ae60d1..000000000000
--- a/changelog/61245.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added node label support for GCE
diff --git a/changelog/61319.added.md b/changelog/61319.added.md
deleted file mode 100644
index 990bd79c9747..000000000000
--- a/changelog/61319.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Support the --priority flag when adding sources to Chocolatey.
diff --git a/changelog/61335.added.md b/changelog/61335.added.md
deleted file mode 100644
index 25d64d763f78..000000000000
--- a/changelog/61335.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add namespace option to ext_pillar.http_json
diff --git a/changelog/61409.changed.md b/changelog/61409.changed.md
deleted file mode 100644
index 1c210d80b343..000000000000
--- a/changelog/61409.changed.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Add missing MariaDB Grants to mysql module.
-MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
-Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error.
diff --git a/changelog/61420.added.md b/changelog/61420.added.md
deleted file mode 100644
index 5ca782ff9169..000000000000
--- a/changelog/61420.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added a filter function to ps module to get a list of processes on a minion according to their state.
diff --git a/changelog/61422.fixed.md b/changelog/61422.fixed.md
deleted file mode 100644
index ee9b1579e25a..000000000000
--- a/changelog/61422.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix issue with archive.unzip where the password was not being encoded for the extract function
diff --git a/changelog/61433.added.md b/changelog/61433.added.md
deleted file mode 100644
index 9cc27679ecee..000000000000
--- a/changelog/61433.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add postgres.timeout option to postgres module for limiting postgres query times
diff --git a/changelog/61542.deprecated.md b/changelog/61542.deprecated.md
deleted file mode 100644
index 121d646dd4bd..000000000000
--- a/changelog/61542.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Removing all references to napalm-base which is no longer supported.
diff --git a/changelog/61618.fixed.md b/changelog/61618.fixed.md
deleted file mode 100644
index 0f38289e2cbe..000000000000
--- a/changelog/61618.fixed.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
-Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
-`osfinger` grains if lsb-release is installed or not. They have been changed to
-only derive these OS grains from `/etc/os-release`.
diff --git a/changelog/61619.fixed.md b/changelog/61619.fixed.md
deleted file mode 100644
index 4f9159792c90..000000000000
--- a/changelog/61619.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10.
diff --git a/changelog/61650.fixed.md b/changelog/61650.fixed.md
deleted file mode 100644
index c60f78baa95a..000000000000
--- a/changelog/61650.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix ssh config roster to correctly parse the ssh config files that contain spaces.
diff --git a/changelog/61727.fixed.md b/changelog/61727.fixed.md
deleted file mode 100644
index 296c6528e0ac..000000000000
--- a/changelog/61727.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix SoftLayer configuration not raising an exception when a domain is missing
diff --git a/changelog/61789.fixed.md b/changelog/61789.fixed.md
deleted file mode 100644
index e7cae60262d4..000000000000
--- a/changelog/61789.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry
diff --git a/changelog/61805.fixed.md b/changelog/61805.fixed.md
deleted file mode 100644
index 1a0339fb6a63..000000000000
--- a/changelog/61805.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function.
diff --git a/changelog/61814.fixed.md b/changelog/61814.fixed.md
deleted file mode 100644
index 6d06855ebb80..000000000000
--- a/changelog/61814.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed malformed state return when merge-serializing to an improperly formatted file
diff --git a/changelog/61816.fixed.md b/changelog/61816.fixed.md
deleted file mode 100644
index f45856f2b5e1..000000000000
--- a/changelog/61816.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service)
diff --git a/changelog/61821.fixed.md b/changelog/61821.fixed.md
deleted file mode 100644
index 6ff1221f5436..000000000000
--- a/changelog/61821.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-When deleting the vault cache, also delete from the session cache
diff --git a/changelog/61827.fixed.md b/changelog/61827.fixed.md
deleted file mode 100644
index 57747ce1ee5d..000000000000
--- a/changelog/61827.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information.
diff --git a/changelog/61857.added.md b/changelog/61857.added.md
deleted file mode 100644
index d9400702845f..000000000000
--- a/changelog/61857.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config.
diff --git a/changelog/61859.fixed.md b/changelog/61859.fixed.md
deleted file mode 100644
index 1bfcbec99b07..000000000000
--- a/changelog/61859.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-win_lgpo: Display conflicting policy names when more than one policy is found
diff --git a/changelog/61860.fixed.md b/changelog/61860.fixed.md
deleted file mode 100644
index 3b64fade1953..000000000000
--- a/changelog/61860.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy
diff --git a/changelog/61931.added.md b/changelog/61931.added.md
deleted file mode 100644
index c6b1d318e78a..000000000000
--- a/changelog/61931.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add ipwrap() jinja filter to wrap IPv6 addresses with brackets.
diff --git a/changelog/61966.fixed.md b/changelog/61966.fixed.md
deleted file mode 100644
index e772fcf33af4..000000000000
--- a/changelog/61966.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed listing minions on OpenBSD
diff --git a/changelog/62009.added.md b/changelog/62009.added.md
deleted file mode 100644
index 7a8303d4fecb..000000000000
--- a/changelog/62009.added.md
+++ /dev/null
@@ -1 +0,0 @@
-'tcp' transport is now available in ipv6-only network
diff --git a/changelog/62009.deprecated.md b/changelog/62009.deprecated.md
deleted file mode 100644
index e9455f07a7b5..000000000000
--- a/changelog/62009.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py
diff --git a/changelog/62019.fixed.md b/changelog/62019.fixed.md
deleted file mode 100644
index 8a772963e47d..000000000000
--- a/changelog/62019.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Make Salt to return an error on "pkg" modules and states when targeting duplicated package names
diff --git a/changelog/62022.fixed.md b/changelog/62022.fixed.md
deleted file mode 100644
index 49084228f9c6..000000000000
--- a/changelog/62022.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix return of REST-returned permissions when auth_list is set
diff --git a/changelog/62029.fixed.md b/changelog/62029.fixed.md
deleted file mode 100644
index b468d5a14989..000000000000
--- a/changelog/62029.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture.
diff --git a/changelog/62030.fixed.md b/changelog/62030.fixed.md
deleted file mode 100644
index bd6046360695..000000000000
--- a/changelog/62030.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade()
diff --git a/changelog/62031.added.md b/changelog/62031.added.md
deleted file mode 100644
index f0b66ff96f55..000000000000
--- a/changelog/62031.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add `diff_attr` parameter to pkg.upgrade() (zypper/yum).
diff --git a/changelog/62032.fixed.md b/changelog/62032.fixed.md
deleted file mode 100644
index ceb3cc89b95d..000000000000
--- a/changelog/62032.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix attr=all handling in pkg.list_pkgs() (yum/zypper).
diff --git a/changelog/62053.fixed.md b/changelog/62053.fixed.md
deleted file mode 100644
index 24d281b5f477..000000000000
--- a/changelog/62053.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap
diff --git a/changelog/62058.fixed.md b/changelog/62058.fixed.md
deleted file mode 100644
index 9329631635cb..000000000000
--- a/changelog/62058.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias
diff --git a/changelog/62074.fixed.md b/changelog/62074.fixed.md
deleted file mode 100644
index 9910d51c1b73..000000000000
--- a/changelog/62074.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix ordering of args to libcloud_storage.download_object module
diff --git a/changelog/62082.fixed.md b/changelog/62082.fixed.md
deleted file mode 100644
index 02e5f5ff407e..000000000000
--- a/changelog/62082.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Ignore extend declarations in sls files that are excluded.
diff --git a/changelog/62089.changed.md b/changelog/62089.changed.md
deleted file mode 100644
index 09feb2e92251..000000000000
--- a/changelog/62089.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Use VENV_PIP_TARGET environment variable as a default target for pip if present.
diff --git a/changelog/62101.fixed.md b/changelog/62101.fixed.md
deleted file mode 100644
index 99de5bbf0a3e..000000000000
--- a/changelog/62101.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove leftover usage of impacket
diff --git a/changelog/62120.added.md b/changelog/62120.added.md
deleted file mode 100644
index 4303d124f0b7..000000000000
--- a/changelog/62120.added.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
-Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
-Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
-Config option pass_gnupghome allows setting the $GNUPGHOME env for pass.
diff --git a/changelog/62120.fixed.md b/changelog/62120.fixed.md
deleted file mode 100644
index 22a97113833c..000000000000
--- a/changelog/62120.fixed.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Pass executable path from _get_path_exec() is used when calling the program.
-The $HOME env is no longer modified globally.
-Only trailing newlines are stripped from the fetched secret.
-Pass process arguments are handled in a secure way.
diff --git a/changelog/62131.fixed.md b/changelog/62131.fixed.md
deleted file mode 100644
index 67c772568f37..000000000000
--- a/changelog/62131.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Ignore some command return codes in openbsdrcctl_service to prevent spurious errors
diff --git a/changelog/62139.fixed.md b/changelog/62139.fixed.md
deleted file mode 100644
index d9dfd2428a4b..000000000000
--- a/changelog/62139.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt".
diff --git a/changelog/62152.fixed.md b/changelog/62152.fixed.md
deleted file mode 100644
index 752188afe75b..000000000000
--- a/changelog/62152.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up
diff --git a/changelog/62168.changed.md b/changelog/62168.changed.md
deleted file mode 100644
index 564579b4ba7b..000000000000
--- a/changelog/62168.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Disabled FQDNs grains on macOS by default
diff --git a/changelog/62178.added.md b/changelog/62178.added.md
deleted file mode 100644
index 6ada29465845..000000000000
--- a/changelog/62178.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add file.pruned state and expanded file.rmdir exec module functionality
diff --git a/changelog/62185.fixed.md b/changelog/62185.fixed.md
deleted file mode 100644
index e0329c8bf33b..000000000000
--- a/changelog/62185.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Restored Salt's DeprecationWarnings
diff --git a/changelog/62197.fixed.md b/changelog/62197.fixed.md
deleted file mode 100644
index 081a576eb121..000000000000
--- a/changelog/62197.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed issue with forward slashes on Windows with file.recurse and clean=True
diff --git a/changelog/62198.fixed.md b/changelog/62198.fixed.md
deleted file mode 100644
index 9a33558a11d2..000000000000
--- a/changelog/62198.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Recognize OSMC as Debian-based
diff --git a/changelog/62204.fixed.md b/changelog/62204.fixed.md
deleted file mode 100644
index 59f1914593f4..000000000000
--- a/changelog/62204.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed Zypper module failing on RPM lock file being temporarily unavailable.
diff --git a/changelog/62211.fixed.md b/changelog/62211.fixed.md
deleted file mode 100644
index 92a021023a1c..000000000000
--- a/changelog/62211.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Improved error handling and diagnostics in the proxmox salt-cloud driver
diff --git a/changelog/62218.changed.md b/changelog/62218.changed.md
deleted file mode 100644
index 52fca5c39276..000000000000
--- a/changelog/62218.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated
diff --git a/changelog/62220.fixed.md b/changelog/62220.fixed.md
deleted file mode 100644
index ab3eec5d1519..000000000000
--- a/changelog/62220.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Added EndeavourOS to the Arch os_family.
diff --git a/changelog/62235.fixed.md b/changelog/62235.fixed.md
deleted file mode 100644
index a38c9e127d47..000000000000
--- a/changelog/62235.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8
diff --git a/changelog/62239.removed.md b/changelog/62239.removed.md
deleted file mode 100644
index c065051cc9ae..000000000000
--- a/changelog/62239.removed.md
+++ /dev/null
@@ -1 +0,0 @@
-Removed ``runtests`` targets from ``noxfile.py``
diff --git a/changelog/62248.fixed.md b/changelog/62248.fixed.md
deleted file mode 100644
index 50cb42bf406f..000000000000
--- a/changelog/62248.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix pkg.version_cmp on openEuler and a few other os flavors.
diff --git a/changelog/62273.fixed.md b/changelog/62273.fixed.md
deleted file mode 100644
index 1f4caad60855..000000000000
--- a/changelog/62273.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix localhost detection in glusterfs.peers
diff --git a/changelog/62275.added.md b/changelog/62275.added.md
deleted file mode 100644
index 7e9d90525453..000000000000
--- a/changelog/62275.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation
diff --git a/changelog/62281.fixed.md b/changelog/62281.fixed.md
deleted file mode 100644
index f8bf23a7ec7c..000000000000
--- a/changelog/62281.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix Salt Package Manager (SPM) exception when calling spm create_repo .
diff --git a/changelog/62283.fixed.md b/changelog/62283.fixed.md
deleted file mode 100644
index 2a5d60d658bf..000000000000
--- a/changelog/62283.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix matcher slowness due to loader invocation
diff --git a/changelog/62323.fixed.md b/changelog/62323.fixed.md
deleted file mode 100644
index 02fc14e84799..000000000000
--- a/changelog/62323.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD.
diff --git a/changelog/62334.fixed.md b/changelog/62334.fixed.md
deleted file mode 100644
index 37e12d2a86fb..000000000000
--- a/changelog/62334.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect
diff --git a/changelog/62336.fixed.md b/changelog/62336.fixed.md
deleted file mode 100644
index 300de31a0176..000000000000
--- a/changelog/62336.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix pyobjects renderer access to opts and sls
diff --git a/changelog/62346.changed.md b/changelog/62346.changed.md
deleted file mode 100644
index 1e131d3f7153..000000000000
--- a/changelog/62346.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Enhance capture of error messages for Zypper calls in zypperpkg module.
diff --git a/changelog/62366.added.md b/changelog/62366.added.md
deleted file mode 100644
index 00871a8ca85b..000000000000
--- a/changelog/62366.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added the ability to remove a KB using the DISM state/execution modules
diff --git a/changelog/62372.fixed.md b/changelog/62372.fixed.md
deleted file mode 100644
index 1d460b9d0e67..000000000000
--- a/changelog/62372.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix use of random shuffle and sample functions as Jinja filters
diff --git a/changelog/62377.fixed.md b/changelog/62377.fixed.md
deleted file mode 100644
index 1a4bef889cb6..000000000000
--- a/changelog/62377.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix groups with duplicate GIDs are not returned by get_group_list
diff --git a/changelog/62381.added.md b/changelog/62381.added.md
deleted file mode 100644
index 8bea04f2ea49..000000000000
--- a/changelog/62381.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime
diff --git a/changelog/62390.fixed.md b/changelog/62390.fixed.md
deleted file mode 100644
index e5fee65205f8..000000000000
--- a/changelog/62390.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix the "zpool.present" state when enabling zpool features that are already active.
diff --git a/changelog/62398.fixed.md b/changelog/62398.fixed.md
deleted file mode 100644
index c5e10154aeb2..000000000000
--- a/changelog/62398.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix ability to execute remote file client methods in saltcheck
diff --git a/changelog/62400.fixed.md b/changelog/62400.fixed.md
deleted file mode 100644
index 290866b1f533..000000000000
--- a/changelog/62400.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x
diff --git a/changelog/62405.fixed.md b/changelog/62405.fixed.md
deleted file mode 100644
index a8077992fe1e..000000000000
--- a/changelog/62405.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result.
diff --git a/changelog/62408.fixed.md b/changelog/62408.fixed.md
deleted file mode 100644
index 741af586a9c8..000000000000
--- a/changelog/62408.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run.
diff --git a/changelog/62426.fixed.md b/changelog/62426.fixed.md
deleted file mode 100644
index 03242a22d01f..000000000000
--- a/changelog/62426.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Added directory mode for file.copy with makedirs
diff --git a/changelog/62432.removed.md b/changelog/62432.removed.md
deleted file mode 100644
index b696136a2081..000000000000
--- a/changelog/62432.removed.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Removed the PyObjC dependency.
-
-This addresses problems with building a one dir build for macOS.
-It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
-Since it's currently not being used, it's removed.
diff --git a/changelog/62435.fixed.md b/changelog/62435.fixed.md
deleted file mode 100644
index 54286a588502..000000000000
--- a/changelog/62435.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Provide better error handling in the various napalm proxy minion functions when the device is not accessible.
diff --git a/changelog/62439.fixed.md b/changelog/62439.fixed.md
deleted file mode 100644
index 5863b52c2d2f..000000000000
--- a/changelog/62439.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime.
diff --git a/changelog/62446.added.md b/changelog/62446.added.md
deleted file mode 100644
index 86ad064ee97f..000000000000
--- a/changelog/62446.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add ability to provide conditions which convert normal state actions to no-op when true
diff --git a/changelog/62451.fixed.md b/changelog/62451.fixed.md
deleted file mode 100644
index 13164f86955e..000000000000
--- a/changelog/62451.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module
diff --git a/changelog/62461.fixed.md b/changelog/62461.fixed.md
deleted file mode 100644
index 4f8f76ad9433..000000000000
--- a/changelog/62461.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct.
diff --git a/changelog/62474.fixed.md b/changelog/62474.fixed.md
deleted file mode 100644
index bf45b04872a0..000000000000
--- a/changelog/62474.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed parsing CDROM apt sources
diff --git a/changelog/62480.added.md b/changelog/62480.added.md
deleted file mode 100644
index 50044e2d1d95..000000000000
--- a/changelog/62480.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added debug log messages displaying the command being run when installing packages on Windows
diff --git a/changelog/62483.fixed.md b/changelog/62483.fixed.md
deleted file mode 100644
index 54201adde5d4..000000000000
--- a/changelog/62483.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Update sanitizing masking for Salt SSH to include additional password like strings.
diff --git a/changelog/62485.deprecated.md b/changelog/62485.deprecated.md
deleted file mode 100644
index 64fdf5869416..000000000000
--- a/changelog/62485.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI.
diff --git a/changelog/62496.added.md b/changelog/62496.added.md
deleted file mode 100644
index 873138fde967..000000000000
--- a/changelog/62496.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add biosvendor grain
diff --git a/changelog/62499.fixed.md b/changelog/62499.fixed.md
deleted file mode 100644
index 7b307a19d1da..000000000000
--- a/changelog/62499.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix user/group checking on file state functions in the test mode.
diff --git a/changelog/62502.fixed.md b/changelog/62502.fixed.md
deleted file mode 100644
index 5de34ad71be4..000000000000
--- a/changelog/62502.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership.
diff --git a/changelog/62508.added.md b/changelog/62508.added.md
deleted file mode 100644
index 7bf68b441d8f..000000000000
--- a/changelog/62508.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add ifelse Jinja function as found in CFEngine
diff --git a/changelog/62519.fixed.md b/changelog/62519.fixed.md
deleted file mode 100644
index 4d4ac2c746a7..000000000000
--- a/changelog/62519.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion.
diff --git a/changelog/62521.fixed.md b/changelog/62521.fixed.md
deleted file mode 100644
index 35e58e902980..000000000000
--- a/changelog/62521.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver
diff --git a/changelog/62523.fixed.md b/changelog/62523.fixed.md
deleted file mode 100644
index c77cc5d84c85..000000000000
--- a/changelog/62523.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix rendering of pyobjects states in saltcheck
diff --git a/changelog/62527.fixed.md b/changelog/62527.fixed.md
deleted file mode 100644
index 3c9b76ebc337..000000000000
--- a/changelog/62527.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt
diff --git a/changelog/62539.added.md b/changelog/62539.added.md
deleted file mode 100644
index 5f402d61c2d2..000000000000
--- a/changelog/62539.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify.
diff --git a/changelog/62546.fixed.md b/changelog/62546.fixed.md
deleted file mode 100644
index 68ada1d2bc54..000000000000
--- a/changelog/62546.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py.
diff --git a/changelog/62547.fixed.md b/changelog/62547.fixed.md
deleted file mode 100644
index 44b4ff4113d6..000000000000
--- a/changelog/62547.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library.
diff --git a/changelog/62556.fixed.md b/changelog/62556.fixed.md
deleted file mode 100644
index 0dc3a7933ec2..000000000000
--- a/changelog/62556.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix order specific mount.mounted options for persist
diff --git a/changelog/62558.fixed.md b/changelog/62558.fixed.md
deleted file mode 100644
index cdc2a8489db3..000000000000
--- a/changelog/62558.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed salt-cloud cloning a proxmox VM with a specified new vmid.
diff --git a/changelog/62565.fixed.md b/changelog/62565.fixed.md
deleted file mode 100644
index 398b82e6d850..000000000000
--- a/changelog/62565.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix runas with cmd module when using the onedir bundled packages
diff --git a/changelog/62576.fixed.md b/changelog/62576.fixed.md
deleted file mode 100644
index e7f26a80d5ee..000000000000
--- a/changelog/62576.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Update setproctitle version for all platforms
diff --git a/changelog/62578.added.md b/changelog/62578.added.md
deleted file mode 100644
index 1439da3da170..000000000000
--- a/changelog/62578.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack
diff --git a/changelog/62580.fixed.md b/changelog/62580.fixed.md
deleted file mode 100644
index f0c807c30cc1..000000000000
--- a/changelog/62580.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver
diff --git a/changelog/62587.fixed.md b/changelog/62587.fixed.md
deleted file mode 100644
index fc5e2871d100..000000000000
--- a/changelog/62587.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Handle PermissionError when importing crypt when FIPS is enabled.
diff --git a/changelog/62595.fixed.md b/changelog/62595.fixed.md
deleted file mode 100644
index 5462ad7ddaca..000000000000
--- a/changelog/62595.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Correctly reraise exceptions in states.http
diff --git a/changelog/62618.fixed.md b/changelog/62618.fixed.md
deleted file mode 100644
index aeb1ecff6aab..000000000000
--- a/changelog/62618.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions.
diff --git a/changelog/62624.fixed.md b/changelog/62624.fixed.md
deleted file mode 100644
index 661f97e3b463..000000000000
--- a/changelog/62624.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied.
diff --git a/changelog/62633.fixed.md b/changelog/62633.fixed.md
deleted file mode 100644
index 1ab74f9122be..000000000000
--- a/changelog/62633.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline
diff --git a/changelog/62644.deprecated.md b/changelog/62644.deprecated.md
deleted file mode 100644
index 10a5e5fbd58a..000000000000
--- a/changelog/62644.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Deprecated defunct Django returner
diff --git a/changelog/62651.fixed.md b/changelog/62651.fixed.md
deleted file mode 100644
index 402fd42c1709..000000000000
--- a/changelog/62651.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed vault ext pillar return data for KV v2
diff --git a/changelog/62654.fixed.md b/changelog/62654.fixed.md
deleted file mode 100644
index 67a265040adc..000000000000
--- a/changelog/62654.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top
diff --git a/changelog/62657.fixed.md b/changelog/62657.fixed.md
deleted file mode 100644
index d6e83556c0e5..000000000000
--- a/changelog/62657.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix groupadd.* functions hard code relative command name
diff --git a/changelog/62670.fixed.md b/changelog/62670.fixed.md
deleted file mode 100644
index 2fdcb6b8b848..000000000000
--- a/changelog/62670.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed pdbedit.create trying to use a bytes-like hash as string.
diff --git a/changelog/62672.fixed.md b/changelog/62672.fixed.md
deleted file mode 100644
index 579110cce919..000000000000
--- a/changelog/62672.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix depenency on legacy boto module in boto3 modules
diff --git a/changelog/62676.fixed.md b/changelog/62676.fixed.md
deleted file mode 100644
index 81e96f54669a..000000000000
--- a/changelog/62676.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Modified "_get_flags" function so that it returns regex flags instead of integers
diff --git a/changelog/62678.added.md b/changelog/62678.added.md
deleted file mode 100644
index c43db8f964ce..000000000000
--- a/changelog/62678.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Increase file.tidied flexibility with regard to age and size
diff --git a/changelog/62728.fixed.md b/changelog/62728.fixed.md
deleted file mode 100644
index 770237cfd9c5..000000000000
--- a/changelog/62728.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Change startup ReqServer log messages from error to info level.
diff --git a/changelog/62754.deprecated.md b/changelog/62754.deprecated.md
deleted file mode 100644
index 04b44764ca00..000000000000
--- a/changelog/62754.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions
diff --git a/changelog/62761.added.md b/changelog/62761.added.md
deleted file mode 100644
index b0cd0d4a3cba..000000000000
--- a/changelog/62761.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion
diff --git a/changelog/62768.added.md b/changelog/62768.added.md
deleted file mode 100644
index 85cf2b6b345d..000000000000
--- a/changelog/62768.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add atomic file operation for symlink changes
diff --git a/changelog/62772.fixed.md b/changelog/62772.fixed.md
deleted file mode 100644
index c81a3a5908ea..000000000000
--- a/changelog/62772.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix kmod.* functions hard code relative command name
diff --git a/changelog/62785.fixed.md b/changelog/62785.fixed.md
deleted file mode 100644
index a80bd9eade40..000000000000
--- a/changelog/62785.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove mako as a dependency in Windows and macOS.
diff --git a/changelog/62793.fixed.md b/changelog/62793.fixed.md
deleted file mode 100644
index 9e224483e3cb..000000000000
--- a/changelog/62793.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix mac_brew_pkg to work with null taps
diff --git a/changelog/62795.fixed.md b/changelog/62795.fixed.md
deleted file mode 100644
index bbd035493fc9..000000000000
--- a/changelog/62795.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item.
diff --git a/changelog/62817.fixed.md b/changelog/62817.fixed.md
deleted file mode 100644
index ff335f2916b8..000000000000
--- a/changelog/62817.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode
diff --git a/changelog/62818.fixed.md b/changelog/62818.fixed.md
deleted file mode 100644
index 944d2227c7c2..000000000000
--- a/changelog/62818.fixed.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Include UID and GID checks in modules.file.check_perms as well as comparing
-ownership by username and group name.
diff --git a/changelog/62826.fixed.md b/changelog/62826.fixed.md
deleted file mode 100644
index 2f923e70e699..000000000000
--- a/changelog/62826.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly
diff --git a/changelog/62845.fixed.md b/changelog/62845.fixed.md
deleted file mode 100644
index 1bfa3f24293b..000000000000
--- a/changelog/62845.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove Azure deprecation messages from functions that always run w/ salt-cloud
diff --git a/changelog/62854.fixed.md b/changelog/62854.fixed.md
deleted file mode 100644
index 13e6df4fe390..000000000000
--- a/changelog/62854.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0
diff --git a/changelog/62856.added.md b/changelog/62856.added.md
deleted file mode 100644
index 94783785aa57..000000000000
--- a/changelog/62856.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add password/account locking/unlocking in user.present state on supported operating systems
diff --git a/changelog/62858.fixed.md b/changelog/62858.fixed.md
deleted file mode 100644
index bae029fc8959..000000000000
--- a/changelog/62858.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed master job scheduler using when
diff --git a/changelog/62867.added.md b/changelog/62867.added.md
deleted file mode 100644
index fd9ad1d278a0..000000000000
--- a/changelog/62867.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added onchange configuration for script engine
diff --git a/changelog/62873.fixed.md b/changelog/62873.fixed.md
deleted file mode 100644
index 10d1a8c573c3..000000000000
--- a/changelog/62873.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding
diff --git a/changelog/62878.fixed.md b/changelog/62878.fixed.md
deleted file mode 100644
index edcc25ec1f06..000000000000
--- a/changelog/62878.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively.
diff --git a/changelog/62882.fixed.md b/changelog/62882.fixed.md
deleted file mode 100644
index 015b55fdfafc..000000000000
--- a/changelog/62882.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed dockermod version_info function for docker-py 6.0.0+
diff --git a/changelog/62886.fixed.md b/changelog/62886.fixed.md
deleted file mode 100644
index 0c20e2bfa4e9..000000000000
--- a/changelog/62886.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available.
diff --git a/changelog/62895.changed.md b/changelog/62895.changed.md
deleted file mode 100644
index d5bff3866b9d..000000000000
--- a/changelog/62895.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Removed GPG_1_3_1 check
diff --git a/changelog/62900.fixed.md b/changelog/62900.fixed.md
deleted file mode 100644
index 437c1edcef23..000000000000
--- a/changelog/62900.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Updating various MongoDB module functions to work with latest version of pymongo.
diff --git a/changelog/62914.deprecated.md b/changelog/62914.deprecated.md
deleted file mode 100644
index 555240fc1638..000000000000
--- a/changelog/62914.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Removing manufacture grain which has been deprecated.
diff --git a/changelog/62915.deprecated.md b/changelog/62915.deprecated.md
deleted file mode 100644
index b17d168b3b2f..000000000000
--- a/changelog/62915.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Removing deprecated utils/boto3_elasticsearch.py
diff --git a/changelog/62917.deprecated.md b/changelog/62917.deprecated.md
deleted file mode 100644
index 0b0f522a84b3..000000000000
--- a/changelog/62917.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Removing support for the now deprecated _ext_nodes from salt/master.py.
diff --git a/changelog/62933.fixed.md b/changelog/62933.fixed.md
deleted file mode 100644
index 1b34722a729b..000000000000
--- a/changelog/62933.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Restored channel for Syndic minions to send job returns to the Salt master.
diff --git a/changelog/62934.fixed.md b/changelog/62934.fixed.md
deleted file mode 100644
index 7a12ce3dd5c6..000000000000
--- a/changelog/62934.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies.
diff --git a/changelog/62937.fixed.md b/changelog/62937.fixed.md
deleted file mode 100644
index 09af559e1ec4..000000000000
--- a/changelog/62937.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang
diff --git a/changelog/62940.fixed.md b/changelog/62940.fixed.md
deleted file mode 100644
index 1bb38d7a71f7..000000000000
--- a/changelog/62940.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab.
diff --git a/changelog/62942.fixed.md b/changelog/62942.fixed.md
deleted file mode 100644
index f11a010d5889..000000000000
--- a/changelog/62942.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix systemd_service.* functions hard code relative command name
diff --git a/changelog/62953.fixed.md b/changelog/62953.fixed.md
deleted file mode 100644
index df38b5c4ab01..000000000000
--- a/changelog/62953.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix file.symlink backupname operation can copy remote contents to local disk
diff --git a/changelog/62968.fixed.md b/changelog/62968.fixed.md
deleted file mode 100644
index 891c319c4230..000000000000
--- a/changelog/62968.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts
diff --git a/changelog/62977.fixed.md b/changelog/62977.fixed.md
deleted file mode 100644
index da2b640a6400..000000000000
--- a/changelog/62977.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed gpg_passphrase issue with gpg decrypt/encrypt functions
diff --git a/changelog/62978.added.md b/changelog/62978.added.md
deleted file mode 100644
index 3262ce53a0b5..000000000000
--- a/changelog/62978.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added output and bare functionality to export_key gpg module function
diff --git a/changelog/62983.added.md b/changelog/62983.added.md
deleted file mode 100644
index 673c9f2239ad..000000000000
--- a/changelog/62983.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add keyvalue serializer for environment files
diff --git a/changelog/62986.fixed.md b/changelog/62986.fixed.md
deleted file mode 100644
index e2e5c1b029aa..000000000000
--- a/changelog/62986.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix file.tidied FileNotFoundError
diff --git a/changelog/62988.fixed.md b/changelog/62988.fixed.md
deleted file mode 100644
index b525e2f38ac8..000000000000
--- a/changelog/62988.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed bug where module.wait states were detected as running legacy module.run syntax
diff --git a/changelog/62993.fixed.md b/changelog/62993.fixed.md
deleted file mode 100644
index de6e8dca6e74..000000000000
--- a/changelog/62993.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start
diff --git a/changelog/63012.changed.md b/changelog/63012.changed.md
deleted file mode 100644
index ab5dfae2f380..000000000000
--- a/changelog/63012.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`.
diff --git a/changelog/63013.fixed.md b/changelog/63013.fixed.md
deleted file mode 100644
index 28cd29c7f372..000000000000
--- a/changelog/63013.fixed.md
+++ /dev/null
@@ -1,3 +0,0 @@
-The `__opts__` dunder dictionary is now added to the loader's `pack` if not
-already present, which makes it accessible via the
-`salt.loader.context.NamedLoaderContext` class.
diff --git a/changelog/63024.fixed.md b/changelog/63024.fixed.md
deleted file mode 100644
index e3544b9bc146..000000000000
--- a/changelog/63024.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts
diff --git a/changelog/63025.fixed.md b/changelog/63025.fixed.md
deleted file mode 100644
index 11546d63bb17..000000000000
--- a/changelog/63025.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix btrfs.subvolume_snapshot command failing
diff --git a/changelog/63033.fixed.md b/changelog/63033.fixed.md
deleted file mode 100644
index 11687bd183c3..000000000000
--- a/changelog/63033.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix file.retention_schedule always reports changes
diff --git a/changelog/63042.added.md b/changelog/63042.added.md
deleted file mode 100644
index 2999b8fcb91c..000000000000
--- a/changelog/63042.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add ability to ignore symlinks in file.tidied
diff --git a/changelog/63050.changed.md b/changelog/63050.changed.md
deleted file mode 100644
index c8323b39ab8a..000000000000
--- a/changelog/63050.changed.md
+++ /dev/null
@@ -1,5 +0,0 @@
-netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
-By default all clients will now be disabled. Users of salt-api will need
-to update their master config to enable the clients that they use. Not adding
-the netapi_enable_clients option with required clients to the master config will
-disable salt-api.
diff --git a/changelog/63058.fixed.md b/changelog/63058.fixed.md
deleted file mode 100644
index aab3c539bc06..000000000000
--- a/changelog/63058.fixed.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix mongo authentication for mongo ext_pillar and mongo returner
-
-This fix also include the ability to use the mongo connection string for mongo ext_pillar
diff --git a/changelog/63067.added.md b/changelog/63067.added.md
deleted file mode 100644
index bd99632107bd..000000000000
--- a/changelog/63067.added.md
+++ /dev/null
@@ -1 +0,0 @@
-salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials'
diff --git a/changelog/63081.added.md b/changelog/63081.added.md
deleted file mode 100644
index feafc9a70bff..000000000000
--- a/changelog/63081.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix running fast tests twice and add git labels to suite.
diff --git a/changelog/63093.added.md b/changelog/63093.added.md
deleted file mode 100644
index 1a401125088c..000000000000
--- a/changelog/63093.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add ability for file.symlink to not set ownership on existing links
diff --git a/changelog/63095.added.md b/changelog/63095.added.md
deleted file mode 100644
index 1802d356fd49..000000000000
--- a/changelog/63095.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation
diff --git a/changelog/63095.deprecated.md b/changelog/63095.deprecated.md
deleted file mode 100644
index d652a377be00..000000000000
--- a/changelog/63095.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine.
diff --git a/changelog/63098.added.md b/changelog/63098.added.md
deleted file mode 100644
index db6ef8d4f580..000000000000
--- a/changelog/63098.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add functions that will return the underlying block device, mount point, and filesystem type for a given path
diff --git a/changelog/63103.fixed.md b/changelog/63103.fixed.md
deleted file mode 100644
index 65595f61ff8a..000000000000
--- a/changelog/63103.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module.
diff --git a/changelog/63120.fixed.md b/changelog/63120.fixed.md
deleted file mode 100644
index 80ed0d754e37..000000000000
--- a/changelog/63120.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-TCP transport documentation now contains proper master/minion-side filtering information
diff --git a/changelog/63128.added.md b/changelog/63128.added.md
deleted file mode 100644
index edbc81fb4817..000000000000
--- a/changelog/63128.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add ethtool execution and state module functions for pause
diff --git a/changelog/63131.added.md b/changelog/63131.added.md
deleted file mode 100644
index 3376c7e97cd7..000000000000
--- a/changelog/63131.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add boardname grain
diff --git a/changelog/63145.fixed.md b/changelog/63145.fixed.md
deleted file mode 100644
index 2e38588344c1..000000000000
--- a/changelog/63145.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed gpg.verify does not respect gnupghome
diff --git a/changelog/63148.fixed.md b/changelog/63148.fixed.md
deleted file mode 100644
index fa7516ce0740..000000000000
--- a/changelog/63148.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-User responsible for the runner is now correctly reported in the events on the event bus for the runner.
diff --git a/changelog/63208.fixed.md b/changelog/63208.fixed.md
deleted file mode 100644
index e8ee88a7b1a1..000000000000
--- a/changelog/63208.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Made pillar cache pass extra minion data as well
diff --git a/changelog/63231.fixed.md b/changelog/63231.fixed.md
deleted file mode 100644
index cda743d7bc4a..000000000000
--- a/changelog/63231.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix serious performance issues with the file.tidied module
diff --git a/changelog/63248.added.md b/changelog/63248.added.md
deleted file mode 100644
index 5c72116f0558..000000000000
--- a/changelog/63248.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement.
diff --git a/changelog/63249.added.md b/changelog/63249.added.md
deleted file mode 100644
index 0b56b2146f23..000000000000
--- a/changelog/63249.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement.
diff --git a/changelog/63315.added.md b/changelog/63315.added.md
deleted file mode 100644
index 950abc93277b..000000000000
--- a/changelog/63315.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted.
diff --git a/changelog/63316.added.md b/changelog/63316.added.md
deleted file mode 100644
index 253308c8ec1b..000000000000
--- a/changelog/63316.added.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
-This allows users to enable state_events on a per use basis rather than having to
-enable them globally for all state runs.
diff --git a/changelog/63317.fixed.md b/changelog/63317.fixed.md
deleted file mode 100644
index 8059d90b12d0..000000000000
--- a/changelog/63317.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number.
diff --git a/changelog/63350.fixed.md b/changelog/63350.fixed.md
deleted file mode 100644
index a544d15d1e43..000000000000
--- a/changelog/63350.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available
diff --git a/changelog/63356.added.md b/changelog/63356.added.md
deleted file mode 100644
index 994e7a70d573..000000000000
--- a/changelog/63356.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Allow max queue size setting for state runs to prevent performance problems from queue growth
diff --git a/changelog/63383.changed.md b/changelog/63383.changed.md
deleted file mode 100644
index d0553dc06241..000000000000
--- a/changelog/63383.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string.
diff --git a/changelog/63383.deprecated.md b/changelog/63383.deprecated.md
deleted file mode 100644
index 5131a151314d..000000000000
--- a/changelog/63383.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-`salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`.
diff --git a/changelog/63577.fixed.md b/changelog/63577.fixed.md
deleted file mode 100644
index ddc2ce0cf1c4..000000000000
--- a/changelog/63577.fixed.md
+++ /dev/null
@@ -1,2 +0,0 @@
-``service.status`` on Windows does no longer throws a CommandExecutionError if
-the service is not found on the system. It now returns "Not Found" instead.
diff --git a/changelog/63590.fixed.md b/changelog/63590.fixed.md
deleted file mode 100644
index 0b7ea3dae4a8..000000000000
--- a/changelog/63590.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended.
diff --git a/changelog/63595.changed.md b/changelog/63595.changed.md
deleted file mode 100644
index ab38a24a4a5e..000000000000
--- a/changelog/63595.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Set enable_fqdns_grains to be False by default.
diff --git a/changelog/63596.fixed.md b/changelog/63596.fixed.md
deleted file mode 100644
index 38c412786a01..000000000000
--- a/changelog/63596.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-LGPO: Added support for "Relax minimum password length limits"
diff --git a/changelog/63606.added.md b/changelog/63606.added.md
deleted file mode 100644
index 563eed173f85..000000000000
--- a/changelog/63606.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add support of exposing meta_server_grains for Azure VMs
diff --git a/changelog/63650.fixed.md b/changelog/63650.fixed.md
deleted file mode 100644
index 2b7d3010ce3b..000000000000
--- a/changelog/63650.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (``delete_after``)
diff --git a/changelog/63699.fixed.md b/changelog/63699.fixed.md
deleted file mode 100644
index 9a125c959c49..000000000000
--- a/changelog/63699.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now.
diff --git a/changelog/63710.changed.md b/changelog/63710.changed.md
deleted file mode 100644
index 799e0a7aafa3..000000000000
--- a/changelog/63710.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file.
diff --git a/changelog/63724.fixed.md b/changelog/63724.fixed.md
deleted file mode 100644
index ac12302e88e1..000000000000
--- a/changelog/63724.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-have salt.template.compile_template_str cleanup its temp files.
diff --git a/changelog/63729.fixed.md b/changelog/63729.fixed.md
deleted file mode 100644
index 0c6aff3b508c..000000000000
--- a/changelog/63729.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Check file is not empty before attempting to read pillar disk cache file
diff --git a/changelog/63742.fixed.md b/changelog/63742.fixed.md
deleted file mode 100644
index 0358da151615..000000000000
--- a/changelog/63742.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed an issue with generating fingerprints for public keys with different line endings
diff --git a/changelog/63747.fixed.md b/changelog/63747.fixed.md
deleted file mode 100644
index d1664e3557c7..000000000000
--- a/changelog/63747.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Add `fileserver_interval` and `maintenance_interval` master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won't leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master's memory usage in check.
diff --git a/changelog/63779.fixed.md b/changelog/63779.fixed.md
deleted file mode 100644
index 08e7fa44f6e2..000000000000
--- a/changelog/63779.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779)
diff --git a/changelog/63806.fixed.md b/changelog/63806.fixed.md
deleted file mode 100644
index f4c5ec384320..000000000000
--- a/changelog/63806.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org.
diff --git a/changelog/63827.added.md b/changelog/63827.added.md
deleted file mode 100644
index 08c3acdb0501..000000000000
--- a/changelog/63827.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Include the version of `relenv` in the versions report.
diff --git a/changelog/63835.fixed.md b/changelog/63835.fixed.md
deleted file mode 100644
index 78709b4e74dc..000000000000
--- a/changelog/63835.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-fix cherrypy 400 error output to be less generic.
diff --git a/changelog/63847.fixed.md b/changelog/63847.fixed.md
deleted file mode 100644
index 430ee039d273..000000000000
--- a/changelog/63847.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Ensure kwargs is passed along to _call_apt when passed into install function.
diff --git a/changelog/63866.added.md b/changelog/63866.added.md
deleted file mode 100644
index 4aa7872dedc4..000000000000
--- a/changelog/63866.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Added debug log messages displaying the command being run when removing packages on Windows
diff --git a/changelog/63874.removed.md b/changelog/63874.removed.md
deleted file mode 100644
index 2760e312667f..000000000000
--- a/changelog/63874.removed.md
+++ /dev/null
@@ -1 +0,0 @@
-Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004.
diff --git a/changelog/63879.fixed.md b/changelog/63879.fixed.md
deleted file mode 100644
index 149567a41fa3..000000000000
--- a/changelog/63879.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-remove eval and update logging to be more informative on bad config
diff --git a/changelog/63882.security.md b/changelog/63882.security.md
deleted file mode 100644
index 90374cb28396..000000000000
--- a/changelog/63882.security.md
+++ /dev/null
@@ -1,9 +0,0 @@
-Upgrade Requirements Due to Security Issues.
-
-* Upgrade to `cryptography>=39.0.1` due to:
-  * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
-  * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
-* Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade.
-* Update to `markdown-it-py==2.2.0` due to:
-  * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3
-  * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8
diff --git a/changelog/63883.changed.md b/changelog/63883.changed.md
deleted file mode 100644
index 4e98d1d946fb..000000000000
--- a/changelog/63883.changed.md
+++ /dev/null
@@ -1 +0,0 @@
-Upgraded to `relenv==0.9.0`
diff --git a/changelog/63904.fixed.md b/changelog/63904.fixed.md
deleted file mode 100644
index 8aff8d12b509..000000000000
--- a/changelog/63904.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-add linux_distribution to util to stop dep warning
diff --git a/changelog/63920.fixed.md b/changelog/63920.fixed.md
deleted file mode 100644
index 73dc95fa9026..000000000000
--- a/changelog/63920.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix valuerror when trying to close fileclient. Remove usage of __del__ and close the filclient properly.
diff --git a/changelog/63923.fixed.md b/changelog/63923.fixed.md
deleted file mode 100644
index 21c93161ac72..000000000000
--- a/changelog/63923.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available.
diff --git a/changelog/63929.fixed.md b/changelog/63929.fixed.md
deleted file mode 100644
index db802ce2c257..000000000000
--- a/changelog/63929.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Clarifying documentation for extension_modules configuration option.
diff --git a/changelog/63935.fixed.md b/changelog/63935.fixed.md
deleted file mode 100644
index 565a7559af5f..000000000000
--- a/changelog/63935.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Windows pkg module now properly handles versions containing strings
diff --git a/changelog/63948.fixed.md b/changelog/63948.fixed.md
deleted file mode 100644
index 77e1f524b2d3..000000000000
--- a/changelog/63948.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function.
diff --git a/changelog/63956.added.md b/changelog/63956.added.md
deleted file mode 100644
index 4624d0a3b6e6..000000000000
--- a/changelog/63956.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used.
diff --git a/changelog/63981.fixed.md b/changelog/63981.fixed.md
deleted file mode 100644
index 5bf4755be682..000000000000
--- a/changelog/63981.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows
diff --git a/changelog/64023.added.md b/changelog/64023.added.md
deleted file mode 100644
index 90af8c2e4b0d..000000000000
--- a/changelog/64023.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add --next-release argument to salt/version.py, which prints the next upcoming release.
diff --git a/changelog/64063.fixed.md b/changelog/64063.fixed.md
deleted file mode 100644
index 257d5ebbaf40..000000000000
--- a/changelog/64063.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Hardened permissions on workers.ipc and master_event_pub.ipc.
diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1
index 07c0e5e989a3..0935a743675c 100644
--- a/doc/man/salt-api.1
+++ b/doc/man/salt-api.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-API" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-API" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .sp
diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1
index 5562ee3ba2e8..f81101ae0033 100644
--- a/doc/man/salt-call.1
+++ b/doc/man/salt-call.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CALL" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-CALL" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .SH SYNOPSIS
diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1
index baec7121eaf5..c0bc776c4f1e 100644
--- a/doc/man/salt-cloud.1
+++ b/doc/man/salt-cloud.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CLOUD" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-CLOUD" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .sp
diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1
index 7670169a63b8..c9cfd69ba8b0 100644
--- a/doc/man/salt-cp.1
+++ b/doc/man/salt-cp.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CP" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-CP" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .sp
diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1
index c381dd2a87f2..0ff7822c6f9e 100644
--- a/doc/man/salt-key.1
+++ b/doc/man/salt-key.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-KEY" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-KEY" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .SH SYNOPSIS
diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1
index 1cd78d9d357c..8eb527cadf3d 100644
--- a/doc/man/salt-master.1
+++ b/doc/man/salt-master.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MASTER" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-MASTER" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .sp
diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1
index 57f3d9c5bad2..32421a3f24ff 100644
--- a/doc/man/salt-minion.1
+++ b/doc/man/salt-minion.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MINION" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-MINION" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .sp
diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1
index dac6f9e5d62a..57084cc61019 100644
--- a/doc/man/salt-proxy.1
+++ b/doc/man/salt-proxy.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-PROXY" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-PROXY" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .sp
diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1
index b87059d9a445..69b75f768540 100644
--- a/doc/man/salt-run.1
+++ b/doc/man/salt-run.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-RUN" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-RUN" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .sp
diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1
index cd9573302ba7..d3d9749f5310 100644
--- a/doc/man/salt-ssh.1
+++ b/doc/man/salt-ssh.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SSH" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-SSH" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .SH SYNOPSIS
diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1
index 0848560f5d68..9480755a145b 100644
--- a/doc/man/salt-syndic.1
+++ b/doc/man/salt-syndic.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SYNDIC" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT-SYNDIC" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .sp
diff --git a/doc/man/salt.1 b/doc/man/salt.1
index 8888b6af466d..0d522736c30a 100644
--- a/doc/man/salt.1
+++ b/doc/man/salt.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt \- salt
 .SH SYNOPSIS
diff --git a/doc/man/salt.7 b/doc/man/salt.7
index eead0f9a7f24..7a08e3aac1bd 100644
--- a/doc/man/salt.7
+++ b/doc/man/salt.7
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "7" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SALT" "7" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .SH SALT PROJECT
@@ -1301,7 +1301,7 @@ Now you can run your tests:
 .sp
 .nf
 .ft C
-python \-m nox \-e \(dqpytest\-3.7(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py
+python \-m nox \-e \(dqtest\-3(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py
 .ft P
 .fi
 .UNINDENT
@@ -1316,13 +1316,48 @@ this:
 .sp
 .nf
 .ft C
-python \-m nox \-e \(dqpytest\-3.7(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py; espeak \(dqTests done, woohoo!\(dq
+python \-m nox \-e \(dqtest\-3(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py; espeak \(dqTests done, woohoo!\(dq
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 That way you don\(aqt have to keep monitoring the actual test run.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+python \-m nox \-e \(dqtest\-3(coverage=False)\(dq \-\- \-\-core\-tests
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+You can enable or disable test groups locally by passing their respected flag:
+.INDENT 0.0
+.IP \(bu 2
+\-\-no\-fast\-tests \- Tests that are ~10s or faster. Fast tests make up ~75% of tests and can run in 10 to 20 minutes.
+.IP \(bu 2
+\-\-slow\-tests \- Tests that are ~10s or slower.
+.IP \(bu 2
+\-\-core\-tests \- Tests of any speed that test the root parts of salt.
+.IP \(bu 2
+\-\-flaky\-jail \- Test that need to be temporarily skipped.
+.UNINDENT
+.sp
+In Your PR, you can enable or disable test groups by setting a label.
+All fast, slow, and core tests specified in the change file will always run.
+.INDENT 0.0
+.IP \(bu 2
+test:no\-fast
+.IP \(bu 2
+test:core
+.IP \(bu 2
+test:slow
+.IP \(bu 2
+test:flaky\-jail
+.UNINDENT
 .SS Changelog and commit!
 .sp
 When you write your commit message you should use imperative style. Do
@@ -1957,9 +1992,27 @@ Set the default timeout for the salt command and api.
 .sp
 Default: \fB60\fP
 .sp
-The loop_interval option controls the seconds for the master\(aqs maintenance
+The loop_interval option controls the seconds for the master\(aqs Maintenance
 process check cycle. This process updates file server backends, cleans the
 job cache and executes the scheduler.
+.SS \fBmaintenance_interval\fP
+.sp
+New in version 3006.0.
+
+.sp
+Default: \fB3600\fP
+.sp
+Defines how often to restart the master\(aqs Maintenance process.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+maintenance_interval: 9600
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
 .SS \fBoutput\fP
 .sp
 Default: \fBnested\fP
@@ -6217,6 +6270,24 @@ s3fs_update_interval: 120
 .fi
 .UNINDENT
 .UNINDENT
+.SS \fBfileserver_interval\fP
+.sp
+New in version 3006.0.
+
+.sp
+Default: \fB3600\fP
+.sp
+Defines how often to restart the master\(aqs FilesServerUpdate process.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+fileserver_interval: 9600
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
 .SS Pillar Configuration
 .SS \fBpillar_roots\fP
 .sp
@@ -19830,6 +19901,13 @@ specifying both the file path and the environment to search. The
 individual environments can span across multiple directory roots
 to create overlays and to allow for files to be organized in many flexible
 ways.
+.SS Periodic Restarts
+.sp
+The file server will restart periodically. The reason for this is to prevent any
+files erver backends which may not properly handle resources from endlessly
+consuming memory. A notable example of this is using a git backend with the
+pygit2 library. How often the file server restarts can be controlled with the
+\fBfileserver_interval\fP in your master\(aqs config file.
 .SS Environments
 .sp
 The Salt file server defaults to the mandatory \fBbase\fP environment. This
@@ -31280,6 +31358,10 @@ A Python data structure
 .SS salt.renderers.mako
 .sp
 Mako Renderer for Salt
+.sp
+This renderer requires the Mako library.
+.sp
+To install Mako, do the following:
 .INDENT 0.0
 .TP
 .B salt.renderers.mako.render(template_file, saltenv=\(aqbase\(aq, sls=\(aq\(aq, context=None, tmplpath=None, **kws)
@@ -50514,6 +50596,98 @@ def test_issue_58763_a(tmp_path, modules, state_tree, caplog):
 .fi
 .UNINDENT
 .UNINDENT
+.SS Test Groups
+.sp
+Salt has four groups
+.INDENT 0.0
+.IP \(bu 2
+fast \- Tests that are ~10s or faster. Fast tests make up ~75% of tests and can run in 10 to 20 minutes.
+.IP \(bu 2
+slow \- Tests that are ~10s or slower.
+.IP \(bu 2
+core \- Tests of any speed that test the root parts of salt.
+.IP \(bu 2
+flaky\-jail \- Test that need to be temporarily skipped.
+.UNINDENT
+.sp
+Pytest Decorators
+.INDENT 0.0
+.IP \(bu 2
+@pytest.mark.slow_test
+.IP \(bu 2
+@pytest.mark.core_test
+.IP \(bu 2
+@pytest.mark.flaky_jail
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+@pytest.mark.core_test
+def test_ping(self):
+    \(dq\(dq\(dq
+    test.ping
+    \(dq\(dq\(dq
+    self.assertTrue(self.run_function(\(dqtest.ping\(dq))
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+You can also mark all the tests in file.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+pytestmark = [
+    pytest.mark.core_test,
+]
+
+
+def test_ping(self):
+    \(dq\(dq\(dq
+    test.ping
+    \(dq\(dq\(dq
+    self.assertTrue(self.run_function(\(dqtest.ping\(dq))
+
+
+def test_ping2(self):
+    \(dq\(dq\(dq
+    test.ping
+    \(dq\(dq\(dq
+    for _ in range(10):
+        self.assertTrue(self.run_function(\(dqtest.ping\(dq))
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+You can enable or disable test groups locally by passing there respected flag:
+.INDENT 0.0
+.IP \(bu 2
+\-\-no\-fast\-tests
+.IP \(bu 2
+\-\-slow\-tests
+.IP \(bu 2
+\-\-core\-tests
+.IP \(bu 2
+\-\-flaky\-jail
+.UNINDENT
+.sp
+In Your PR you can enable or disable test groups by setting a label.
+All thought the fast, slow and core tests specified in the change file will always run.
+.INDENT 0.0
+.IP \(bu 2
+test:no\-fast
+.IP \(bu 2
+test:slow
+.IP \(bu 2
+test:core
+.IP \(bu 2
+test:flaky\-jail
+.UNINDENT
 .SS Automated Test Runs
 .sp
 SaltStack maintains a Jenkins server which can be viewed at
@@ -57424,6 +57598,34 @@ test:
 .UNINDENT
 .UNINDENT
 
+.sp
+Changed in version 3006.0: Since the \fBunless\fP requisite utilizes \fBcmd.retcode\fP, certain parameters
+included in the state are passed along to \fBcmd.retcode\fP\&.  On occasion this
+can cause issues, particularly if the \fBshell\fP option in a \fBuser.present\fP
+is set to /sbin/nologin and this shell is passed along to \fBcmd.retcode\fP\&.
+This would cause \fBcmd.retcode\fP to run the command using that shell which
+would fail regardless of the result of the command.
+.sp
+By including \fBshell\fP in \fBcmd_opts_exclude\fP, that parameter would not be
+passed along to the call to \fBcmd.retcode\fP\&.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+jim_nologin:
+  user.present:
+    \- name: jim
+    \- shell: /sbin/nologin
+    \- unless:
+      \- echo hello world
+    \- cmd_opts_exclude:
+      \- shell
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+
 .SS onlyif
 .sp
 New in version 2014.7.0.
@@ -57533,6 +57735,34 @@ test:
 .UNINDENT
 .UNINDENT
 
+.sp
+Changed in version 3006.0: Since the \fBonlyif\fP requisite utilizes \fBcmd.retcode\fP, certain parameters
+included in the state are passed along to \fBcmd.retcode\fP\&.  On occasion this
+can cause issues, particularly if the \fBshell\fP option in a \fBuser.present\fP
+is set to /sbin/nologin and this shell is passed along to \fBcmd.retcode\fP\&.
+This would cause \fBcmd.retcode\fP to run the command using that shell which
+would fail regardless of the result of the command.
+.sp
+By including \fBshell\fP in \fBcmd_opts_exclude\fP, that parameter would not be
+passed along to the call to \fBcmd.retcode\fP\&.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+jim_nologin:
+  user.present:
+    \- name: jim
+    \- shell: /sbin/nologin
+    \- onlyif:
+      \- echo hello world
+    \- cmd_opts_exclude:
+      \- shell
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+
 .SS Creates
 .sp
 New in version 3001.
@@ -84894,7 +85124,7 @@ Fetch Native Python Build:
 .sp
 .nf
 .ft C
-relenv fetch \-\-python=<pythonversion>
+relenv fetch \-\-python=<python\-version>
 .ft P
 .fi
 .UNINDENT
@@ -84910,7 +85140,7 @@ Create relenv environment:
 .sp
 .nf
 .ft C
-relenv create \-\-python=3.10.10 <relenv name>
+relenv create \-\-python=<python\-version> <relenv\-package\-path>
 .ft P
 .fi
 .UNINDENT
@@ -84926,7 +85156,7 @@ Add Salt into onedir.
 .sp
 .nf
 .ft C
-path/to/<relenv\-name>/bin/pip install /path/to/salt
+<relenv\-package\-path>/bin/pip install /path/to/salt
 .ft P
 .fi
 .UNINDENT
@@ -84945,17 +85175,13 @@ Install the dependencies:
 .sp
 .nf
 .ft C
-yum \-y install python3 python3\-pip openssl git rpmdevtools rpmlint systemd\-units libxcrypt\-compat git
+yum \-y install python3 python3\-pip openssl git rpmdevtools rpmlint systemd\-units libxcrypt\-compat git gnupg2 jq createrepo rpm\-sign rustc cargo epel\-release
+yum \-y install patchelf
+pip install awscli
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
-.UNINDENT
-.UNINDENT
-.IP 2. 3
-(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies:
-.INDENT 3.0
-.INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
@@ -84966,6 +85192,12 @@ pip install \-r requirements/static/ci/py{python_version}/tools.txt
 .fi
 .UNINDENT
 .UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies:
+.INDENT 3.0
+.INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
@@ -84987,7 +85219,7 @@ Ensure you are in the current Salt cloned git repo:
 .sp
 .nf
 .ft C
-cd salt
+cd <path\-to\-salt\-repo>
 .ft P
 .fi
 .UNINDENT
@@ -85003,7 +85235,7 @@ cd salt
 .sp
 .nf
 .ft C
-tools changelog update\-rpm <salt version>
+tools changelog update\-rpm <salt\-version>
 .ft P
 .fi
 .UNINDENT
@@ -85011,15 +85243,16 @@ tools changelog update\-rpm <salt version>
 .UNINDENT
 .UNINDENT
 .IP 5. 3
-Run rpmbuild in the Salt repo:
+Build the RPM:
 .INDENT 3.0
 .INDENT 3.5
+Only the arch argument is required, the rest are optional.
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
-rpmbuild \-bb \-\-define=\(dq_salt_src $(pwd)\(dq $(pwd)/pkg/rpm/salt.spec
+tools pkg build rpm \-\-relenv\-version <relenv\-version> \-\-python\-version <python\-version> \-\-arch <arch>
 .ft P
 .fi
 .UNINDENT
@@ -85038,17 +85271,11 @@ Install the dependencies:
 .sp
 .nf
 .ft C
-apt install \-y bash\-completion build\-essential debhelper devscripts git patchelf python3 python3\-pip python3\-venv rustc
+apt install \-y apt\-utils gnupg jq awscli python3 python3\-venv python3\-pip build\-essential devscripts debhelper bash\-completion git patchelf rustc
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
-.UNINDENT
-.UNINDENT
-.IP 2. 3
-(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies:
-.INDENT 3.0
-.INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
@@ -85059,6 +85286,12 @@ pip install \-r requirements/static/ci/py{python_version}/tools.txt
 .fi
 .UNINDENT
 .UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+(Optional) To build a specific Salt version, you will need to install changelog dependencies:
+.INDENT 3.0
+.INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
@@ -85080,7 +85313,7 @@ Ensure you are in the current Salt cloned git repo.:
 .sp
 .nf
 .ft C
-cd salt
+cd <path\-to\-salt\-repo>
 .ft P
 .fi
 .UNINDENT
@@ -85096,7 +85329,7 @@ cd salt
 .sp
 .nf
 .ft C
-tools changelog update\-deb <salt version>
+tools changelog update\-deb <salt\-version>
 .ft P
 .fi
 .UNINDENT
@@ -85104,16 +85337,16 @@ tools changelog update\-deb <salt version>
 .UNINDENT
 .UNINDENT
 .IP 5. 3
-Add a symlink and run debuild in the Salt repo:
+Build the deb package:
 .INDENT 3.0
 .INDENT 3.5
+Only the arch argument is required, the rest are optional.
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
-ln \-sf pkg/debian/ .
-debuild \-uc \-us
+tools pkg build deb \-\-relenv\-version <relenv\-version> \-\-python\-version <python\-version> \-\-arch <arch>
 .ft P
 .fi
 .UNINDENT
@@ -193696,7 +193929,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.0rc3\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
+.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.0\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .INDENT 7.0
@@ -329175,6 +329408,9 @@ values is returned.
 .sp
 Changed in version 2018.3.0: The service name can now be a glob (e.g. \fBsalt*\fP)
 
+.sp
+Changed in version 3006.0: Returns \(dqNot Found\(dq if the service is not found on the system
+
 .INDENT 7.0
 .TP
 .B Parameters
@@ -329183,6 +329419,7 @@ Changed in version 2018.3.0: The service name can now be a glob (e.g. \fBsalt*\f
 .B Returns
 True if running, False otherwise
 dict: Maps service name to True if running, False otherwise
+str: Not Found if the service is not found on the system
 .TP
 .B Return type
 \fI\%bool\fP
@@ -466355,7 +466592,7 @@ Now you can run your tests:
 .sp
 .nf
 .ft C
-python \-m nox \-e \(dqpytest\-3.7(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py
+python \-m nox \-e \(dqtest\-3(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py
 .ft P
 .fi
 .UNINDENT
@@ -466370,13 +466607,48 @@ this:
 .sp
 .nf
 .ft C
-python \-m nox \-e \(dqpytest\-3.7(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py; espeak \(dqTests done, woohoo!\(dq
+python \-m nox \-e \(dqtest\-3(coverage=False)\(dq \-\- tests/unit/cli/test_batch.py; espeak \(dqTests done, woohoo!\(dq
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
 .sp
 That way you don\(aqt have to keep monitoring the actual test run.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+python \-m nox \-e \(dqtest\-3(coverage=False)\(dq \-\- \-\-core\-tests
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+You can enable or disable test groups locally by passing their respected flag:
+.INDENT 0.0
+.IP \(bu 2
+\-\-no\-fast\-tests \- Tests that are ~10s or faster. Fast tests make up ~75% of tests and can run in 10 to 20 minutes.
+.IP \(bu 2
+\-\-slow\-tests \- Tests that are ~10s or slower.
+.IP \(bu 2
+\-\-core\-tests \- Tests of any speed that test the root parts of salt.
+.IP \(bu 2
+\-\-flaky\-jail \- Test that need to be temporarily skipped.
+.UNINDENT
+.sp
+In Your PR, you can enable or disable test groups by setting a label.
+All fast, slow, and core tests specified in the change file will always run.
+.INDENT 0.0
+.IP \(bu 2
+test:no\-fast
+.IP \(bu 2
+test:core
+.IP \(bu 2
+test:slow
+.IP \(bu 2
+test:flaky\-jail
+.UNINDENT
 .SS Changelog and commit!
 .sp
 When you write your commit message you should use imperative style. Do
@@ -468142,6 +468414,78 @@ changes outside of the salt directory
 .UNINDENT
 .UNINDENT
 .UNINDENT
+.SS Release Notes
+.sp
+You can edit the release notes to highlight a new feature being added
+to a given release. The release notes are templatized with Jinja and
+are generated at release time.
+.SS How do I edit the release notes
+.sp
+To edit the release notes you need to look in doc/topics/releases/templates
+for your given release and edit the template. Do not edit the release note
+files in doc/topics/releases/, as this will be written over with the content
+in the template file. For example, if you want to add content to the 3006.0
+release notes you would edit the doc/topics/releases/templates/3006.0.md.template
+file. Do not edit the changelog portion of the template file, since that is
+auto generated with the content generated for the changelog for each release.
+.SS How to generate the release notes
+.sp
+This step is only used when we need to generate the release notes before releasing.
+You should NOT need to run these steps as they are ran in the pipeline, but this
+is documented so you can test your changes to the release notes template.
+.sp
+To generate the release notes requires the \fItools\fP command. The instructions below
+will detail how to install and use \fItools\fP\&.
+.SS Installing \fItools\fP
+.sp
+To view the output the release notes will produce before generating them
+you can run \fItools\fP in draft mode:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+tools changelog update\-release\-notes \-\-draft
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+To generate the release notes just remove the \fI\-\-draft\fP argument:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+tools changelog update\-release\-notes
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+To specify a specific Salt version you add that version as an argument:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+tools changelog update\-release\-notes 3006.0
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+To only generate the template for a new release
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+tools changelog update\-release\-notes \-\-template\-only
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
 .SS Reporting Bugs
 .sp
 Salt uses GitHub to track open issues and feature requests.
@@ -475484,7 +475828,7 @@ about the version numbering scheme.
 .UNINDENT
 .SS Upcoming release
 (release\-3006.0)=
-.SS Salt 3006.0 release notes \- Codename Sulfur
+.SS Salt 3006.0 release notes
 .SS Onedir packaging
 .sp
 Going forward from the 3006.0 release, the Salt Project will only provide onedir
@@ -475492,6 +475836,34 @@ packages to install or upgrade Salt. The classic, non\-onedir packages will not
 be provided for supported operating systems. See \fI\%Upgrade to onedir\fP
 in the \fI\%Salt Install Guide\fP for information about upgrading from the classic packages to the onedir
 packages.
+.SS Linux Packaging Salt Master Salt User and Group
+.sp
+The linux Salt Master packages will now add a Salt user and group
+by default. The packages will add the \fBuser: salt\fP config option
+to the Salt Master config. The Salt Master service will run as this
+user. If you do not want to run the Salt Master as a different user
+you can remove the \fBuser: salt\fP config from /etc/salt/master or change
+the user to the desired user to run the Salt Master.
+.sp
+Since the Salt Master is running as a different user, you will need
+to ensure you set the owner and group to \fBsalt\fP for your file_roots
+and pillar_roots(commonly \fB/srv/salt\fP and \fB/srv/pillar\fP).
+.sp
+If you are running a Salt Master, Salt\-Api and a Salt Minion on the same
+host using the new \fBsalt\fP user and you install a pip dependency into
+the onedir environment using \fBsalt\-pip\fP or the \fBpip\fP module, you
+need to to chown the directory \fB/opt/saltstack/salt/lib/<python_version>/site\-packages/\fP
+with the \fBsalt\fP user and group.
+.SS Caveat of salt\-pip
+.sp
+Salt ships with a wrapper script around pip called \fBsalt\-pip\fP\&. Users should
+use \fBsalt\-pip\fP to install any python packages needed to extend Salt.
+\fBsalt\-pip\fP installs python packages into an \fBextras\-3.10\fP directory located
+in the root of the ondir directory, by setting the \fB\-\-target\fP argument for
+pip. This ensures those packages remain installed when upgrading Salt. There is
+a known bug in pip when using \fB\-\-target\fP where scripts and other non\-python
+assets may not be cleaned up properly when un\-installing.  The Salt team is
+working to resolve this bug in the up\-stream pip project.
 .SS Dropping support for Python 3.5 and 3.6
 .sp
 Python 3.5 and 3.6 will no longer be supported by Salt since they
@@ -475502,7 +475874,8 @@ for more information.
 .sp
 All netapi clients, which provide the functionality to \fBsalt\-api\fP, will now
 be disabled by default as a security precaution. If you use \fBsalt\-api\fP, you
-must add the new \fBnetapi_enable_clients\fP option to your salt master config.This is a breaking change and the \fBsalt\-api\fP will not function without this
+must add the new \fBnetapi_enable_clients\fP option to your salt master config.
+This is a breaking change and the \fBsalt\-api\fP will not function without this
 new configuration option. See \fI\%Enabling netapi client interfaces\fP
 for more information.
 .SS How do I migrate to the onedir packages?
@@ -475559,6 +475932,8 @@ Removed the PyObjC dependency.
 This addresses problems with building a one dir build for macOS.
 It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
 Since it\(aqs currently not being used, it\(aqs removed. \fI\%#62432\fP
+.IP \(bu 2
+Removed \fBSixRedirectImporter\fP from Salt. Salt hasn\(aqt shipped \fBsix\fP since Salt 3004. \fI\%#63874\fP
 .UNINDENT
 .SS Deprecated
 .INDENT 0.0
@@ -475627,6 +476002,8 @@ Stop relying on \fBsalt/_version.py\fP to write Salt\(aqs version. Instead use \
 Set enable_fqdns_grains to be False by default. \fI\%#63595\fP
 .IP \(bu 2
 Changelog snippet files must now have a \fB\&.md\fP file extension to be more explicit on what type of rendering is done when they are included in the main \fBCHANGELOG.md\fP file. \fI\%#63710\fP
+.IP \(bu 2
+Upgraded to \fBrelenv==0.9.0\fP \fI\%#63883\fP
 .UNINDENT
 .SS Fixed
 .INDENT 0.0
@@ -475918,6 +476295,8 @@ Change startup ReqServer log messages from error to info level. \fI\%#62728\fP
 .IP \(bu 2
 Fix kmod.* functions hard code relative command name \fI\%#62772\fP
 .IP \(bu 2
+Remove mako as a dependency in Windows and macOS. \fI\%#62785\fP
+.IP \(bu 2
 Fix mac_brew_pkg to work with null taps \fI\%#62793\fP
 .IP \(bu 2
 Fixing a bug when listing the running schedule if \(dqschedule.enable\(dq and/or \(dqschedule.disable\(dq has been run, where the \(dqenabled\(dq items is being treated as a schedule item. \fI\%#62795\fP
@@ -475987,17 +476366,60 @@ TCP transport documentation now contains proper master/minion\-side filtering in
 .IP \(bu 2
 Fixed gpg.verify does not respect gnupghome \fI\%#63145\fP
 .IP \(bu 2
+User responsible for the runner is now correctly reported in the events on the event bus for the runner. \fI\%#63148\fP
+.IP \(bu 2
 Made pillar cache pass extra minion data as well \fI\%#63208\fP
 .IP \(bu 2
 Fix serious performance issues with the file.tidied module \fI\%#63231\fP
 .IP \(bu 2
+Fix rpm_lowpkg version comparison logic when using rpm\-vercmp and only one version has a release number. \fI\%#63317\fP
+.IP \(bu 2
 Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available \fI\%#63350\fP
 .IP \(bu 2
+\fBservice.status\fP on Windows does no longer throws a CommandExecutionError if
+the service is not found on the system. It now returns \(dqNot Found\(dq instead. \fI\%#63577\fP
+.IP \(bu 2
 When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. \fI\%#63590\fP
 .IP \(bu 2
 LGPO: Added support for \(dqRelax minimum password length limits\(dq \fI\%#63596\fP
 .IP \(bu 2
+Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (\fBdelete_after\fP) \fI\%#63650\fP
+.IP \(bu 2
+When a job is disabled only increase it\(aqs _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. \fI\%#63699\fP
+.IP \(bu 2
+have salt.template.compile_template_str cleanup its temp files. \fI\%#63724\fP
+.IP \(bu 2
 Check file is not empty before attempting to read pillar disk cache file \fI\%#63729\fP
+.IP \(bu 2
+Fixed an issue with generating fingerprints for public keys with different line endings \fI\%#63742\fP
+.IP \(bu 2
+Add \fBfileserver_interval\fP and \fBmaintenance_interval\fP master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won\(aqt leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master\(aqs memory usage in check. \fI\%#63747\fP
+.IP \(bu 2
+mac_xattr.list and mac_xattr.read will replace undecode\-able bytes to avoid raising CommandExecutionError. \fI\%#63779\fP \fI\%#63779\fP
+.IP \(bu 2
+Change default GPG keyserver from \fI\%pgp.mit.edu\fP to \fI\%keys.openpgp.org\fP\&. \fI\%#63806\fP
+.IP \(bu 2
+fix cherrypy 400 error output to be less generic. \fI\%#63835\fP
+.IP \(bu 2
+Ensure kwargs is passed along to _call_apt when passed into install function. \fI\%#63847\fP
+.IP \(bu 2
+remove eval and update logging to be more informative on bad config \fI\%#63879\fP
+.IP \(bu 2
+add linux_distribution to util to stop dep warning \fI\%#63904\fP
+.IP \(bu 2
+Fix valuerror when trying to close fileclient. Remove usage of \fBdel\fP and close the filclient properly. \fI\%#63920\fP
+.IP \(bu 2
+Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. \fI\%#63923\fP
+.IP \(bu 2
+Clarifying documentation for extension_modules configuration option. \fI\%#63929\fP
+.IP \(bu 2
+Windows pkg module now properly handles versions containing strings \fI\%#63935\fP
+.IP \(bu 2
+Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn\(aqt used by that function. \fI\%#63948\fP
+.IP \(bu 2
+Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows \fI\%#63981\fP
+.IP \(bu 2
+Hardened permissions on workers.ipc and master_event_pub.ipc. \fI\%#64063\fP
 .UNINDENT
 .SS Added
 .INDENT 0.0
@@ -476101,596 +476523,7 @@ Add ability to ignore symlinks in file.tidied \fI\%#63042\fP
 .IP \(bu 2
 salt\-cloud support IMDSv2 tokens when using \(aquse\-instance\-role\-credentials\(aq \fI\%#63067\fP
 .IP \(bu 2
-Add ability for file.symlink to not set ownership on existing links \fI\%#63093\fP
-.IP \(bu 2
-Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation \fI\%#63095\fP
-.IP \(bu 2
-Add functions that will return the underlying block device, mount point, and filesystem type for a given path \fI\%#63098\fP
-.IP \(bu 2
-Add ethtool execution and state module functions for pause \fI\%#63128\fP
-.IP \(bu 2
-Add boardname grain \fI\%#63131\fP
-.IP \(bu 2
-Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63248\fP
-.IP \(bu 2
-Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63249\fP
-.IP \(bu 2
-Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. \fI\%#63315\fP
-.IP \(bu 2
-Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
-This allows users to enable state_events on a per use basis rather than having to
-enable them globally for all state runs. \fI\%#63316\fP
-.IP \(bu 2
-Allow max queue size setting for state runs to prevent performance problems from queue growth \fI\%#63356\fP
-.IP \(bu 2
-Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP
-.UNINDENT
-.SS Changelog
-.SS Removed
-.INDENT 0.0
-.IP \(bu 2
-Remove and deprecate the \fBorchestration\fP key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. \fI\%#59917\fP
-.IP \(bu 2
-Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 \fI\%#60476\fP
-.IP \(bu 2
-Removed \fBruntests\fP targets from \fBnoxfile.py\fP \fI\%#62239\fP
-.IP \(bu 2
-Removed the PyObjC dependency.
-.sp
-This addresses problems with building a one dir build for macOS.
-It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
-Since it\(aqs currently not being used, it\(aqs removed. \fI\%#62432\fP
-.IP \(bu 2
-Removed \fBSixRedirectImporter\fP from Salt. Salt hasn\(aqt shipped \fBsix\fP since Salt 3004. \fI\%#63874\fP
-.UNINDENT
-.SS Deprecated
-.INDENT 0.0
-.IP \(bu 2
-renamed \fBkeep_jobs\fP, specifying job cache TTL in hours, to \fBkeep_jobs_seconds\fP, specifying TTL in seconds.
-\fBkeep_jobs\fP will be removed in the Argon release \fI\%#55295\fP
-.IP \(bu 2
-Removing all references to napalm\-base which is no longer supported. \fI\%#61542\fP
-.IP \(bu 2
-The \(aqip_bracket\(aq function has been moved from salt/utils/zeromq.py in salt/utils/network.py \fI\%#62009\fP
-.IP \(bu 2
-The \fBexpand_repo_def\fP function in \fBsalt.modules.aptpkg\fP is now deprecated. It\(aqs only used in \fBsalt.states.pkgrepo\fP and it has no use of being exposed to the CLI. \fI\%#62485\fP
-.IP \(bu 2
-Deprecated defunct Django returner \fI\%#62644\fP
-.IP \(bu 2
-Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions \fI\%#62754\fP
-.IP \(bu 2
-Removing manufacture grain which has been deprecated. \fI\%#62914\fP
-.IP \(bu 2
-Removing deprecated utils/boto3_elasticsearch.py \fI\%#62915\fP
-.IP \(bu 2
-Removing support for the now deprecated _ext_nodes from salt/master.py. \fI\%#62917\fP
-.IP \(bu 2
-Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. \fI\%#63095\fP
-.IP \(bu 2
-\fBsalt.utils.version.StrictVersion\fP is now deprecated and it\(aqs use should be replaced with \fBsalt.utils.version.Version\fP\&. \fI\%#63383\fP
-.UNINDENT
-.SS Changed
-.INDENT 0.0
-.IP \(bu 2
-More intelligent diffing in changes of file.serialize state. \fI\%#48609\fP
-.IP \(bu 2
-Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. \fI\%#49430\fP
-.IP \(bu 2
-\fBumask\fP is now a global state argument, instead of only applying to \fBcmd\fP
-states. \fI\%#57803\fP
-.IP \(bu 2
-Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. \fI\%#58971\fP
-.IP \(bu 2
-Improve support for listing macOS brew casks \fI\%#59439\fP
-.IP \(bu 2
-Add missing MariaDB Grants to mysql module.
-MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
-Also improved exception handling in \fBgrant_add\fP which did not log the original error message and replaced it with a generic error. \fI\%#61409\fP
-.IP \(bu 2
-Use VENV_PIP_TARGET environment variable as a default target for pip if present. \fI\%#62089\fP
-.IP \(bu 2
-Disabled FQDNs grains on macOS by default \fI\%#62168\fP
-.IP \(bu 2
-Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated \fI\%#62218\fP
-.IP \(bu 2
-Enhance capture of error messages for Zypper calls in zypperpkg module. \fI\%#62346\fP
-.IP \(bu 2
-Removed GPG_1_3_1 check \fI\%#62895\fP
-.IP \(bu 2
-Requisite state chunks now all consistently contain \fB__id__\fP, \fB__sls__\fP and \fBname\fP\&. \fI\%#63012\fP
-.IP \(bu 2
-netapi_enable_clients option to allow enabling/disabling of clients in salt\-api.
-By default all clients will now be disabled. Users of salt\-api will need
-to update their master config to enable the clients that they use. Not adding
-the netapi_enable_clients option with required clients to the master config will
-disable salt\-api. \fI\%#63050\fP
-.IP \(bu 2
-Stop relying on \fBsalt/_version.py\fP to write Salt\(aqs version. Instead use \fBsalt/_version.txt\fP which only contains the version string. \fI\%#63383\fP
-.IP \(bu 2
-Set enable_fqdns_grains to be False by default. \fI\%#63595\fP
-.IP \(bu 2
-Changelog snippet files must now have a \fB\&.md\fP file extension to be more explicit on what type of rendering is done when they are included in the main \fBCHANGELOG.md\fP file. \fI\%#63710\fP
-.UNINDENT
-.SS Fixed
-.INDENT 0.0
-.IP \(bu 2
-Add kwargs to handle extra parameters for http.query \fI\%#36138\fP
-.IP \(bu 2
-Fix mounted bind mounts getting active mount options added \fI\%#39292\fP
-.IP \(bu 2
-Fix \fBsysctl.present\fP converts spaces to tabs. \fI\%#40054\fP
-.IP \(bu 2
-Fixes state pkg.purged to purge removed packages on Debian family systems \fI\%#42306\fP
-.IP \(bu 2
-Fix fun_args missing from syndic returns \fI\%#45823\fP
-.IP \(bu 2
-Fix mount.mounted with \(aqmount: False\(aq reports unmounted file system as unchanged when running with test=True \fI\%#47201\fP
-.IP \(bu 2
-Issue #49310: Allow users to touch a file with Unix date of birth \fI\%#49310\fP
-.IP \(bu 2
-Do not raise an exception in pkg.info_installed on nonzero return code \fI\%#51620\fP
-.IP \(bu 2
-Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read\-only attribute are handled. \fI\%#51739\fP
-.IP \(bu 2
-Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#52167\fP
-.IP \(bu 2
-Don\(aqt check for cached pillar errors on state.apply \fI\%#52354\fP, \fI\%#57180\fP, \fI\%#59339\fP
-.IP \(bu 2
-Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. \fI\%#52400\fP
-.IP \(bu 2
-Ensure when we\(aqre adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. \fI\%#53353\fP
-.IP \(bu 2
-When user_create or user_remove fail, return False instead of returning the error. \fI\%#53377\fP
-.IP \(bu 2
-Include sync_roster when sync_all is called. \fI\%#53914\fP
-.IP \(bu 2
-Avoid warning noise in lograte.get \fI\%#53988\fP
-.IP \(bu 2
-Fixed listing revoked keys with gpg.list_keys \fI\%#54347\fP
-.IP \(bu 2
-Fix mount.mounted does not handle blanks properly \fI\%#54508\fP
-.IP \(bu 2
-Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. \fI\%#54682\fP
-.IP \(bu 2
-Fix spelling error for python_shell argument in dpkg_lower module \fI\%#54907\fP
-.IP \(bu 2
-Cleaned up bytes response data before sending to non\-bytes compatible returners (postgres, mysql) \fI\%#55226\fP
-.IP \(bu 2
-Fixed malformed state return when testing file.managed with unavailable source file \fI\%#55269\fP
-.IP \(bu 2
-Included stdout in error message for Zypper calls in zypperpkg module. \fI\%#56016\fP
-.IP \(bu 2
-Fixed pillar.filter_by with salt\-ssh \fI\%#56093\fP
-.IP \(bu 2
-Fix boto_route53 issue with (multiple) VPCs. \fI\%#57139\fP
-.IP \(bu 2
-Remove log from mine runner which was not used. \fI\%#57463\fP
-.IP \(bu 2
-Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#57535\fP
-.IP \(bu 2
-Updating Slack engine to use slack_bolt library. \fI\%#57842\fP
-.IP \(bu 2
-Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. \fI\%#58165\fP
-.IP \(bu 2
-Fix salt.modules.pip:is_installed doesn\(aqt handle locally installed packages \fI\%#58202\fP
-.IP \(bu 2
-Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. \fI\%#58297\fP
-.IP \(bu 2
-linux_shadow: Fix cases where malformed shadow entries cause \fBuser.present\fP
-states to fail. \fI\%#58423\fP
-.IP \(bu 2
-Fixed salt.utils.compat.cmp to work with dictionaries \fI\%#58729\fP
-.IP \(bu 2
-Fixed formatting for terse output mode \fI\%#58953\fP
-.IP \(bu 2
-Fixed RecursiveDictDiffer with added nested dicts \fI\%#59017\fP
-.IP \(bu 2
-Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59169\fP
-.IP \(bu 2
-Fixed saltnado websockets disconnecting immediately \fI\%#59183\fP
-.IP \(bu 2
-Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59315\fP
-.IP \(bu 2
-Fix postgres_privileges.present not idempotent for functions \fI\%#59585\fP
-.IP \(bu 2
-Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. \fI\%#59766\fP
-.IP \(bu 2
-Warn when using insecure (http:// based) key_urls for apt\-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. \fI\%#59786\fP
-.IP \(bu 2
-add load balancing policy default option and ensure the module can be executed with arguments from CLI \fI\%#59909\fP
-.IP \(bu 2
-Fix salt\-ssh when using imports with extra\-filerefs. \fI\%#60003\fP
-.IP \(bu 2
-Fixed cache directory corruption startup error \fI\%#60170\fP
-.IP \(bu 2
-Update docs remove dry_run in docstring of file.blockreplace state. \fI\%#60227\fP
-.IP \(bu 2
-Adds Parrot to OS_Family_Map in grains. \fI\%#60249\fP
-.IP \(bu 2
-Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions \fI\%#60365\fP
-.IP \(bu 2
-Use return code in iptables \-\-check to verify rule exists. \fI\%#60467\fP
-.IP \(bu 2
-Fix regression pip.installed does not pass env_vars when calling pip.list \fI\%#60557\fP
-.IP \(bu 2
-Fix xfs module when additional output included in mkfs.xfs command. \fI\%#60853\fP
-.IP \(bu 2
-Fixed parsing new format of terraform states in roster.terraform \fI\%#60915\fP
-.IP \(bu 2
-Fixed recognizing installed ARMv7 rpm packages in compatible architectures. \fI\%#60994\fP
-.IP \(bu 2
-Fixing changes dict in pkg state to be consistent when installing and test=True. \fI\%#60995\fP
-.IP \(bu 2
-Fix cron.present duplicating entries when changing timespec to special. \fI\%#60997\fP
-.IP \(bu 2
-Made salt\-ssh respect \-\-wipe again \fI\%#61083\fP
-.IP \(bu 2
-state.orchestrate_single only passes a pillar if it is set to the state
-function. This allows it to be used with state functions that don\(aqt accept a
-pillar keyword argument. \fI\%#61092\fP
-.IP \(bu 2
-Fix ipset state when the comment kwarg is set. \fI\%#61122\fP
-.IP \(bu 2
-Fix issue with archive.unzip where the password was not being encoded for the extract function \fI\%#61422\fP
-.IP \(bu 2
-Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
-Mint, Pop!_OS, Rocky Linux) report different \fBoscodename\fP, \fBosfullname\fP,
-\fBosfinger\fP grains if lsb\-release is installed or not. They have been changed to
-only derive these OS grains from \fB/etc/os\-release\fP\&. \fI\%#61618\fP
-.IP \(bu 2
-Pop!_OS uses the full version (\fI\%YY.MM\fP) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. \fI\%#61619\fP
-.IP \(bu 2
-Fix ssh config roster to correctly parse the ssh config files that contain spaces. \fI\%#61650\fP
-.IP \(bu 2
-Fix SoftLayer configuration not raising an exception when a domain is missing \fI\%#61727\fP
-.IP \(bu 2
-Allow the minion to start or salt\-call to run even if the user doesn\(aqt have permissions to read the root_dir value from the registry \fI\%#61789\fP
-.IP \(bu 2
-Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. \fI\%#61805\fP
-.IP \(bu 2
-Fixed malformed state return when merge\-serializing to an improperly formatted file \fI\%#61814\fP
-.IP \(bu 2
-Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) \fI\%#61816\fP
-.IP \(bu 2
-When deleting the vault cache, also delete from the session cache \fI\%#61821\fP
-.IP \(bu 2
-Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. \fI\%#61827\fP
-.IP \(bu 2
-win_lgpo: Display conflicting policy names when more than one policy is found \fI\%#61859\fP
-.IP \(bu 2
-win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy \fI\%#61860\fP
-.IP \(bu 2
-Fixed listing minions on OpenBSD \fI\%#61966\fP
-.IP \(bu 2
-Make Salt to return an error on \(dqpkg\(dq modules and states when targeting duplicated package names \fI\%#62019\fP
-.IP \(bu 2
-Fix return of REST\-returned permissions when auth_list is set \fI\%#62022\fP
-.IP \(bu 2
-Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. \fI\%#62029\fP
-.IP \(bu 2
-Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() \fI\%#62030\fP
-.IP \(bu 2
-Fix attr=all handling in pkg.list_pkgs() (yum/zypper). \fI\%#62032\fP
-.IP \(bu 2
-Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap \fI\%#62053\fP
-.IP \(bu 2
-Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias \fI\%#62058\fP
-.IP \(bu 2
-Fix ordering of args to libcloud_storage.download_object module \fI\%#62074\fP
-.IP \(bu 2
-Ignore extend declarations in sls files that are excluded. \fI\%#62082\fP
-.IP \(bu 2
-Remove leftover usage of impacket \fI\%#62101\fP
-.IP \(bu 2
-Pass executable path from _get_path_exec() is used when calling the program.
-The $HOME env is no longer modified globally.
-Only trailing newlines are stripped from the fetched secret.
-Pass process arguments are handled in a secure way. \fI\%#62120\fP
-.IP \(bu 2
-Ignore some command return codes in openbsdrcctl_service to prevent spurious errors \fI\%#62131\fP
-.IP \(bu 2
-Fixed extra period in filename output in tls module. Instead of \(dqserver.crt.\(dq it will now be \(dqserver.crt\(dq. \fI\%#62139\fP
-.IP \(bu 2
-Make sure lingering PAexec\-*.exe files in the Windows directory are cleaned up \fI\%#62152\fP
-.IP \(bu 2
-Restored Salt\(aqs DeprecationWarnings \fI\%#62185\fP
-.IP \(bu 2
-Fixed issue with forward slashes on Windows with file.recurse and clean=True \fI\%#62197\fP
-.IP \(bu 2
-Recognize OSMC as Debian\-based \fI\%#62198\fP
-.IP \(bu 2
-Fixed Zypper module failing on RPM lock file being temporarily unavailable. \fI\%#62204\fP
-.IP \(bu 2
-Improved error handling and diagnostics in the proxmox salt\-cloud driver \fI\%#62211\fP
-.IP \(bu 2
-Added EndeavourOS to the Arch os_family. \fI\%#62220\fP
-.IP \(bu 2
-Fix salt\-ssh not detecting \fBplatform\-python\fP as a valid interpreter on EL8 \fI\%#62235\fP
-.IP \(bu 2
-Fix pkg.version_cmp on openEuler and a few other os flavors. \fI\%#62248\fP
-.IP \(bu 2
-Fix localhost detection in glusterfs.peers \fI\%#62273\fP
-.IP \(bu 2
-Fix Salt Package Manager (SPM) exception when calling spm create_repo . \fI\%#62281\fP
-.IP \(bu 2
-Fix matcher slowness due to loader invocation \fI\%#62283\fP
-.IP \(bu 2
-Fixes the Puppet module for non\-aio Puppet packages for example running the Puppet module on FreeBSD. \fI\%#62323\fP
-.IP \(bu 2
-Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect \fI\%#62334\fP
-.IP \(bu 2
-Fix pyobjects renderer access to opts and sls \fI\%#62336\fP
-.IP \(bu 2
-Fix use of random shuffle and sample functions as Jinja filters \fI\%#62372\fP
-.IP \(bu 2
-Fix groups with duplicate GIDs are not returned by get_group_list \fI\%#62377\fP
-.IP \(bu 2
-Fix the \(dqzpool.present\(dq state when enabling zpool features that are already active. \fI\%#62390\fP
-.IP \(bu 2
-Fix ability to execute remote file client methods in saltcheck \fI\%#62398\fP
-.IP \(bu 2
-Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x \fI\%#62400\fP
-.IP \(bu 2
-Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. \fI\%#62405\fP
-.IP \(bu 2
-When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren\(aqt actually changes since the prereq state did not run. \fI\%#62408\fP
-.IP \(bu 2
-Added directory mode for file.copy with makedirs \fI\%#62426\fP
-.IP \(bu 2
-Provide better error handling in the various napalm proxy minion functions when the device is not accessible. \fI\%#62435\fP
-.IP \(bu 2
-When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don\(aqt need to attempt to load them everytime. \fI\%#62439\fP
-.IP \(bu 2
-The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module \fI\%#62451\fP
-.IP \(bu 2
-sysctl.persist now updates the in\-memory value on FreeBSD even if the on\-disk value was already correct. \fI\%#62461\fP
-.IP \(bu 2
-Fixed parsing CDROM apt sources \fI\%#62474\fP
-.IP \(bu 2
-Update sanitizing masking for Salt SSH to include additional password like strings. \fI\%#62483\fP
-.IP \(bu 2
-Fix user/group checking on file state functions in the test mode. \fI\%#62499\fP
-.IP \(bu 2
-Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. \fI\%#62502\fP
-.IP \(bu 2
-Fix possible tracebacks if there is a package with \(aq\-\-\-\-\-\-\(aq or \(aq======\(aq in the description is installed on the Debian based minion. \fI\%#62519\fP
-.IP \(bu 2
-Fixed the omitted \(dqpool\(dq parameter when cloning a VM with the proxmox salt\-cloud driver \fI\%#62521\fP
-.IP \(bu 2
-Fix rendering of pyobjects states in saltcheck \fI\%#62523\fP
-.IP \(bu 2
-Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt \fI\%#62527\fP
-.IP \(bu 2
-Use str() method instead of repo_line for when python3\-apt is installed or not in \fI\%aptpkg.py\fP\&. \fI\%#62546\fP
-.IP \(bu 2
-Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to \fBcontext\fP[\(dqnetmiko_device\(dq][\(dqargs\(dq] which is passed along to the Netmiko library. \fI\%#62547\fP
-.IP \(bu 2
-Fix order specific mount.mounted options for persist \fI\%#62556\fP
-.IP \(bu 2
-Fixed salt\-cloud cloning a proxmox VM with a specified new vmid. \fI\%#62558\fP
-.IP \(bu 2
-Fix runas with cmd module when using the onedir bundled packages \fI\%#62565\fP
-.IP \(bu 2
-Update setproctitle version for all platforms \fI\%#62576\fP
-.IP \(bu 2
-Fixed missing parameters when cloning a VM with the proxmox salt\-cloud driver \fI\%#62580\fP
-.IP \(bu 2
-Handle PermissionError when importing crypt when FIPS is enabled. \fI\%#62587\fP
-.IP \(bu 2
-Correctly reraise exceptions in states.http \fI\%#62595\fP
-.IP \(bu 2
-Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. \fI\%#62618\fP
-.IP \(bu 2
-updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. \fI\%#62624\fP
-.IP \(bu 2
-Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline \fI\%#62633\fP
-.IP \(bu 2
-Fixed vault ext pillar return data for KV v2 \fI\%#62651\fP
-.IP \(bu 2
-Fix saltcheck _get_top_states doesn\(aqt pass saltenv to state.show_top \fI\%#62654\fP
-.IP \(bu 2
-Fix groupadd.* functions hard code relative command name \fI\%#62657\fP
-.IP \(bu 2
-Fixed pdbedit.create trying to use a bytes\-like hash as string. \fI\%#62670\fP
-.IP \(bu 2
-Fix depenency on legacy boto module in boto3 modules \fI\%#62672\fP
-.IP \(bu 2
-Modified \(dq_get_flags\(dq function so that it returns regex flags instead of integers \fI\%#62676\fP
-.IP \(bu 2
-Change startup ReqServer log messages from error to info level. \fI\%#62728\fP
-.IP \(bu 2
-Fix kmod.* functions hard code relative command name \fI\%#62772\fP
-.IP \(bu 2
-Fix mac_brew_pkg to work with null taps \fI\%#62793\fP
-.IP \(bu 2
-Fixing a bug when listing the running schedule if \(dqschedule.enable\(dq and/or \(dqschedule.disable\(dq has been run, where the \(dqenabled\(dq items is being treated as a schedule item. \fI\%#62795\fP
-.IP \(bu 2
-Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode \fI\%#62817\fP
-.IP \(bu 2
-Include UID and GID checks in modules.file.check_perms as well as comparing
-ownership by username and group name. \fI\%#62818\fP
-.IP \(bu 2
-Fix presence events on TCP transport by removing a client\(aqs presence when minion disconnects from publish channel correctly \fI\%#62826\fP
-.IP \(bu 2
-Remove Azure deprecation messages from functions that always run w/ salt\-cloud \fI\%#62845\fP
-.IP \(bu 2
-Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 \fI\%#62854\fP
-.IP \(bu 2
-Fixed master job scheduler using when \fI\%#62858\fP
-.IP \(bu 2
-LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding \fI\%#62873\fP
-.IP \(bu 2
-Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. \fI\%#62878\fP
-.IP \(bu 2
-Fixed dockermod version_info function for docker\-py 6.0.0+ \fI\%#62882\fP
-.IP \(bu 2
-Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. \fI\%#62886\fP
-.IP \(bu 2
-Updating various MongoDB module functions to work with latest version of pymongo. \fI\%#62900\fP
-.IP \(bu 2
-Restored channel for Syndic minions to send job returns to the Salt master. \fI\%#62933\fP
-.IP \(bu 2
-removed _resolve_deps as it required a library that is not generally avalible. and switched to apt\-get for everything as that can auto resolve dependencies. \fI\%#62934\fP
-.IP \(bu 2
-Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt\-minion/salt\-call to hang \fI\%#62937\fP
-.IP \(bu 2
-Allow root user to modify crontab lines for non\-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. \fI\%#62940\fP
-.IP \(bu 2
-Fix systemd_service.* functions hard code relative command name \fI\%#62942\fP
-.IP \(bu 2
-Fix file.symlink backupname operation can copy remote contents to local disk \fI\%#62953\fP
-.IP \(bu 2
-Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts \fI\%#62968\fP
-.IP \(bu 2
-Fixed gpg_passphrase issue with gpg decrypt/encrypt functions \fI\%#62977\fP
-.IP \(bu 2
-Fix file.tidied FileNotFoundError \fI\%#62986\fP
-.IP \(bu 2
-Fixed bug where module.wait states were detected as running legacy module.run syntax \fI\%#62988\fP
-.IP \(bu 2
-Fixed issue with win_wua module where it wouldn\(aqt load if the CryptSvc was set to Manual start \fI\%#62993\fP
-.IP \(bu 2
-The \fB__opts__\fP dunder dictionary is now added to the loader\(aqs \fBpack\fP if not
-already present, which makes it accessible via the
-\fBsalt.loader.context.NamedLoaderContext\fP class. \fI\%#63013\fP
-.IP \(bu 2
-Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts \fI\%#63024\fP
-.IP \(bu 2
-Fix btrfs.subvolume_snapshot command failing \fI\%#63025\fP
-.IP \(bu 2
-Fix file.retention_schedule always reports changes \fI\%#63033\fP
-.IP \(bu 2
-Fix mongo authentication for mongo ext_pillar and mongo returner
-.sp
-This fix also include the ability to use the mongo connection string for mongo ext_pillar \fI\%#63058\fP
-.IP \(bu 2
-Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. \fI\%#63103\fP
-.IP \(bu 2
-TCP transport documentation now contains proper master/minion\-side filtering information \fI\%#63120\fP
-.IP \(bu 2
-Fixed gpg.verify does not respect gnupghome \fI\%#63145\fP
-.IP \(bu 2
-Made pillar cache pass extra minion data as well \fI\%#63208\fP
-.IP \(bu 2
-Fix serious performance issues with the file.tidied module \fI\%#63231\fP
-.IP \(bu 2
-Fix rpm_lowpkg version comparison logic when using rpm\-vercmp and only one version has a release number. \fI\%#63317\fP
-.IP \(bu 2
-Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available \fI\%#63350\fP
-.IP \(bu 2
-When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. \fI\%#63590\fP
-.IP \(bu 2
-LGPO: Added support for \(dqRelax minimum password length limits\(dq \fI\%#63596\fP
-.IP \(bu 2
-When a job is disabled only increase it\(aqs _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. \fI\%#63699\fP
-.IP \(bu 2
-Check file is not empty before attempting to read pillar disk cache file \fI\%#63729\fP
-.IP \(bu 2
-fix cherrypy 400 error output to be less generic. \fI\%#63835\fP
-.IP \(bu 2
-remove eval and update logging to be more informative on bad config \fI\%#63879\fP
-.UNINDENT
-.SS Added
-.INDENT 0.0
-.IP \(bu 2
-Introduce a \fBLIB_STATE_DIR\fP syspaths variable which defaults to \fBCONFIG_DIR\fP,
-but can be individually customized during installation by specifying
-\fB\-\-salt\-lib\-state\-dir\fP during installation. Change the default \fBpki_dir\fP to
-\fB<LIB_STATE_DIR>/pki/master\fP (for the master) and \fB<LIB_STATE_DIR>/pki/minion\fP
-(for the minion). \fI\%#3396\fP
-.IP \(bu 2
-Allow users to enable \(aqqueue=True\(aq for all state runs via config file \fI\%#31468\fP
-.IP \(bu 2
-Added pillar templating to vault policies \fI\%#43287\fP
-.IP \(bu 2
-Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray \fI\%#51088\fP
-.IP \(bu 2
-A new salt\-ssh roster that generates a roster by parses a known_hosts file. \fI\%#54679\fP
-.IP \(bu 2
-Added Windows Event Viewer support \fI\%#54713\fP
-.IP \(bu 2
-Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file \fI\%#56013\fP
-.IP \(bu 2
-Added resource tagging functions to boto_dynamodb execution module \fI\%#57500\fP
-.IP \(bu 2
-Added \fBopenvswitch_db\fP state module and functions \fBbridge_to_parent\fP,
-\fBbridge_to_vlan\fP, \fBdb_get\fP, and \fBdb_set\fP to the \fBopenvswitch\fP execution module.
-Also added optional \fBparent\fP and \fBvlan\fP parameters to the
-\fBopenvswitch_bridge.present\fP state module function and the
-\fBopenvswitch.bridge_create\fP execution module function. \fI\%#58986\fP
-.IP \(bu 2
-State module to manage SysFS attributes \fI\%#60154\fP
-.IP \(bu 2
-Added ability for \fBsalt.wait_for_event\fP to handle \fBevent_id\fPs that have a list value. \fI\%#60430\fP
-.IP \(bu 2
-Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) \fI\%#60518\fP
-.IP \(bu 2
-Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. \fI\%#60700\fP
-.IP \(bu 2
-Added .0 back to our versioning scheme for future versions (e.g. 3006.0) \fI\%#60722\fP
-.IP \(bu 2
-Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. \fI\%#61153\fP
-.IP \(bu 2
-Added node label support for GCE \fI\%#61245\fP
-.IP \(bu 2
-Support the \-\-priority flag when adding sources to Chocolatey. \fI\%#61319\fP
-.IP \(bu 2
-Add namespace option to ext_pillar.http_json \fI\%#61335\fP
-.IP \(bu 2
-Added a filter function to ps module to get a list of processes on a minion according to their state. \fI\%#61420\fP
-.IP \(bu 2
-Add postgres.timeout option to postgres module for limiting postgres query times \fI\%#61433\fP
-.IP \(bu 2
-Added new optional vault option, \fBconfig_location\fP\&. This can be either \fBmaster\fP or \fBlocal\fP and defines where vault will look for connection details, either requesting them from the master or using the local config. \fI\%#61857\fP
-.IP \(bu 2
-Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. \fI\%#61931\fP
-.IP \(bu 2
-\(aqtcp\(aq transport is now available in ipv6\-only network \fI\%#62009\fP
-.IP \(bu 2
-Add \fBdiff_attr\fP parameter to pkg.upgrade() (zypper/yum). \fI\%#62031\fP
-.IP \(bu 2
-Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
-Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
-Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
-Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. \fI\%#62120\fP
-.IP \(bu 2
-Add file.pruned state and expanded file.rmdir exec module functionality \fI\%#62178\fP
-.IP \(bu 2
-Added \(dqdig.PTR\(dq function to resolve PTR records for IPs, as well as tests and documentation \fI\%#62275\fP
-.IP \(bu 2
-Added the ability to remove a KB using the DISM state/execution modules \fI\%#62366\fP
-.IP \(bu 2
-Add \(dq python\(dq subcommand to allow execution or arbitrary scripts via bundled Python runtime \fI\%#62381\fP
-.IP \(bu 2
-Add ability to provide conditions which convert normal state actions to no\-op when true \fI\%#62446\fP
-.IP \(bu 2
-Added debug log messages displaying the command being run when installing packages on Windows \fI\%#62480\fP
-.IP \(bu 2
-Add biosvendor grain \fI\%#62496\fP
-.IP \(bu 2
-Add ifelse Jinja function as found in CFEngine \fI\%#62508\fP
-.IP \(bu 2
-Implementation of Amazon EC2 instance detection and setting \fBvirtual_subtype\fP grain accordingly including the product if possible to identify. \fI\%#62539\fP
-.IP \(bu 2
-Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack \fI\%#62578\fP
-.IP \(bu 2
-Increase file.tidied flexibility with regard to age and size \fI\%#62678\fP
-.IP \(bu 2
-Added \(dqconnected_devices\(dq feature to netbox pillar module. It contains extra information about devices connected to the minion \fI\%#62761\fP
-.IP \(bu 2
-Add atomic file operation for symlink changes \fI\%#62768\fP
-.IP \(bu 2
-Add password/account locking/unlocking in user.present state on supported operating systems \fI\%#62856\fP
-.IP \(bu 2
-Added onchange configuration for script engine \fI\%#62867\fP
-.IP \(bu 2
-Added output and bare functionality to export_key gpg module function \fI\%#62978\fP
-.IP \(bu 2
-Add keyvalue serializer for environment files \fI\%#62983\fP
-.IP \(bu 2
-Add ability to ignore symlinks in file.tidied \fI\%#63042\fP
-.IP \(bu 2
-salt\-cloud support IMDSv2 tokens when using \(aquse\-instance\-role\-credentials\(aq \fI\%#63067\fP
+Fix running fast tests twice and add git labels to suite. \fI\%#63081\fP
 .IP \(bu 2
 Add ability for file.symlink to not set ownership on existing links \fI\%#63093\fP
 .IP \(bu 2
@@ -476719,625 +476552,10 @@ Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP
 Include the version of \fBrelenv\fP in the versions report. \fI\%#63827\fP
 .IP \(bu 2
 Added debug log messages displaying the command being run when removing packages on Windows \fI\%#63866\fP
-.UNINDENT
-.SS Changelog
-.SS Removed
-.INDENT 0.0
-.IP \(bu 2
-Remove and deprecate the \fBorchestration\fP key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. \fI\%#59917\fP
 .IP \(bu 2
-Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 \fI\%#60476\fP
+Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used. \fI\%#63956\fP
 .IP \(bu 2
-Removed \fBruntests\fP targets from \fBnoxfile.py\fP \fI\%#62239\fP
-.IP \(bu 2
-Removed the PyObjC dependency.
-.sp
-This addresses problems with building a one dir build for macOS.
-It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
-Since it\(aqs currently not being used, it\(aqs removed. \fI\%#62432\fP
-.IP \(bu 2
-Removed \fBSixRedirectImporter\fP from Salt. Salt hasn\(aqt shipped \fBsix\fP since Salt 3004. \fI\%#63874\fP
-.UNINDENT
-.SS Deprecated
-.INDENT 0.0
-.IP \(bu 2
-renamed \fBkeep_jobs\fP, specifying job cache TTL in hours, to \fBkeep_jobs_seconds\fP, specifying TTL in seconds.
-\fBkeep_jobs\fP will be removed in the Argon release \fI\%#55295\fP
-.IP \(bu 2
-Removing all references to napalm\-base which is no longer supported. \fI\%#61542\fP
-.IP \(bu 2
-The \(aqip_bracket\(aq function has been moved from salt/utils/zeromq.py in salt/utils/network.py \fI\%#62009\fP
-.IP \(bu 2
-The \fBexpand_repo_def\fP function in \fBsalt.modules.aptpkg\fP is now deprecated. It\(aqs only used in \fBsalt.states.pkgrepo\fP and it has no use of being exposed to the CLI. \fI\%#62485\fP
-.IP \(bu 2
-Deprecated defunct Django returner \fI\%#62644\fP
-.IP \(bu 2
-Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions \fI\%#62754\fP
-.IP \(bu 2
-Removing manufacture grain which has been deprecated. \fI\%#62914\fP
-.IP \(bu 2
-Removing deprecated utils/boto3_elasticsearch.py \fI\%#62915\fP
-.IP \(bu 2
-Removing support for the now deprecated _ext_nodes from salt/master.py. \fI\%#62917\fP
-.IP \(bu 2
-Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. \fI\%#63095\fP
-.IP \(bu 2
-\fBsalt.utils.version.StrictVersion\fP is now deprecated and it\(aqs use should be replaced with \fBsalt.utils.version.Version\fP\&. \fI\%#63383\fP
-.UNINDENT
-.SS Changed
-.INDENT 0.0
-.IP \(bu 2
-More intelligent diffing in changes of file.serialize state. \fI\%#48609\fP
-.IP \(bu 2
-Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. \fI\%#49430\fP
-.IP \(bu 2
-\fBumask\fP is now a global state argument, instead of only applying to \fBcmd\fP
-states. \fI\%#57803\fP
-.IP \(bu 2
-Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. \fI\%#58971\fP
-.IP \(bu 2
-Improve support for listing macOS brew casks \fI\%#59439\fP
-.IP \(bu 2
-Add missing MariaDB Grants to mysql module.
-MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
-Also improved exception handling in \fBgrant_add\fP which did not log the original error message and replaced it with a generic error. \fI\%#61409\fP
-.IP \(bu 2
-Use VENV_PIP_TARGET environment variable as a default target for pip if present. \fI\%#62089\fP
-.IP \(bu 2
-Disabled FQDNs grains on macOS by default \fI\%#62168\fP
-.IP \(bu 2
-Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated \fI\%#62218\fP
-.IP \(bu 2
-Enhance capture of error messages for Zypper calls in zypperpkg module. \fI\%#62346\fP
-.IP \(bu 2
-Removed GPG_1_3_1 check \fI\%#62895\fP
-.IP \(bu 2
-Requisite state chunks now all consistently contain \fB__id__\fP, \fB__sls__\fP and \fBname\fP\&. \fI\%#63012\fP
-.IP \(bu 2
-netapi_enable_clients option to allow enabling/disabling of clients in salt\-api.
-By default all clients will now be disabled. Users of salt\-api will need
-to update their master config to enable the clients that they use. Not adding
-the netapi_enable_clients option with required clients to the master config will
-disable salt\-api. \fI\%#63050\fP
-.IP \(bu 2
-Stop relying on \fBsalt/_version.py\fP to write Salt\(aqs version. Instead use \fBsalt/_version.txt\fP which only contains the version string. \fI\%#63383\fP
-.IP \(bu 2
-Set enable_fqdns_grains to be False by default. \fI\%#63595\fP
-.IP \(bu 2
-Changelog snippet files must now have a \fB\&.md\fP file extension to be more explicit on what type of rendering is done when they are included in the main \fBCHANGELOG.md\fP file. \fI\%#63710\fP
-.IP \(bu 2
-Upgraded to \fBrelenv==0.9.0\fP \fI\%#63883\fP
-.UNINDENT
-.SS Fixed
-.INDENT 0.0
-.IP \(bu 2
-Add kwargs to handle extra parameters for http.query \fI\%#36138\fP
-.IP \(bu 2
-Fix mounted bind mounts getting active mount options added \fI\%#39292\fP
-.IP \(bu 2
-Fix \fBsysctl.present\fP converts spaces to tabs. \fI\%#40054\fP
-.IP \(bu 2
-Fixes state pkg.purged to purge removed packages on Debian family systems \fI\%#42306\fP
-.IP \(bu 2
-Fix fun_args missing from syndic returns \fI\%#45823\fP
-.IP \(bu 2
-Fix mount.mounted with \(aqmount: False\(aq reports unmounted file system as unchanged when running with test=True \fI\%#47201\fP
-.IP \(bu 2
-Issue #49310: Allow users to touch a file with Unix date of birth \fI\%#49310\fP
-.IP \(bu 2
-Do not raise an exception in pkg.info_installed on nonzero return code \fI\%#51620\fP
-.IP \(bu 2
-Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read\-only attribute are handled. \fI\%#51739\fP
-.IP \(bu 2
-Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#52167\fP
-.IP \(bu 2
-Don\(aqt check for cached pillar errors on state.apply \fI\%#52354\fP, \fI\%#57180\fP, \fI\%#59339\fP
-.IP \(bu 2
-Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. \fI\%#52400\fP
-.IP \(bu 2
-Ensure when we\(aqre adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. \fI\%#53353\fP
-.IP \(bu 2
-When user_create or user_remove fail, return False instead of returning the error. \fI\%#53377\fP
-.IP \(bu 2
-Include sync_roster when sync_all is called. \fI\%#53914\fP
-.IP \(bu 2
-Avoid warning noise in lograte.get \fI\%#53988\fP
-.IP \(bu 2
-Fixed listing revoked keys with gpg.list_keys \fI\%#54347\fP
-.IP \(bu 2
-Fix mount.mounted does not handle blanks properly \fI\%#54508\fP
-.IP \(bu 2
-Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. \fI\%#54682\fP
-.IP \(bu 2
-Fix spelling error for python_shell argument in dpkg_lower module \fI\%#54907\fP
-.IP \(bu 2
-Cleaned up bytes response data before sending to non\-bytes compatible returners (postgres, mysql) \fI\%#55226\fP
-.IP \(bu 2
-Fixed malformed state return when testing file.managed with unavailable source file \fI\%#55269\fP
-.IP \(bu 2
-Included stdout in error message for Zypper calls in zypperpkg module. \fI\%#56016\fP
-.IP \(bu 2
-Fixed pillar.filter_by with salt\-ssh \fI\%#56093\fP
-.IP \(bu 2
-Fix boto_route53 issue with (multiple) VPCs. \fI\%#57139\fP
-.IP \(bu 2
-Remove log from mine runner which was not used. \fI\%#57463\fP
-.IP \(bu 2
-Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#57535\fP
-.IP \(bu 2
-Updating Slack engine to use slack_bolt library. \fI\%#57842\fP
-.IP \(bu 2
-Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. \fI\%#58165\fP
-.IP \(bu 2
-Fix salt.modules.pip:is_installed doesn\(aqt handle locally installed packages \fI\%#58202\fP
-.IP \(bu 2
-Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. \fI\%#58297\fP
-.IP \(bu 2
-linux_shadow: Fix cases where malformed shadow entries cause \fBuser.present\fP
-states to fail. \fI\%#58423\fP
-.IP \(bu 2
-Fixed salt.utils.compat.cmp to work with dictionaries \fI\%#58729\fP
-.IP \(bu 2
-Fixed formatting for terse output mode \fI\%#58953\fP
-.IP \(bu 2
-Fixed RecursiveDictDiffer with added nested dicts \fI\%#59017\fP
-.IP \(bu 2
-Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59169\fP
-.IP \(bu 2
-Fixed saltnado websockets disconnecting immediately \fI\%#59183\fP
-.IP \(bu 2
-Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59315\fP
-.IP \(bu 2
-Fix postgres_privileges.present not idempotent for functions \fI\%#59585\fP
-.IP \(bu 2
-Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. \fI\%#59766\fP
-.IP \(bu 2
-Warn when using insecure (http:// based) key_urls for apt\-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. \fI\%#59786\fP
-.IP \(bu 2
-add load balancing policy default option and ensure the module can be executed with arguments from CLI \fI\%#59909\fP
-.IP \(bu 2
-Fix salt\-ssh when using imports with extra\-filerefs. \fI\%#60003\fP
-.IP \(bu 2
-Fixed cache directory corruption startup error \fI\%#60170\fP
-.IP \(bu 2
-Update docs remove dry_run in docstring of file.blockreplace state. \fI\%#60227\fP
-.IP \(bu 2
-Adds Parrot to OS_Family_Map in grains. \fI\%#60249\fP
-.IP \(bu 2
-Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions \fI\%#60365\fP
-.IP \(bu 2
-Use return code in iptables \-\-check to verify rule exists. \fI\%#60467\fP
-.IP \(bu 2
-Fix regression pip.installed does not pass env_vars when calling pip.list \fI\%#60557\fP
-.IP \(bu 2
-Fix xfs module when additional output included in mkfs.xfs command. \fI\%#60853\fP
-.IP \(bu 2
-Fixed parsing new format of terraform states in roster.terraform \fI\%#60915\fP
-.IP \(bu 2
-Fixed recognizing installed ARMv7 rpm packages in compatible architectures. \fI\%#60994\fP
-.IP \(bu 2
-Fixing changes dict in pkg state to be consistent when installing and test=True. \fI\%#60995\fP
-.IP \(bu 2
-Fix cron.present duplicating entries when changing timespec to special. \fI\%#60997\fP
-.IP \(bu 2
-Made salt\-ssh respect \-\-wipe again \fI\%#61083\fP
-.IP \(bu 2
-state.orchestrate_single only passes a pillar if it is set to the state
-function. This allows it to be used with state functions that don\(aqt accept a
-pillar keyword argument. \fI\%#61092\fP
-.IP \(bu 2
-Fix ipset state when the comment kwarg is set. \fI\%#61122\fP
-.IP \(bu 2
-Fix issue with archive.unzip where the password was not being encoded for the extract function \fI\%#61422\fP
-.IP \(bu 2
-Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
-Mint, Pop!_OS, Rocky Linux) report different \fBoscodename\fP, \fBosfullname\fP,
-\fBosfinger\fP grains if lsb\-release is installed or not. They have been changed to
-only derive these OS grains from \fB/etc/os\-release\fP\&. \fI\%#61618\fP
-.IP \(bu 2
-Pop!_OS uses the full version (\fI\%YY.MM\fP) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. \fI\%#61619\fP
-.IP \(bu 2
-Fix ssh config roster to correctly parse the ssh config files that contain spaces. \fI\%#61650\fP
-.IP \(bu 2
-Fix SoftLayer configuration not raising an exception when a domain is missing \fI\%#61727\fP
-.IP \(bu 2
-Allow the minion to start or salt\-call to run even if the user doesn\(aqt have permissions to read the root_dir value from the registry \fI\%#61789\fP
-.IP \(bu 2
-Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. \fI\%#61805\fP
-.IP \(bu 2
-Fixed malformed state return when merge\-serializing to an improperly formatted file \fI\%#61814\fP
-.IP \(bu 2
-Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) \fI\%#61816\fP
-.IP \(bu 2
-When deleting the vault cache, also delete from the session cache \fI\%#61821\fP
-.IP \(bu 2
-Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. \fI\%#61827\fP
-.IP \(bu 2
-win_lgpo: Display conflicting policy names when more than one policy is found \fI\%#61859\fP
-.IP \(bu 2
-win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy \fI\%#61860\fP
-.IP \(bu 2
-Fixed listing minions on OpenBSD \fI\%#61966\fP
-.IP \(bu 2
-Make Salt to return an error on \(dqpkg\(dq modules and states when targeting duplicated package names \fI\%#62019\fP
-.IP \(bu 2
-Fix return of REST\-returned permissions when auth_list is set \fI\%#62022\fP
-.IP \(bu 2
-Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. \fI\%#62029\fP
-.IP \(bu 2
-Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() \fI\%#62030\fP
-.IP \(bu 2
-Fix attr=all handling in pkg.list_pkgs() (yum/zypper). \fI\%#62032\fP
-.IP \(bu 2
-Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap \fI\%#62053\fP
-.IP \(bu 2
-Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias \fI\%#62058\fP
-.IP \(bu 2
-Fix ordering of args to libcloud_storage.download_object module \fI\%#62074\fP
-.IP \(bu 2
-Ignore extend declarations in sls files that are excluded. \fI\%#62082\fP
-.IP \(bu 2
-Remove leftover usage of impacket \fI\%#62101\fP
-.IP \(bu 2
-Pass executable path from _get_path_exec() is used when calling the program.
-The $HOME env is no longer modified globally.
-Only trailing newlines are stripped from the fetched secret.
-Pass process arguments are handled in a secure way. \fI\%#62120\fP
-.IP \(bu 2
-Ignore some command return codes in openbsdrcctl_service to prevent spurious errors \fI\%#62131\fP
-.IP \(bu 2
-Fixed extra period in filename output in tls module. Instead of \(dqserver.crt.\(dq it will now be \(dqserver.crt\(dq. \fI\%#62139\fP
-.IP \(bu 2
-Make sure lingering PAexec\-*.exe files in the Windows directory are cleaned up \fI\%#62152\fP
-.IP \(bu 2
-Restored Salt\(aqs DeprecationWarnings \fI\%#62185\fP
-.IP \(bu 2
-Fixed issue with forward slashes on Windows with file.recurse and clean=True \fI\%#62197\fP
-.IP \(bu 2
-Recognize OSMC as Debian\-based \fI\%#62198\fP
-.IP \(bu 2
-Fixed Zypper module failing on RPM lock file being temporarily unavailable. \fI\%#62204\fP
-.IP \(bu 2
-Improved error handling and diagnostics in the proxmox salt\-cloud driver \fI\%#62211\fP
-.IP \(bu 2
-Added EndeavourOS to the Arch os_family. \fI\%#62220\fP
-.IP \(bu 2
-Fix salt\-ssh not detecting \fBplatform\-python\fP as a valid interpreter on EL8 \fI\%#62235\fP
-.IP \(bu 2
-Fix pkg.version_cmp on openEuler and a few other os flavors. \fI\%#62248\fP
-.IP \(bu 2
-Fix localhost detection in glusterfs.peers \fI\%#62273\fP
-.IP \(bu 2
-Fix Salt Package Manager (SPM) exception when calling spm create_repo . \fI\%#62281\fP
-.IP \(bu 2
-Fix matcher slowness due to loader invocation \fI\%#62283\fP
-.IP \(bu 2
-Fixes the Puppet module for non\-aio Puppet packages for example running the Puppet module on FreeBSD. \fI\%#62323\fP
-.IP \(bu 2
-Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect \fI\%#62334\fP
-.IP \(bu 2
-Fix pyobjects renderer access to opts and sls \fI\%#62336\fP
-.IP \(bu 2
-Fix use of random shuffle and sample functions as Jinja filters \fI\%#62372\fP
-.IP \(bu 2
-Fix groups with duplicate GIDs are not returned by get_group_list \fI\%#62377\fP
-.IP \(bu 2
-Fix the \(dqzpool.present\(dq state when enabling zpool features that are already active. \fI\%#62390\fP
-.IP \(bu 2
-Fix ability to execute remote file client methods in saltcheck \fI\%#62398\fP
-.IP \(bu 2
-Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x \fI\%#62400\fP
-.IP \(bu 2
-Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. \fI\%#62405\fP
-.IP \(bu 2
-When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren\(aqt actually changes since the prereq state did not run. \fI\%#62408\fP
-.IP \(bu 2
-Added directory mode for file.copy with makedirs \fI\%#62426\fP
-.IP \(bu 2
-Provide better error handling in the various napalm proxy minion functions when the device is not accessible. \fI\%#62435\fP
-.IP \(bu 2
-When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don\(aqt need to attempt to load them everytime. \fI\%#62439\fP
-.IP \(bu 2
-The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module \fI\%#62451\fP
-.IP \(bu 2
-sysctl.persist now updates the in\-memory value on FreeBSD even if the on\-disk value was already correct. \fI\%#62461\fP
-.IP \(bu 2
-Fixed parsing CDROM apt sources \fI\%#62474\fP
-.IP \(bu 2
-Update sanitizing masking for Salt SSH to include additional password like strings. \fI\%#62483\fP
-.IP \(bu 2
-Fix user/group checking on file state functions in the test mode. \fI\%#62499\fP
-.IP \(bu 2
-Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. \fI\%#62502\fP
-.IP \(bu 2
-Fix possible tracebacks if there is a package with \(aq\-\-\-\-\-\-\(aq or \(aq======\(aq in the description is installed on the Debian based minion. \fI\%#62519\fP
-.IP \(bu 2
-Fixed the omitted \(dqpool\(dq parameter when cloning a VM with the proxmox salt\-cloud driver \fI\%#62521\fP
-.IP \(bu 2
-Fix rendering of pyobjects states in saltcheck \fI\%#62523\fP
-.IP \(bu 2
-Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt \fI\%#62527\fP
-.IP \(bu 2
-Use str() method instead of repo_line for when python3\-apt is installed or not in \fI\%aptpkg.py\fP\&. \fI\%#62546\fP
-.IP \(bu 2
-Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to \fBcontext\fP[\(dqnetmiko_device\(dq][\(dqargs\(dq] which is passed along to the Netmiko library. \fI\%#62547\fP
-.IP \(bu 2
-Fix order specific mount.mounted options for persist \fI\%#62556\fP
-.IP \(bu 2
-Fixed salt\-cloud cloning a proxmox VM with a specified new vmid. \fI\%#62558\fP
-.IP \(bu 2
-Fix runas with cmd module when using the onedir bundled packages \fI\%#62565\fP
-.IP \(bu 2
-Update setproctitle version for all platforms \fI\%#62576\fP
-.IP \(bu 2
-Fixed missing parameters when cloning a VM with the proxmox salt\-cloud driver \fI\%#62580\fP
-.IP \(bu 2
-Handle PermissionError when importing crypt when FIPS is enabled. \fI\%#62587\fP
-.IP \(bu 2
-Correctly reraise exceptions in states.http \fI\%#62595\fP
-.IP \(bu 2
-Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. \fI\%#62618\fP
-.IP \(bu 2
-updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. \fI\%#62624\fP
-.IP \(bu 2
-Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline \fI\%#62633\fP
-.IP \(bu 2
-Fixed vault ext pillar return data for KV v2 \fI\%#62651\fP
-.IP \(bu 2
-Fix saltcheck _get_top_states doesn\(aqt pass saltenv to state.show_top \fI\%#62654\fP
-.IP \(bu 2
-Fix groupadd.* functions hard code relative command name \fI\%#62657\fP
-.IP \(bu 2
-Fixed pdbedit.create trying to use a bytes\-like hash as string. \fI\%#62670\fP
-.IP \(bu 2
-Fix depenency on legacy boto module in boto3 modules \fI\%#62672\fP
-.IP \(bu 2
-Modified \(dq_get_flags\(dq function so that it returns regex flags instead of integers \fI\%#62676\fP
-.IP \(bu 2
-Change startup ReqServer log messages from error to info level. \fI\%#62728\fP
-.IP \(bu 2
-Fix kmod.* functions hard code relative command name \fI\%#62772\fP
-.IP \(bu 2
-Fix mac_brew_pkg to work with null taps \fI\%#62793\fP
-.IP \(bu 2
-Fixing a bug when listing the running schedule if \(dqschedule.enable\(dq and/or \(dqschedule.disable\(dq has been run, where the \(dqenabled\(dq items is being treated as a schedule item. \fI\%#62795\fP
-.IP \(bu 2
-Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode \fI\%#62817\fP
-.IP \(bu 2
-Include UID and GID checks in modules.file.check_perms as well as comparing
-ownership by username and group name. \fI\%#62818\fP
-.IP \(bu 2
-Fix presence events on TCP transport by removing a client\(aqs presence when minion disconnects from publish channel correctly \fI\%#62826\fP
-.IP \(bu 2
-Remove Azure deprecation messages from functions that always run w/ salt\-cloud \fI\%#62845\fP
-.IP \(bu 2
-Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 \fI\%#62854\fP
-.IP \(bu 2
-Fixed master job scheduler using when \fI\%#62858\fP
-.IP \(bu 2
-LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding \fI\%#62873\fP
-.IP \(bu 2
-Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. \fI\%#62878\fP
-.IP \(bu 2
-Fixed dockermod version_info function for docker\-py 6.0.0+ \fI\%#62882\fP
-.IP \(bu 2
-Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. \fI\%#62886\fP
-.IP \(bu 2
-Updating various MongoDB module functions to work with latest version of pymongo. \fI\%#62900\fP
-.IP \(bu 2
-Restored channel for Syndic minions to send job returns to the Salt master. \fI\%#62933\fP
-.IP \(bu 2
-removed _resolve_deps as it required a library that is not generally avalible. and switched to apt\-get for everything as that can auto resolve dependencies. \fI\%#62934\fP
-.IP \(bu 2
-Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt\-minion/salt\-call to hang \fI\%#62937\fP
-.IP \(bu 2
-Allow root user to modify crontab lines for non\-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. \fI\%#62940\fP
-.IP \(bu 2
-Fix systemd_service.* functions hard code relative command name \fI\%#62942\fP
-.IP \(bu 2
-Fix file.symlink backupname operation can copy remote contents to local disk \fI\%#62953\fP
-.IP \(bu 2
-Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts \fI\%#62968\fP
-.IP \(bu 2
-Fixed gpg_passphrase issue with gpg decrypt/encrypt functions \fI\%#62977\fP
-.IP \(bu 2
-Fix file.tidied FileNotFoundError \fI\%#62986\fP
-.IP \(bu 2
-Fixed bug where module.wait states were detected as running legacy module.run syntax \fI\%#62988\fP
-.IP \(bu 2
-Fixed issue with win_wua module where it wouldn\(aqt load if the CryptSvc was set to Manual start \fI\%#62993\fP
-.IP \(bu 2
-The \fB__opts__\fP dunder dictionary is now added to the loader\(aqs \fBpack\fP if not
-already present, which makes it accessible via the
-\fBsalt.loader.context.NamedLoaderContext\fP class. \fI\%#63013\fP
-.IP \(bu 2
-Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts \fI\%#63024\fP
-.IP \(bu 2
-Fix btrfs.subvolume_snapshot command failing \fI\%#63025\fP
-.IP \(bu 2
-Fix file.retention_schedule always reports changes \fI\%#63033\fP
-.IP \(bu 2
-Fix mongo authentication for mongo ext_pillar and mongo returner
-.sp
-This fix also include the ability to use the mongo connection string for mongo ext_pillar \fI\%#63058\fP
-.IP \(bu 2
-Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. \fI\%#63103\fP
-.IP \(bu 2
-TCP transport documentation now contains proper master/minion\-side filtering information \fI\%#63120\fP
-.IP \(bu 2
-Fixed gpg.verify does not respect gnupghome \fI\%#63145\fP
-.IP \(bu 2
-Made pillar cache pass extra minion data as well \fI\%#63208\fP
-.IP \(bu 2
-Fix serious performance issues with the file.tidied module \fI\%#63231\fP
-.IP \(bu 2
-Fix rpm_lowpkg version comparison logic when using rpm\-vercmp and only one version has a release number. \fI\%#63317\fP
-.IP \(bu 2
-Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available \fI\%#63350\fP
-.IP \(bu 2
-When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. \fI\%#63590\fP
-.IP \(bu 2
-LGPO: Added support for \(dqRelax minimum password length limits\(dq \fI\%#63596\fP
-.IP \(bu 2
-Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (\fBdelete_after\fP) \fI\%#63650\fP
-.IP \(bu 2
-When a job is disabled only increase it\(aqs _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. \fI\%#63699\fP
-.IP \(bu 2
-have salt.template.compile_template_str cleanup its temp files. \fI\%#63724\fP
-.IP \(bu 2
-Check file is not empty before attempting to read pillar disk cache file \fI\%#63729\fP
-.IP \(bu 2
-Fixed an issue with generating fingerprints for public keys with different line endings \fI\%#63742\fP
-.IP \(bu 2
-Change default GPG keyserver from \fI\%pgp.mit.edu\fP to \fI\%keys.openpgp.org\fP\&. \fI\%#63806\fP
-.IP \(bu 2
-fix cherrypy 400 error output to be less generic. \fI\%#63835\fP
-.IP \(bu 2
-Ensure kwargs is passed along to _call_apt when passed into install function. \fI\%#63847\fP
-.IP \(bu 2
-remove eval and update logging to be more informative on bad config \fI\%#63879\fP
-.IP \(bu 2
-add linux_distribution to util to stop dep warning \fI\%#63904\fP
-.IP \(bu 2
-Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. \fI\%#63923\fP
-.IP \(bu 2
-Clarifying documentation for extension_modules configuration option. \fI\%#63929\fP
-.IP \(bu 2
-Windows pkg module now properly handles versions containing strings \fI\%#63935\fP
-.IP \(bu 2
-Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn\(aqt used by that function. \fI\%#63948\fP
-.IP \(bu 2
-Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows \fI\%#63981\fP
-.UNINDENT
-.SS Added
-.INDENT 0.0
-.IP \(bu 2
-Introduce a \fBLIB_STATE_DIR\fP syspaths variable which defaults to \fBCONFIG_DIR\fP,
-but can be individually customized during installation by specifying
-\fB\-\-salt\-lib\-state\-dir\fP during installation. Change the default \fBpki_dir\fP to
-\fB<LIB_STATE_DIR>/pki/master\fP (for the master) and \fB<LIB_STATE_DIR>/pki/minion\fP
-(for the minion). \fI\%#3396\fP
-.IP \(bu 2
-Allow users to enable \(aqqueue=True\(aq for all state runs via config file \fI\%#31468\fP
-.IP \(bu 2
-Added pillar templating to vault policies \fI\%#43287\fP
-.IP \(bu 2
-Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray \fI\%#51088\fP
-.IP \(bu 2
-A new salt\-ssh roster that generates a roster by parses a known_hosts file. \fI\%#54679\fP
-.IP \(bu 2
-Added Windows Event Viewer support \fI\%#54713\fP
-.IP \(bu 2
-Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file \fI\%#56013\fP
-.IP \(bu 2
-Added resource tagging functions to boto_dynamodb execution module \fI\%#57500\fP
-.IP \(bu 2
-Added \fBopenvswitch_db\fP state module and functions \fBbridge_to_parent\fP,
-\fBbridge_to_vlan\fP, \fBdb_get\fP, and \fBdb_set\fP to the \fBopenvswitch\fP execution module.
-Also added optional \fBparent\fP and \fBvlan\fP parameters to the
-\fBopenvswitch_bridge.present\fP state module function and the
-\fBopenvswitch.bridge_create\fP execution module function. \fI\%#58986\fP
-.IP \(bu 2
-State module to manage SysFS attributes \fI\%#60154\fP
-.IP \(bu 2
-Added ability for \fBsalt.wait_for_event\fP to handle \fBevent_id\fPs that have a list value. \fI\%#60430\fP
-.IP \(bu 2
-Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) \fI\%#60518\fP
-.IP \(bu 2
-Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. \fI\%#60700\fP
-.IP \(bu 2
-Added .0 back to our versioning scheme for future versions (e.g. 3006.0) \fI\%#60722\fP
-.IP \(bu 2
-Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. \fI\%#61153\fP
-.IP \(bu 2
-Added node label support for GCE \fI\%#61245\fP
-.IP \(bu 2
-Support the \-\-priority flag when adding sources to Chocolatey. \fI\%#61319\fP
-.IP \(bu 2
-Add namespace option to ext_pillar.http_json \fI\%#61335\fP
-.IP \(bu 2
-Added a filter function to ps module to get a list of processes on a minion according to their state. \fI\%#61420\fP
-.IP \(bu 2
-Add postgres.timeout option to postgres module for limiting postgres query times \fI\%#61433\fP
-.IP \(bu 2
-Added new optional vault option, \fBconfig_location\fP\&. This can be either \fBmaster\fP or \fBlocal\fP and defines where vault will look for connection details, either requesting them from the master or using the local config. \fI\%#61857\fP
-.IP \(bu 2
-Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. \fI\%#61931\fP
-.IP \(bu 2
-\(aqtcp\(aq transport is now available in ipv6\-only network \fI\%#62009\fP
-.IP \(bu 2
-Add \fBdiff_attr\fP parameter to pkg.upgrade() (zypper/yum). \fI\%#62031\fP
-.IP \(bu 2
-Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
-Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
-Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
-Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. \fI\%#62120\fP
-.IP \(bu 2
-Add file.pruned state and expanded file.rmdir exec module functionality \fI\%#62178\fP
-.IP \(bu 2
-Added \(dqdig.PTR\(dq function to resolve PTR records for IPs, as well as tests and documentation \fI\%#62275\fP
-.IP \(bu 2
-Added the ability to remove a KB using the DISM state/execution modules \fI\%#62366\fP
-.IP \(bu 2
-Add \(dq python\(dq subcommand to allow execution or arbitrary scripts via bundled Python runtime \fI\%#62381\fP
-.IP \(bu 2
-Add ability to provide conditions which convert normal state actions to no\-op when true \fI\%#62446\fP
-.IP \(bu 2
-Added debug log messages displaying the command being run when installing packages on Windows \fI\%#62480\fP
-.IP \(bu 2
-Add biosvendor grain \fI\%#62496\fP
-.IP \(bu 2
-Add ifelse Jinja function as found in CFEngine \fI\%#62508\fP
-.IP \(bu 2
-Implementation of Amazon EC2 instance detection and setting \fBvirtual_subtype\fP grain accordingly including the product if possible to identify. \fI\%#62539\fP
-.IP \(bu 2
-Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack \fI\%#62578\fP
-.IP \(bu 2
-Increase file.tidied flexibility with regard to age and size \fI\%#62678\fP
-.IP \(bu 2
-Added \(dqconnected_devices\(dq feature to netbox pillar module. It contains extra information about devices connected to the minion \fI\%#62761\fP
-.IP \(bu 2
-Add atomic file operation for symlink changes \fI\%#62768\fP
-.IP \(bu 2
-Add password/account locking/unlocking in user.present state on supported operating systems \fI\%#62856\fP
-.IP \(bu 2
-Added onchange configuration for script engine \fI\%#62867\fP
-.IP \(bu 2
-Added output and bare functionality to export_key gpg module function \fI\%#62978\fP
-.IP \(bu 2
-Add keyvalue serializer for environment files \fI\%#62983\fP
-.IP \(bu 2
-Add ability to ignore symlinks in file.tidied \fI\%#63042\fP
-.IP \(bu 2
-salt\-cloud support IMDSv2 tokens when using \(aquse\-instance\-role\-credentials\(aq \fI\%#63067\fP
-.IP \(bu 2
-Add ability for file.symlink to not set ownership on existing links \fI\%#63093\fP
-.IP \(bu 2
-Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation \fI\%#63095\fP
-.IP \(bu 2
-Add functions that will return the underlying block device, mount point, and filesystem type for a given path \fI\%#63098\fP
-.IP \(bu 2
-Add ethtool execution and state module functions for pause \fI\%#63128\fP
-.IP \(bu 2
-Add boardname grain \fI\%#63131\fP
-.IP \(bu 2
-Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63248\fP
-.IP \(bu 2
-Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63249\fP
-.IP \(bu 2
-Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. \fI\%#63315\fP
-.IP \(bu 2
-Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
-This allows users to enable state_events on a per use basis rather than having to
-enable them globally for all state runs. \fI\%#63316\fP
-.IP \(bu 2
-Allow max queue size setting for state runs to prevent performance problems from queue growth \fI\%#63356\fP
-.IP \(bu 2
-Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP
-.IP \(bu 2
-Include the version of \fBrelenv\fP in the versions report. \fI\%#63827\fP
-.IP \(bu 2
-Added debug log messages displaying the command being run when removing packages on Windows \fI\%#63866\fP
+Add \-\-next\-release argument to salt/version.py, which prints the next upcoming release. \fI\%#64023\fP
 .UNINDENT
 .SS Security
 .INDENT 0.0
diff --git a/doc/man/spm.1 b/doc/man/spm.1
index a2f1eb819f93..b680a20ddab7 100644
--- a/doc/man/spm.1
+++ b/doc/man/spm.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SPM" "1" "Generated on March 29, 2023 at 07:32:38 PM UTC." "3006.0" "Salt"
+.TH "SPM" "1" "Generated on April 18, 2023 at 08:56:37 PM UTC." "3006.0" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .sp
diff --git a/doc/topics/releases/3006.0.md b/doc/topics/releases/3006.0.md
index 155eb521eb65..1e7cf924d6a8 100644
--- a/doc/topics/releases/3006.0.md
+++ b/doc/topics/releases/3006.0.md
@@ -20,6 +20,37 @@ be provided for supported operating systems. See [Upgrade to onedir](https://doc
 in the [Salt Install Guide](https://docs.saltproject.io/salt/install-guide/en/latest) for information about upgrading from the classic packages to the onedir
 packages.
 
+## Linux Packaging Salt Master Salt User and Group
+
+The linux Salt Master packages will now add a Salt user and group
+by default. The packages will add the ``user: salt`` config option
+to the Salt Master config. The Salt Master service will run as this
+user. If you do not want to run the Salt Master as a different user
+you can remove the ``user: salt`` config from /etc/salt/master or change
+the user to the desired user to run the Salt Master.
+
+Since the Salt Master is running as a different user, you will need
+to ensure you set the owner and group to ``salt`` for your file_roots
+and pillar_roots(commonly `/srv/salt` and `/srv/pillar`).
+
+If you are running a Salt Master, Salt-Api and a Salt Minion on the same
+host using the new ``salt`` user and you install a pip dependency into
+the onedir environment using ``salt-pip`` or the ``pip`` module, you
+need to to chown the directory ``/opt/saltstack/salt/lib/<python_version>/site-packages/``
+with the ``salt`` user and group.
+
+
+## Caveat of salt-pip
+
+Salt ships with a wrapper script around pip called ``salt-pip``. Users should
+use ``salt-pip`` to install any python packages needed to extend Salt.
+``salt-pip`` installs python packages into an `extras-3.10` directory located
+in the root of the ondir directory, by setting the ``--target`` argument for
+pip. This ensures those packages remain installed when upgrading Salt. There is
+a known bug in pip when using `--target` where scripts and other non-python
+assets may not be cleaned up properly when un-installing.  The Salt team is
+working to resolve this bug in the up-stream pip project.
+
 
 ## Dropping support for Python 3.5 and 3.6
 
@@ -279,6 +310,7 @@ This is auto generated
 - Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
 - Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
 - Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+- Remove mako as a dependency in Windows and macOS. [#62785](https://github.com/saltstack/salt/issues/62785)
 - Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
 - Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
 - Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
@@ -316,6 +348,7 @@ This is auto generated
 - Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
 - TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
 - Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+- User responsible for the runner is now correctly reported in the events on the event bus for the runner. [#63148](https://github.com/saltstack/salt/issues/63148)
 - Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
 - Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
 - Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
@@ -329,16 +362,20 @@ This is auto generated
 - have salt.template.compile_template_str cleanup its temp files. [#63724](https://github.com/saltstack/salt/issues/63724)
 - Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
 - Fixed an issue with generating fingerprints for public keys with different line endings [#63742](https://github.com/saltstack/salt/issues/63742)
+- Add `fileserver_interval` and `maintenance_interval` master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won't leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master's memory usage in check. [#63747](https://github.com/saltstack/salt/issues/63747)
+- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
 - Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org. [#63806](https://github.com/saltstack/salt/issues/63806)
 - fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
 - Ensure kwargs is passed along to _call_apt when passed into install function. [#63847](https://github.com/saltstack/salt/issues/63847)
 - remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
 - add linux_distribution to util to stop dep warning [#63904](https://github.com/saltstack/salt/issues/63904)
+- Fix valuerror when trying to close fileclient. Remove usage of __del__ and close the filclient properly. [#63920](https://github.com/saltstack/salt/issues/63920)
 - Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. [#63923](https://github.com/saltstack/salt/issues/63923)
 - Clarifying documentation for extension_modules configuration option. [#63929](https://github.com/saltstack/salt/issues/63929)
 - Windows pkg module now properly handles versions containing strings [#63935](https://github.com/saltstack/salt/issues/63935)
 - Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function. [#63948](https://github.com/saltstack/salt/issues/63948)
 - Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows [#63981](https://github.com/saltstack/salt/issues/63981)
+- Hardened permissions on workers.ipc and master_event_pub.ipc. [#64063](https://github.com/saltstack/salt/issues/64063)
 
 
 ### Added
@@ -398,6 +435,7 @@ This is auto generated
 - Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
 - Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
 - salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+- Fix running fast tests twice and add git labels to suite. [#63081](https://github.com/saltstack/salt/issues/63081)
 - Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
 - Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
 - Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
@@ -413,6 +451,8 @@ This is auto generated
 - Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
 - Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
 - Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+- Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used. [#63956](https://github.com/saltstack/salt/issues/63956)
+- Add --next-release argument to salt/version.py, which prints the next upcoming release. [#64023](https://github.com/saltstack/salt/issues/64023)
 
 
 ### Security
diff --git a/pkg/debian/changelog b/pkg/debian/changelog
index fa24b40697de..b014ff40a01c 100644
--- a/pkg/debian/changelog
+++ b/pkg/debian/changelog
@@ -1,3 +1,368 @@
+salt (3006.0) stable; urgency=medium
+
+
+  # Removed
+
+  * Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+  * Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+  * Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+  * Removed the PyObjC dependency.
+
+    This addresses problems with building a one dir build for macOS.
+    It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+    Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+  * Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+  # Deprecated
+
+  * renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+    `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+  * Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+  * The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+  * The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+  * Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+  * Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+  * Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+  * Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+  * Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+  * Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+  * `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+  # Changed
+
+  * More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+  * Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+  * ``umask`` is now a global state argument, instead of only applying to ``cmd``
+    states. [#57803](https://github.com/saltstack/salt/issues/57803)
+  * Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+  * Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+  * Add missing MariaDB Grants to mysql module.
+    MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+    Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+  * Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+  * Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+  * Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+  * Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+  * Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+  * Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+  * netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+    By default all clients will now be disabled. Users of salt*api will need
+    to update their master config to enable the clients that they use. Not adding
+    the netapi_enable_clients option with required clients to the master config will
+    disable salt*api. [#63050](https://github.com/saltstack/salt/issues/63050)
+  * Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+  * Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+  * Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+  * Upgraded to `relenv==0.9.0` [#63883](https://github.com/saltstack/salt/issues/63883)
+
+  # Fixed
+
+  * Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+  * Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+  * Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+  * Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+  * Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+  * Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+  * Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+  * Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+  * Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+  * Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+  * Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+  * Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+  * Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+  * When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+  * Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+  * Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+  * Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+  * Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+  * Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+  * Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+  * Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+  * Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+  * Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+  * Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+  * Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+  * Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+  * Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+  * Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+  * Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+  * Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+  * Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+  * linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+    states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+  * Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+  * Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+  * Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+  * Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+  * Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+  * Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+  * Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+  * Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+  * Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+  * add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+  * Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+  * Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+  * Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+  * Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+  * Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+  * Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+  * Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+  * Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+  * Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+  * Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+  * Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+  * Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+  * Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+  * state.orchestrate_single only passes a pillar if it is set to the state
+    function. This allows it to be used with state functions that don't accept a
+    pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+  * Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+  * Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+  * Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+    Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+    `osfinger` grains if lsb*release is installed or not. They have been changed to
+    only derive these OS grains from `/etc/os*release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+  * Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+  * Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+  * Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+  * Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+  * Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+  * Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+  * Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+  * When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+  * Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+  * win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+  * win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+  * Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+  * Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+  * Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+  * Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+  * Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+  * Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+  * Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+  * Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+  * Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+  * Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+  * Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+  * Pass executable path from _get_path_exec() is used when calling the program.
+    The $HOME env is no longer modified globally.
+    Only trailing newlines are stripped from the fetched secret.
+    Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+  * Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+  * Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+  * Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+  * Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+  * Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+  * Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+  * Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+  * Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+  * Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+  * Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+  * Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+  * Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+  * Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+  * Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+  * Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+  * Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+  * Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+  * Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+  * Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+  * Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+  * Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+  * Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+  * Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+  * When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+  * Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+  * Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+  * When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+  * The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+  * sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+  * Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+  * Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+  * Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+  * Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+  * Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+  * Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+  * Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+  * Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+  * Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+  * Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+  * Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+  * Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+  * Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+  * Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+  * Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+  * Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+  * Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+  * Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+  * updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+  * Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+  * Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+  * Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+  * Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+  * Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+  * Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+  * Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+  * Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+  * Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+  * Remove mako as a dependency in Windows and macOS. [#62785](https://github.com/saltstack/salt/issues/62785)
+  * Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+  * Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+  * Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+  * Include UID and GID checks in modules.file.check_perms as well as comparing
+    ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+  * Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+  * Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+  * Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+  * Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+  * LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+  * Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+  * Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+  * Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+  * Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+  * Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+  * removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+  * Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+  * Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+  * Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+  * Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+  * Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+  * Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+  * Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+  * Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+  * Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+  * The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+    already present, which makes it accessible via the
+    `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+  * Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+  * Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+  * Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+  * Fix mongo authentication for mongo ext_pillar and mongo returner
+
+    This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+  * Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+  * TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+  * Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+  * User responsible for the runner is now correctly reported in the events on the event bus for the runner. [#63148](https://github.com/saltstack/salt/issues/63148)
+  * Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+  * Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+  * Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+  * Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+  * ``service.status`` on Windows does no longer throws a CommandExecutionError if
+    the service is not found on the system. It now returns "Not Found" instead. [#63577](https://github.com/saltstack/salt/issues/63577)
+  * When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+  * LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+  * Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (``delete_after``) [#63650](https://github.com/saltstack/salt/issues/63650)
+  * When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+  * have salt.template.compile_template_str cleanup its temp files. [#63724](https://github.com/saltstack/salt/issues/63724)
+  * Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+  * Fixed an issue with generating fingerprints for public keys with different line endings [#63742](https://github.com/saltstack/salt/issues/63742)
+  * Add `fileserver_interval` and `maintenance_interval` master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won't leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master's memory usage in check. [#63747](https://github.com/saltstack/salt/issues/63747)
+  * mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
+  * Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org. [#63806](https://github.com/saltstack/salt/issues/63806)
+  * fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+  * Ensure kwargs is passed along to _call_apt when passed into install function. [#63847](https://github.com/saltstack/salt/issues/63847)
+  * remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+  * add linux_distribution to util to stop dep warning [#63904](https://github.com/saltstack/salt/issues/63904)
+  * Fix valuerror when trying to close fileclient. Remove usage of __del__ and close the filclient properly. [#63920](https://github.com/saltstack/salt/issues/63920)
+  * Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. [#63923](https://github.com/saltstack/salt/issues/63923)
+  * Clarifying documentation for extension_modules configuration option. [#63929](https://github.com/saltstack/salt/issues/63929)
+  * Windows pkg module now properly handles versions containing strings [#63935](https://github.com/saltstack/salt/issues/63935)
+  * Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function. [#63948](https://github.com/saltstack/salt/issues/63948)
+  * Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows [#63981](https://github.com/saltstack/salt/issues/63981)
+  * Hardened permissions on workers.ipc and master_event_pub.ipc. [#64063](https://github.com/saltstack/salt/issues/64063)
+
+  # Added
+
+  * Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+    but can be individually customized during installation by specifying
+    `*-salt-lib-state-dir` during installation. Change the default `pki_dir` to
+    `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+    (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+  * Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+  * Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+  * Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+  * A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+  * Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+  * Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+  * Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+  * Added `openvswitch_db` state module and functions `bridge_to_parent`,
+    `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+    Also added optional `parent` and `vlan` parameters to the
+    `openvswitch_bridge.present` state module function and the
+    `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+  * State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+  * Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+  * Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+  * Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+  * Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+  * Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+  * Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+  * Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+  * Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+  * Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+  * Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+  * Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+  * Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+  * 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+  * Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+  * Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+    Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+    Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+    Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+  * Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+  * Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+  * Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+  * Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+  * Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+  * Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+  * Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+  * Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+  * Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+  * Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+  * Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+  * Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+  * Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+  * Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+  * Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+  * Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+  * Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+  * Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+  * salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+  * Fix running fast tests twice and add git labels to suite. [#63081](https://github.com/saltstack/salt/issues/63081)
+  * Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+  * Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+  * Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+  * Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+  * Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+  * Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+  * Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+  * Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+  * Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+    This allows users to enable state_events on a per use basis rather than having to
+    enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+  * Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+  * Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+  * Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+  * Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+  * Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used. [#63956](https://github.com/saltstack/salt/issues/63956)
+  * Add --next-release argument to salt/version.py, which prints the next upcoming release. [#64023](https://github.com/saltstack/salt/issues/64023)
+
+  # Security
+
+  * Upgrade Requirements Due to Security Issues.
+
+    * Upgrade to `cryptography>=39.0.1` due to:
+      * https://github.com/advisories/GHSA*x4qr-2fvf-3mr5
+      * https://github.com/advisories/GHSA*w7pp-m8wf-vj6r
+    * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade.
+    * Update to `markdown*it-py==2.2.0` due to:
+      * https://github.com/advisories/GHSA*jrwr-5x3p-hvc3
+      * https://github.com/advisories/GHSA*vrjv-mxr7-vjf8 [#63882](https://github.com/saltstack/salt/issues/63882)
+
+
+ -- Salt Project Packaging <saltproject-packaging@vmware.com>  Tue, 18 Apr 2023 20:56:10 +0000
+
 salt (1:3006.0rc3) stable; urgency=medium
 
 
diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec
index f05f1b58d1c3..25a28ea59dd6 100644
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@@ -21,7 +21,7 @@
 %define fish_dir %{_datadir}/fish/vendor_functions.d
 
 Name:    salt
-Version: 3006.0~rc3
+Version: 3006.0
 Release: 0
 Summary: A parallel remote execution system
 Group:   System Environment/Daemons
@@ -450,6 +450,368 @@ fi
 
 
 %changelog
+* Tue Apr 18 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.0
+
+# Removed
+
+- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+- Removed the PyObjC dependency.
+
+  This addresses problems with building a one dir build for macOS.
+  It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+  Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+# Deprecated
+
+- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+  `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+# Changed
+
+- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+- ``umask`` is now a global state argument, instead of only applying to ``cmd``
+  states. [#57803](https://github.com/saltstack/salt/issues/57803)
+- Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+- Add missing MariaDB Grants to mysql module.
+  MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+  Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+- netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+  By default all clients will now be disabled. Users of salt-api will need
+  to update their master config to enable the clients that they use. Not adding
+  the netapi_enable_clients option with required clients to the master config will
+  disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050)
+- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+- Upgraded to `relenv==0.9.0` [#63883](https://github.com/saltstack/salt/issues/63883)
+
+# Fixed
+
+- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+- linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+  states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+- state.orchestrate_single only passes a pillar if it is set to the state
+  function. This allows it to be used with state functions that don't accept a
+  pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+  Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+  `osfinger` grains if lsb-release is installed or not. They have been changed to
+  only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+- Pass executable path from _get_path_exec() is used when calling the program.
+  The $HOME env is no longer modified globally.
+  Only trailing newlines are stripped from the fetched secret.
+  Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+- Remove mako as a dependency in Windows and macOS. [#62785](https://github.com/saltstack/salt/issues/62785)
+- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+- Include UID and GID checks in modules.file.check_perms as well as comparing
+  ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+- The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+  already present, which makes it accessible via the
+  `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+- Fix mongo authentication for mongo ext_pillar and mongo returner
+
+  This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+- User responsible for the runner is now correctly reported in the events on the event bus for the runner. [#63148](https://github.com/saltstack/salt/issues/63148)
+- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+- ``service.status`` on Windows does no longer throws a CommandExecutionError if
+  the service is not found on the system. It now returns "Not Found" instead. [#63577](https://github.com/saltstack/salt/issues/63577)
+- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+- Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (``delete_after``) [#63650](https://github.com/saltstack/salt/issues/63650)
+- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+- have salt.template.compile_template_str cleanup its temp files. [#63724](https://github.com/saltstack/salt/issues/63724)
+- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+- Fixed an issue with generating fingerprints for public keys with different line endings [#63742](https://github.com/saltstack/salt/issues/63742)
+- Add `fileserver_interval` and `maintenance_interval` master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won't leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master's memory usage in check. [#63747](https://github.com/saltstack/salt/issues/63747)
+- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
+- Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org. [#63806](https://github.com/saltstack/salt/issues/63806)
+- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+- Ensure kwargs is passed along to _call_apt when passed into install function. [#63847](https://github.com/saltstack/salt/issues/63847)
+- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+- add linux_distribution to util to stop dep warning [#63904](https://github.com/saltstack/salt/issues/63904)
+- Fix valuerror when trying to close fileclient. Remove usage of __del__ and close the filclient properly. [#63920](https://github.com/saltstack/salt/issues/63920)
+- Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. [#63923](https://github.com/saltstack/salt/issues/63923)
+- Clarifying documentation for extension_modules configuration option. [#63929](https://github.com/saltstack/salt/issues/63929)
+- Windows pkg module now properly handles versions containing strings [#63935](https://github.com/saltstack/salt/issues/63935)
+- Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function. [#63948](https://github.com/saltstack/salt/issues/63948)
+- Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows [#63981](https://github.com/saltstack/salt/issues/63981)
+- Hardened permissions on workers.ipc and master_event_pub.ipc. [#64063](https://github.com/saltstack/salt/issues/64063)
+
+# Added
+
+- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+  but can be individually customized during installation by specifying
+  `--salt-lib-state-dir` during installation. Change the default `pki_dir` to
+  `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+  (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+- Added `openvswitch_db` state module and functions `bridge_to_parent`,
+  `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+  Also added optional `parent` and `vlan` parameters to the
+  `openvswitch_bridge.present` state module function and the
+  `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+  Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+  Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+  Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+- Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+- Fix running fast tests twice and add git labels to suite. [#63081](https://github.com/saltstack/salt/issues/63081)
+- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+  This allows users to enable state_events on a per use basis rather than having to
+  enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+- Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used. [#63956](https://github.com/saltstack/salt/issues/63956)
+- Add --next-release argument to salt/version.py, which prints the next upcoming release. [#64023](https://github.com/saltstack/salt/issues/64023)
+
+# Security
+
+- Upgrade Requirements Due to Security Issues.
+
+  * Upgrade to `cryptography>=39.0.1` due to:
+    * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
+    * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
+  * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade.
+  * Update to `markdown-it-py==2.2.0` due to:
+    * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3
+    * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 [#63882](https://github.com/saltstack/salt/issues/63882)
+
+
 * Wed Mar 29 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.0~rc3
 
 # Removed
diff --git a/salt/version.py b/salt/version.py
index bfb989da2a13..43cb5f86f75c 100644
--- a/salt/version.py
+++ b/salt/version.py
@@ -78,7 +78,7 @@ class SaltVersionsInfo(type):
     ALUMINIUM     = SaltVersion("Aluminium"    , info=3003,       released=True)
     SILICON       = SaltVersion("Silicon"      , info=3004,       released=True)
     PHOSPHORUS    = SaltVersion("Phosphorus"   , info=3005,       released=True)
-    SULFUR        = SaltVersion("Sulfur"       , info=(3006, 0))
+    SULFUR        = SaltVersion("Sulfur"       , info=(3006, 0),  released=True)
     CHLORINE      = SaltVersion("Chlorine"     , info=(3007, 0))
     ARGON         = SaltVersion("Argon"        , info=(3008, 0))
     POTASSIUM     = SaltVersion("Potassium"    , info=(3009, 0))