diff --git a/CHANGELOG.md b/CHANGELOG.md
index 866cb70b9e3e..4528c265d176 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,78 @@ Versions are `MAJOR.PATCH`.
 
 # Changelog
 
+## 3006.9 (2024-07-29)
+
+
+### Deprecated
+
+- Drop CentOS 7 support [#66623](https://github.com/saltstack/salt/issues/66623)
+- No longer build RPM packages with CentOS Stream 9 [#66624](https://github.com/saltstack/salt/issues/66624)
+
+
+### Fixed
+
+- Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
+- Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
+- Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
+- Update to include croniter in pkg requirements [#57649](https://github.com/saltstack/salt/issues/57649)
+- Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
+- Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
+- Fixes multiple issues with the cmd module on Windows. Scripts are called using
+  the ``-File`` parameter to the ``powershell.exe`` binary. ``CLIXML`` data in
+  stderr is now removed (only applies to encoded commands). Commands can now be
+  sent to ``cmd.powershell`` as a list. Makes sure JSON data returned is valid.
+  Strips whitespace from the return when using ``runas``. [#61166](https://github.com/saltstack/salt/issues/61166)
+- Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a
+  rewrite to use PowerShell instead of netsh to make the changes on the system [#61534](https://github.com/saltstack/salt/issues/61534)
+- file.replace and file.search work properly with /proc files [#63102](https://github.com/saltstack/salt/issues/63102)
+- Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
+- Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. [#64563](https://github.com/saltstack/salt/issues/64563)
+- salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. [#64728](https://github.com/saltstack/salt/issues/64728)
+- Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
+- Fix config.items when called on minion [#65251](https://github.com/saltstack/salt/issues/65251)
+- Ensure on rpm and deb systems, that user and group for existing Salt, is maintained on upgrade [#65264](https://github.com/saltstack/salt/issues/65264)
+- Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
+- pkg.installed state aggregate does not honors requires requisite [#65304](https://github.com/saltstack/salt/issues/65304)
+- Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
+- Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM [#65816](https://github.com/saltstack/salt/issues/65816)
+- Corrected x509_v2 CRL creation `last_update` and `next_update` values when system timezone is not UTC [#65837](https://github.com/saltstack/salt/issues/65837)
+- Make sure the root minion process handles SIGUSR1 and emits a traceback like it's child processes [#66095](https://github.com/saltstack/salt/issues/66095)
+- Replaced pyvenv with builtin venv for virtualenv_mod [#66132](https://github.com/saltstack/salt/issues/66132)
+- Made `file.managed` skip download of a remote source if the managed file already exists with the correct hash [#66342](https://github.com/saltstack/salt/issues/66342)
+- Fix win_task ExecutionTimeLimit and result/error code interpretation [#66347](https://github.com/saltstack/salt/issues/66347), [#66441](https://github.com/saltstack/salt/issues/66441)
+- Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses [#66382](https://github.com/saltstack/salt/issues/66382)
+- Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key [#66414](https://github.com/saltstack/salt/issues/66414)
+- Fixed parallel state execution with Salt-SSH [#66514](https://github.com/saltstack/salt/issues/66514)
+- Fix support for FIPS approved encryption and signing algorithms. [#66579](https://github.com/saltstack/salt/issues/66579)
+- Fix relative file_roots paths [#66588](https://github.com/saltstack/salt/issues/66588)
+- Fixed an issue with cmd.run with requirements when the shell is not the
+  default [#66596](https://github.com/saltstack/salt/issues/66596)
+- Fix RPM package provides [#66604](https://github.com/saltstack/salt/issues/66604)
+- Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip [#66632](https://github.com/saltstack/salt/issues/66632)
+- Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) [#66663](https://github.com/saltstack/salt/issues/66663)
+- Upgrade dependencies due to security issues:
+  - pymysql>=1.1.1
+  - requests>=2.32.0
+  - docker>=7.1.0 [#66666](https://github.com/saltstack/salt/issues/66666)
+- Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 [#66683](https://github.com/saltstack/salt/issues/66683)
+- Remove debug output from shell scripts for packaging [#66747](https://github.com/saltstack/salt/issues/66747)
+
+
+### Added
+
+- Add Ubuntu 24.04 support [#66180](https://github.com/saltstack/salt/issues/66180)
+- Add Fedora 40 support, replacing Fedora 39 [#66300](https://github.com/saltstack/salt/issues/66300)
+- Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) [#66624](https://github.com/saltstack/salt/issues/66624)
+
+
+### Security
+
+- Bump to ``jinja2==3.1.4`` due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj [#66488](https://github.com/saltstack/salt/issues/66488)
+- CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is
+  encountered. [#66702](https://github.com/saltstack/salt/issues/66702)
+
+
 ## 3006.8 (2024-04-29)
 
 
diff --git a/changelog/50196.fixed.md b/changelog/50196.fixed.md
deleted file mode 100644
index 979411a640da..000000000000
--- a/changelog/50196.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Made slsutil.renderer work with salt-ssh
diff --git a/changelog/51605.fixed.md b/changelog/51605.fixed.md
deleted file mode 100644
index 990b34413d95..000000000000
--- a/changelog/51605.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed defaults.merge is not available when using salt-ssh
diff --git a/changelog/56441.fixed.md b/changelog/56441.fixed.md
deleted file mode 100644
index 489ad80f7709..000000000000
--- a/changelog/56441.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed config.get does not support merge option with salt-ssh
diff --git a/changelog/57649.fixed.md b/changelog/57649.fixed.md
deleted file mode 100644
index 12d22a0531c0..000000000000
--- a/changelog/57649.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
- Update to include croniter in pkg requirements
diff --git a/changelog/61100.fixed.md b/changelog/61100.fixed.md
deleted file mode 100644
index d7ac2b6bc3f6..000000000000
--- a/changelog/61100.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed state.test does not work with salt-ssh
diff --git a/changelog/61143.fixed.md b/changelog/61143.fixed.md
deleted file mode 100644
index 08a62c9d8b10..000000000000
--- a/changelog/61143.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Made slsutil.findup work with salt-ssh
diff --git a/changelog/61166.fixed.md b/changelog/61166.fixed.md
deleted file mode 100644
index f197c324c9e9..000000000000
--- a/changelog/61166.fixed.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Fixes multiple issues with the cmd module on Windows. Scripts are called using
-the ``-File`` parameter to the ``powershell.exe`` binary. ``CLIXML`` data in
-stderr is now removed (only applies to encoded commands). Commands can now be
-sent to ``cmd.powershell`` as a list. Makes sure JSON data returned is valid.
-Strips whitespace from the return when using ``runas``.
diff --git a/changelog/61534.fixed.md b/changelog/61534.fixed.md
deleted file mode 100644
index ed6c44011409..000000000000
--- a/changelog/61534.fixed.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a
-rewrite to use PowerShell instead of netsh to make the changes on the system
diff --git a/changelog/63102.fixed.md b/changelog/63102.fixed.md
deleted file mode 100644
index 535e1a6c8041..000000000000
--- a/changelog/63102.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-file.replace and file.search work properly with /proc files
diff --git a/changelog/64300.fixed.md b/changelog/64300.fixed.md
deleted file mode 100644
index 4418db1d04c9..000000000000
--- a/changelog/64300.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix utf8 handling in 'pass' renderer
diff --git a/changelog/64563.fixed.md b/changelog/64563.fixed.md
deleted file mode 100644
index fadd9721fed3..000000000000
--- a/changelog/64563.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module.
diff --git a/changelog/64728.fixed.md b/changelog/64728.fixed.md
deleted file mode 100644
index afe36f423164..000000000000
--- a/changelog/64728.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows.
diff --git a/changelog/65067.fixed.md b/changelog/65067.fixed.md
deleted file mode 100644
index d6de87b5bc15..000000000000
--- a/changelog/65067.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed slsutil.update with salt-ssh during template rendering
diff --git a/changelog/65251.fixed.md b/changelog/65251.fixed.md
deleted file mode 100644
index e8abd5af3278..000000000000
--- a/changelog/65251.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix config.items when called on minion
diff --git a/changelog/65264.fixed.md b/changelog/65264.fixed.md
deleted file mode 100644
index 42bb45ac9681..000000000000
--- a/changelog/65264.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Ensure on rpm and deb systems, that user and group for existing Salt, is maintained on upgrade
diff --git a/changelog/65295.fixed.md b/changelog/65295.fixed.md
deleted file mode 100644
index c672de05b756..000000000000
--- a/changelog/65295.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix typo in nftables module to ensure unique nft family values
diff --git a/changelog/65304.fixed.md b/changelog/65304.fixed.md
deleted file mode 100644
index dd162cee7148..000000000000
--- a/changelog/65304.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-pkg.installed state aggregate does not honors requires requisite
diff --git a/changelog/65630.fixed.md b/changelog/65630.fixed.md
deleted file mode 100644
index e8650abcdc1c..000000000000
--- a/changelog/65630.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Added SSH wrapper for logmod
diff --git a/changelog/65816.fixed.md b/changelog/65816.fixed.md
deleted file mode 100644
index 23aaa1e5e8e2..000000000000
--- a/changelog/65816.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM
diff --git a/changelog/65837.fixed.md b/changelog/65837.fixed.md
deleted file mode 100644
index 72f4a30fbda6..000000000000
--- a/changelog/65837.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Corrected x509_v2 CRL creation `last_update` and `next_update` values when system timezone is not UTC
diff --git a/changelog/66095.fixed.md b/changelog/66095.fixed.md
deleted file mode 100644
index c82f646aed29..000000000000
--- a/changelog/66095.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Make sure the root minion process handles SIGUSR1 and emits a traceback like it's child processes
diff --git a/changelog/66132.fixed.md b/changelog/66132.fixed.md
deleted file mode 100644
index 7a64fee8c1e4..000000000000
--- a/changelog/66132.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Replaced pyvenv with builtin venv for virtualenv_mod
diff --git a/changelog/66180.added.md b/changelog/66180.added.md
deleted file mode 100644
index 92925b9f9070..000000000000
--- a/changelog/66180.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add Ubuntu 24.04 support
diff --git a/changelog/66300.added.md b/changelog/66300.added.md
deleted file mode 100644
index 18b4964110f6..000000000000
--- a/changelog/66300.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Add Fedora 40 support, replacing Fedora 39
diff --git a/changelog/66342.fixed.md b/changelog/66342.fixed.md
deleted file mode 100644
index da57b2926d05..000000000000
--- a/changelog/66342.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Made `file.managed` skip download of a remote source if the managed file already exists with the correct hash
diff --git a/changelog/66347.fixed.md b/changelog/66347.fixed.md
deleted file mode 100644
index e61e5ce64a9a..000000000000
--- a/changelog/66347.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix win_task ExecutionTimeLimit and result/error code interpretation
diff --git a/changelog/66382.fixed.md b/changelog/66382.fixed.md
deleted file mode 100644
index 15875838cff0..000000000000
--- a/changelog/66382.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses
diff --git a/changelog/66414.fixed.md b/changelog/66414.fixed.md
deleted file mode 100644
index e777d18226dd..000000000000
--- a/changelog/66414.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key
diff --git a/changelog/66441.fixed.md b/changelog/66441.fixed.md
deleted file mode 100644
index e61e5ce64a9a..000000000000
--- a/changelog/66441.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix win_task ExecutionTimeLimit and result/error code interpretation
diff --git a/changelog/66488.security.md b/changelog/66488.security.md
deleted file mode 100644
index 7871bb678db7..000000000000
--- a/changelog/66488.security.md
+++ /dev/null
@@ -1 +0,0 @@
-Bump to ``jinja2==3.1.4`` due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj
diff --git a/changelog/66514.fixed.md b/changelog/66514.fixed.md
deleted file mode 100644
index 9c579378ac3a..000000000000
--- a/changelog/66514.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixed parallel state execution with Salt-SSH
diff --git a/changelog/66579.fixed.md b/changelog/66579.fixed.md
deleted file mode 100644
index ccef663b8464..000000000000
--- a/changelog/66579.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix support for FIPS approved encryption and signing algorithms.
diff --git a/changelog/66588.fixed.md b/changelog/66588.fixed.md
deleted file mode 100644
index 6bc72eff59bb..000000000000
--- a/changelog/66588.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix relative file_roots paths
diff --git a/changelog/66596.fixed.md b/changelog/66596.fixed.md
deleted file mode 100644
index a4a27151f2c1..000000000000
--- a/changelog/66596.fixed.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Fixed an issue with cmd.run with requirements when the shell is not the
-default
diff --git a/changelog/66604.fixed.md b/changelog/66604.fixed.md
deleted file mode 100644
index 4d1a771ca54b..000000000000
--- a/changelog/66604.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix RPM package provides
diff --git a/changelog/66623.deprecated.md b/changelog/66623.deprecated.md
deleted file mode 100644
index 8d829eadec97..000000000000
--- a/changelog/66623.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-Drop CentOS 7 support
diff --git a/changelog/66624.added.md b/changelog/66624.added.md
deleted file mode 100644
index fbc4adf84c7c..000000000000
--- a/changelog/66624.added.md
+++ /dev/null
@@ -1 +0,0 @@
-Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9)
diff --git a/changelog/66624.deprecated.md b/changelog/66624.deprecated.md
deleted file mode 100644
index 10b397bae85b..000000000000
--- a/changelog/66624.deprecated.md
+++ /dev/null
@@ -1 +0,0 @@
-No longer build RPM packages with CentOS Stream 9
diff --git a/changelog/66632.fixed.md b/changelog/66632.fixed.md
deleted file mode 100644
index c50213867cae..000000000000
--- a/changelog/66632.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip
diff --git a/changelog/66663.fixed.md b/changelog/66663.fixed.md
deleted file mode 100644
index 14a40b4730e1..000000000000
--- a/changelog/66663.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md)
diff --git a/changelog/66666.fixed.md b/changelog/66666.fixed.md
deleted file mode 100644
index 076088f4d0c8..000000000000
--- a/changelog/66666.fixed.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Upgrade dependencies due to security issues:
-- pymysql>=1.1.1
-- requests>=2.32.0
-- docker>=7.1.0
diff --git a/changelog/66683.fixed.md b/changelog/66683.fixed.md
deleted file mode 100644
index 2917188fa638..000000000000
--- a/changelog/66683.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044
diff --git a/changelog/66702.security.md b/changelog/66702.security.md
deleted file mode 100644
index 4fdd6b4ea3fd..000000000000
--- a/changelog/66702.security.md
+++ /dev/null
@@ -1,2 +0,0 @@
-CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is
-encountered.
diff --git a/changelog/66747.fixed.md b/changelog/66747.fixed.md
deleted file mode 100644
index cd47b65a3599..000000000000
--- a/changelog/66747.fixed.md
+++ /dev/null
@@ -1 +0,0 @@
-Remove debug output from shell scripts for packaging
diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1
index 96f6e137793c..8291a66022ce 100644
--- a/doc/man/salt-api.1
+++ b/doc/man/salt-api.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-API" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-API" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .sp
diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1
index 2ed60593bb7e..35d98500941a 100644
--- a/doc/man/salt-call.1
+++ b/doc/man/salt-call.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CALL" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-CALL" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .SH SYNOPSIS
diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1
index cc2139878bc0..22d9732a3b97 100644
--- a/doc/man/salt-cloud.1
+++ b/doc/man/salt-cloud.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CLOUD" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-CLOUD" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .sp
diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1
index 952c6008c9d2..a757a358a904 100644
--- a/doc/man/salt-cp.1
+++ b/doc/man/salt-cp.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CP" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-CP" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .sp
diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1
index f6ac175d835b..2f689b155b8b 100644
--- a/doc/man/salt-key.1
+++ b/doc/man/salt-key.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-KEY" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-KEY" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .SH SYNOPSIS
diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1
index e7004f2fcafc..437728385da4 100644
--- a/doc/man/salt-master.1
+++ b/doc/man/salt-master.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MASTER" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-MASTER" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .sp
diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1
index 1231e4d55511..d0da789a6bfc 100644
--- a/doc/man/salt-minion.1
+++ b/doc/man/salt-minion.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MINION" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-MINION" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .sp
diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1
index 18346acad6f0..0a50d38ac921 100644
--- a/doc/man/salt-proxy.1
+++ b/doc/man/salt-proxy.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-PROXY" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-PROXY" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .sp
diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1
index 5b456b4f1bc0..41d5119c283f 100644
--- a/doc/man/salt-run.1
+++ b/doc/man/salt-run.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-RUN" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-RUN" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .sp
diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1
index 186d13f2fea2..2d4e889a892f 100644
--- a/doc/man/salt-ssh.1
+++ b/doc/man/salt-ssh.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SSH" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-SSH" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .SH SYNOPSIS
diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1
index 8207be769d1f..d99ec21b2363 100644
--- a/doc/man/salt-syndic.1
+++ b/doc/man/salt-syndic.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SYNDIC" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT-SYNDIC" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .sp
diff --git a/doc/man/salt.1 b/doc/man/salt.1
index 21511c9e0355..a50c5f851aa6 100644
--- a/doc/man/salt.1
+++ b/doc/man/salt.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt \- salt
 .SH SYNOPSIS
diff --git a/doc/man/salt.7 b/doc/man/salt.7
index 25cf54d9fbb0..9860436c1219 100644
--- a/doc/man/salt.7
+++ b/doc/man/salt.7
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "7" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SALT" "7" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .SH SALT PROJECT
@@ -1797,6 +1797,17 @@ user: root
 .fi
 .UNINDENT
 .UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Starting with version \fI3006.0\fP, Salt\(aqs offical packages ship with a default
+configuration which runs the Master as a non\-priviledged user. The Master\(aqs
+configuration file has the \fIuser\fP option set to \fIuser: salt\fP\&. Unless you
+are absolutly sure want to run salt as some other user, care should be
+taken to preserve this setting in your Master configuration file..
+.UNINDENT
+.UNINDENT
 .SS \fBenable_ssh_minions\fP
 .sp
 Default: \fBFalse\fP
@@ -3960,6 +3971,17 @@ publish_session: Default: 86400
 .fi
 .UNINDENT
 .UNINDENT
+.SS \fBpublish_signing_algorithm\fP
+.sp
+New in version 3006.9.
+
+.sp
+Default: PKCS1v15\-SHA1
+.sp
+The RSA signing algorithm used by this minion when connecting to the
+master\(aqs request channel. Valid values are \fBPKCS1v15\-SHA1\fP and
+\fBPKCS1v15\-SHA224\fP\&. Minions must be at version \fB3006.9\fP or greater if this
+is changed from the default setting.
 .SS \fBssl\fP
 .sp
 New in version 2016.11.0.
@@ -12634,6 +12656,25 @@ ssl:
 .fi
 .UNINDENT
 .UNINDENT
+.SS \fBencryption_algorithm\fP
+.sp
+New in version 3006.9.
+
+.sp
+Default: OAEP\-SHA1
+.sp
+The RSA encryption algorithm used by this minion when connecting to the
+master\(aqs request channel. Valid values are \fBOAEP\-SHA1\fP and \fBOAEP\-SHA224\fP
+.SS \fBsigning_algorithm\fP
+.sp
+New in version 3006.9.
+
+.sp
+Default: PKCS1v15\-SHA1
+.sp
+The RSA signing algorithm used by this minion when connecting to the
+master\(aqs request channel. Valid values are \fBPKCS1v15\-SHA1\fP and
+\fBPKCS1v15\-SHA224\fP
 .SS Reactor Settings
 .SS \fBreactor\fP
 .sp
@@ -23879,10 +23920,10 @@ most secure setup, only connect syndics directly to master of masters.
 \fI\%saltproject\-security.pdl@broadcom.com\fP
 .TP
 .B gpg key ID
-4EA0793D
+37654A06
 .TP
 .B gpg key fingerprint
-\fB8ABE 4EFC F0F4 B24B FF2A  AF90 D570 F2D3 4EA0 793D\fP
+\fB99EF 26F2 6469 2D24 973A 7007 E8BF 76A7 3765 4A06\fP
 .UNINDENT
 .sp
 \fBgpg public key:\fP
@@ -23893,104 +23934,55 @@ most secure setup, only connect syndics directly to master of masters.
 .ft C
 \-\-\-\-\-BEGIN PGP PUBLIC KEY BLOCK\-\-\-\-\-
 
-mQINBFO15mMBEADa3CfQwk5ED9wAQ8fFDku277CegG3U1hVGdcxqKNvucblwoKCb
-hRK6u9ihgaO9V9duV2glwgjytiBI/z6lyWqdaD37YXG/gTL+9Md+qdSDeaOa/9eg
-7y+g4P+FvU9HWUlujRVlofUn5Dj/IZgUywbxwEybutuzvvFVTzsn+DFVwTH34Qoh
-QIuNzQCSEz3Lhh8zq9LqkNy91ZZQO1ZIUrypafspH6GBHHcE8msBFgYiNBnVcUFH
-u0r4j1Rav+621EtD5GZsOt05+NJI8pkaC/dDKjURcuiV6bhmeSpNzLaXUhwx6f29
-Vhag5JhVGGNQxlRTxNEM86HEFp+4zJQ8m/wRDrGX5IAHsdESdhP+ljDVlAAX/ttP
-/Ucl2fgpTnDKVHOA00E515Q87ZHv6awJ3GL1veqi8zfsLaag7rw1TuuHyGLOPkDt
-t5PAjsS9R3KI7pGnhqI6bTOi591odUdgzUhZChWUUX1VStiIDi2jCvyoOOLMOGS5
-AEYXuWYP7KgujZCDRaTNqRDdgPd93Mh9JI8UmkzXDUgijdzVpzPjYgFaWtyK8lsc
-Fizqe3/Yzf9RCVX/lmRbiEH+ql/zSxcWlBQd17PKaL+TisQFXcmQzccYgAxFbj2r
-QHp5ABEu9YjFme2Jzun7Mv9V4qo3JF5dmnUk31yupZeAOGZkirIsaWC3hwARAQAB
-tDBTYWx0U3RhY2sgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAc2FsdHN0YWNrLmNv
-bT6JAj4EEwECACgFAlO15mMCGwMFCQeGH4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
-AheAAAoJENVw8tNOoHk9z/MP/2vzY27fmVxU5X8joiiturjlgEqQw41IYEmWv1Bw
-4WVXYCHP1yu/1MC1uuvOmOd5BlI8YO2C2oyW7d1B0NorguPtz55b7jabCElekVCh
-h/H4ZVThiwqgPpthRv/2npXjIm7SLSs/kuaXo6Qy2JpszwDVFw+xCRVL0tH9KJxz
-HuNBeVq7abWD5fzIWkmGM9hicG/R2D0RIlco1Q0VNKy8klG+pOFOW886KnwkSPc7
-JUYp1oUlHsSlhTmkLEG54cyVzrTP/XuZuyMTdtyTc3mfgW0adneAL6MARtC5UB/h
-q+v9dqMf4iD3wY6ctu8KWE8Vo5MUEsNNO9EA2dUR88LwFZ3ZnnXdQkizgR/Aa515
-dm17vlNkSoomYCo84eN7GOTfxWcq+iXYSWcKWT4X+h/ra+LmNndQWQBRebVUtbKE
-ZDwKmiQz/5LY5EhlWcuU4lVmMSFpWXt5FR/PtzgTdZAo9QKkBjcv97LYbXvsPI69
-El1BLAg+m+1UpE1L7zJT1il6PqVyEFAWBxW46wXCCkGssFsvz2yRp0PDX8A6u4yq
-rTkt09uYht1is61joLDJ/kq3+6k8gJWkDOW+2NMrmf+/qcdYCMYXmrtOpg/wF27W
-GMNAkbdyzgeX/MbUBCGCMdzhevRuivOI5bu4vT5s3KdshG+yhzV45bapKRd5VN+1
-mZRqiQJVBBMBAgA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBIq+Tvzw
-9LJL/yqvkNVw8tNOoHk9BQJb0e5rBQkL3m8IAAoJENVw8tNOoHk9fzMP/ApQtkQD
-BmoYEBTF6BH1bywzDw5OHpnBSLbuoYtA3gkhnm/83MzFDcGn22pgo2Fv0MuHltWI
-G2oExzje7szmcM6Xg3ZTKapJ3/p2J+P33tkJA1LWpg+DdgdQlqrjlXKwEnikszuB
-9IMhbjoPeBzwiUtsBQmcwbVgwMzbscwoV5DJ/gLDCkgF4rp2uKEYAcBi8s9NGX6p
-zQsb9Sb0/bKdCrszAcvUn4WYB6WbAPttvutYHtg/nZfXEeX/SgBueXo3lO9vzFlO
-r3Zgk7WeucsEqa9Qo0VLOq28HykixM5mEJKsAQrNIqM1DqXgfDch8RJAHzgMBHFH
-Qi9hJXk1/6OA2FPXQGcA9Td5Dt0i1Z7wMrAUMj3s9gNMVCD0hQqEKfUtpyV7KBAj
-AO5j8Wr8KafnRm6czBCkcV0SRzHQSHdYyncozWwPgWOaRC9AY9fEDz8lBaSoB/C+
-dyO/xZMTWoaWqkHozVoHIrCc4CAtZTye/5mxFhq15Q1Iy/NjelrMTCD1kql1dNIP
-oOgfOYl1xLMQIBwrrCrgeRIvxEgKRf9KOLbSrS7+3vOKoxf+LD4AQfLci8dFyH+I
-t0Z43nk93yTOI82RTdz5GwUXIKcvGhsJ8bgNlGTxM1R/Sl8Sg8diE2PRAp/fk7+g
-CwOM8VkeyrDM2k1cy64d8USkbR7YtT3otyFQiQJVBBMBCAA/AhsDBgsJCAcDAgYV
-CAIJCgsEFgIDAQIeAQIXgBYhBIq+Tvzw9LJL/yqvkNVw8tNOoHk9BQJeapbNBQkN
-v4KKAAoJENVw8tNOoHk9BFQP/04a1yQb3aOYbNgx+ER9l54wZbUUlReU+ujmlW03
-12ZW8fFZ0SN2q7xKtE/I9nNl1gjJ7NHTP3FhZ0eNyG+mJeGyrscVKxaAkTV+71e3
-7n94/qC2bM753X+2160eR7Md+R/itoljStwmib1583rSTTUld1i4FnUTrEhF7MBt
-I/+5l7vUK4Hj1RPovHVeHXYfdbrS6wCBi6GsdOfYGfGacZIfM4XLXTkyjVt4Zg0j
-rwZ36P1amHky1QyvQ2stkXjCEtP04h3o3EfC1yupNXarO1VXj10/wWYhoGAz6AT2
-Usk6DiaiJqHPy2RwPfKzv7ZrUlMxKrqjPUHcoBf++EjzFtR3LJ0pY2fLwp6Pk4s4
-18Xwi7r16HnCH/BZgqZVyXAhDV6+U9rAHab/n4b0hcWWaT2SIhsyZKtEMiTMJeq5
-aAMcRSWX+dHO+MzMIBzNu7BO3b+zODD0+XSMsPqeHp3cqfZ3EHobKQPPFucdfjug
-Hx2+dbPD3IwJVIilc9Otfz/+JYG4im5p4N6UCwXHbtiuuREC1SQpU9BqEjQAyIiL
-gXlE5MSVqXijkrIpYB+K8cR+44nQ4K2kc4ievNqXR6D7XQ3AE76QN84Lby2b5W86
-bbboIy0Bgy+9jgCx0CS7fk1P8zx1dw2FNDVfxZ+s473ZvwP1wdSRZICjZUvM8hx4
-4kPCiQJVBBMBCAA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBIq+Tvzw
-9LJL/yqvkNVw8tNOoHk9BQJiOkMeBQkUJ/c7AAoJENVw8tNOoHk9Xx8P/26W8v/v
-Exmttzcqh7MlihddXfr2lughSuUBQ8aLsffGHSGIgyqSPlq0Fl5qOCoJ8hYZSBqV
-yEfo7iRY7E3K1LGXKDkpup9hC1wMjR0A25eoXwEnD2vEQ/upXXueH05vkcMc165B
-cK0kNxas+2amCc3nHJOlfWILXQk4OS+nB0lBWe8H96ppfAaX/G0JiYsa0hjNycZq
-0ftEdCkAJRvSFuu6d3gXH69KLxoNcJOE+99f3wMOuOcX3Xf1k/cwqdJRdEiW8oz8
-Gf5ZRzWcpsXXg6nB2mkahLoRDMM2U+1C6fHbUg4yTvU1AB+F/OYqe1d0hedho0o5
-+WWoTuM/U79+m3NM14qvr0iJP7ytABiEE96nNAz+Q0NDZqA6JoUd7obo8KVjGHEt
-9bRl/8K/zWkdNLoF84tWjEiBCzCKXGEay7lgiIx5f3OvP91CfGL+ILHrk/AZR1eE
-M+KI7wB8sJEFF95UoKVua3YzLIFScB4bUEOg6bz8xSSP4a0BWktSm5ws8iCWqOE6
-S9haCppZ7a6k5czQNPJV2bp2eTS4ykFAQLv/mHMS5awIvb8b630Rufn1vZHKCrMf
-WdSbBZD7oojxYo1psPlfzN2KUrNXgl7vAUNagJEogMoiYAZ2ML7rTVAC1qnbxQb+
-DeC+r0I98AIY6igIgRbcybH3ccfXYNtcxLUJuQINBFO15mMBEAC5UuLii9ZLz6qH
-fIJp35IOW9U8SOf7QFhzXR7NZ3DmJsd3f6Nb/habQFIHjm3K9wbpj+FvaW2oWRlF
-VvYdzjUq6c82GUUjW1dnqgUvFwdmM8351n0YQ2TonmyaF882RvsRZrbJ65uvy7SQ
-xlouXaAYOdqwLsPxBEOyOnMPSktW5V2UIWyxsNP3sADchWIGq9p5D3Y/loyIMsS1
-dj+TjoQZOKSj7CuRT98+8yhGAY8YBEXu9r3I9o6mDkuPpAljuMc8r09Im6az2egt
-K/szKt4Hy1bpSSBZU4W/XR7XwQNywmb3wxjmYT6Od3Mwj0jtzc3gQiH8hcEy3+BO
-+NNmyzFVyIwOLziwjmEcw62S57wYKUVnHD2nglMsQa8Ve0e6ABBMEY7zGEGStva5
-9rfgeh0jUMJiccGiUDTMs0tdkC6knYKbu/fdRqNYFoNuDcSeLEw4DdCuP01l2W4y
-Y+fiK6hAcL25amjzc+yYo9eaaqTn6RATbzdhHQZdpAMxY+vNT0+NhP1Zo5gYBMR6
-5Zp/VhFsf67ijb03FUtdw9N8dHwiR2m8vVA8kO/gCD6wS2p9RdXqrJ9JhnHYWjiV
-uXR+f755ZAndyQfRtowMdQIoiXuJEXYw6XN+/BX81gJaynJYc0uw0MnxWQX+A5m8
-HqEsbIFUXBYXPgbwXTm7c4IHGgXXdwARAQABiQI8BBgBAgAmAhsMFiEEir5O/PD0
-skv/Kq+Q1XDy006geT0FAlvR7oMFCQvebyAACgkQ1XDy006geT2Hxw//Zha8j8Uc
-4B+DmHhZIvPmHp9aFI4DWhC7CBDrYKztBz42H6eX+UsBu4p+uBDKdW9xJH+Qt/zF
-nf/zB5Bhc/wFceVRCAkWxPdiIQeo5XQGjZeORjle7E9iunTko+5q1q9I7IgqWYrn
-jRmulDvRhO7AoUrqGACDrV6t0F1/XPB8seR2i6axFmFlt1qBHasRq11yksdgNYiD
-KXaovf7csDGPGOCWEKMX7BFGpdK/dWdNYfH0Arfom0U5TqNfvGtP4yRPx2bcs7/1
-VXPj7IqhBgOtA9pwtMjFki8HGkqj7bB2ErFBOnSwqqNnNcbnhiO6D74SHVGAHhKZ
-whaMPDg76EvjAezoLHg7KWYOyUkWJSLa+YoM9r4+PJuEuW/XuaZCNbrAhek+p3pD
-ywhElvZe/2UFk619qKzwSbTzk7a90rxLQ2wwtd0vxAW/GyjWl4/kOMZhI5+LAk1l
-REucE0fSQxzCTeXu2ObvFR9ic02IYGH3Koz8CrGReEI1J05041Y5IhKxdsvGOD2W
-e7ymcblYW4Gz8eYFlLeNJkj/38R7qmNZ028XHzAZDCAWDiTFrnCoglyk+U0JRHfg
-HTsdvoc8mBdT/s24LhnfAbpLizlrZZquuOF6NLQSkbuLtmIwf+h9ynEEJxEkGGWg
-7JqB1tMjNHLkRpveO/DTYB+iffpba1nCgumJAjwEGAEIACYCGwwWIQSKvk788PSy
-S/8qr5DVcPLTTqB5PQUCYjpDOQUJFCf3VgAKCRDVcPLTTqB5PYDiEADaj1aAdXDb
-+XrlhzlGCT3e16RDiE4BjSD1KHZX8ZDABI79JDG0iMN2PpWuViXq7AvWuwgNYdac
-WjHsZGgHW82UoPVGKnfEVjjf0lQQIIcgdS5dEV8LamkeIo4vKUX/MZY+Mivk6luP
-vCec9Euj/XU1nY6gGq6inpwDtZkNoJlCBune/IIGS82dU8RrSGAHNRZoaDJfdfQm
-j7YAOWCUqyzn747yMyuMUOc15iJIgOz1dKN5YwDmFkzjlw+616Aswcp8UA0OfOQ+
-e4THli32BgKTSNeOGhGgx1xCDkt+0gP1L0L2Sqhlr6BnqNF65mQ4j2v6UGY1noCo
-jYxFchoa1zEdEiZRr/sRO91XlJtK7HyIAI0cUHKVU+Cayoh//OBQBJnbeZlfh9Qn
-4ead1pTz9bcKIeZleAjlzNG249bGY+82WsFghb4/7U9MYJVePz0m1zJKPkdABZ+R
-lSDvhf4ImesfH5UuofZFv1UXmQL4yV7PDXXdy2xhma7YLznyZTUobDoJiZbuO72O
-g5HJCpYoNfvGx++Z9naomUWufqi9PWigEMxU8lUtiGaLQrDW3inTOZTTmTnsJiAI
-Lhku0Jr4SjCqxoEFydXOGvNV5XB4WXvf+A6JhcZI+/S72ai1CeSgMFiJLAEb2MZ+
-fwPKmQ2cKnCBs5ASj1DkgUcz2c8DTUPVqg==
-=i1Tf
+mQINBGZpxDsBEACz8yoRBXaJiifaWz3wd4FLSO18mgH7H/+0iNTbV1ZwhgGEtWTF
+Z31HfrsbxVgICoMgFYt8WKnc4MHZLIgDfTuCFQpf7PV/VqRBAknZwQKEAjHfrYNz
+Q1vy3CeKC1qcKQISEQr7VFf58sOC8GJ54jLLc2rCsg9cXI6yvUFtGwL9Qv7g/NZn
+rtLjc4NZIKdIvSt+/PtooQtsz0jfLMdMpMFa41keH3MknIbydBUnGj7eC8ANN/iD
+Re2QHAW2KfQh3Ocuh/DpJ0/dwbzXmXfMWHk30E+s31TfdLiFt1Iz5kZDF8iHrDMq
+x39/GGmF10y5rfq43V1Ucxm+1tl5Km0JcX6GpPUtgRpfUYAxwxfGfezt4PjYRYH2
+mNxXXPLsnVTvdWPTvS0msSrcTHmnU5His38I6goXI7dLZm0saqoWi3sqEQ8TPS6/
+DkLtYjpb/+dql+KrXD7erd3j8KKflIXn7AEsv+luNk6czGOKgdG9agkklzOHfEPc
+xOGmaFfe/1mu8HxgaCuhNAQWlk79ZC+GAm0sBZIQAQRtABgag5vWr16hVix7BPMG
+Fp8+caOVv6qfQ7gBmJ3/aso6OzyOxsluVxQRt94EjPTm0xuwb1aYNJOhEj9cPkjQ
+XBjo3KN0rwcAViR/fdUzrIV1sn2hms0v5WZ+TDtz1w0OpLZOwe23BDE1+QARAQAB
+tEJTYWx0IFByb2plY3QgU2VjdXJpdHkgVGVhbSA8c2FsdHByb2plY3Qtc2VjdXJp
+dHkucGRsQGJyb2FkY29tLmNvbT6JAlcEEwEKAEEWIQSZ7ybyZGktJJc6cAfov3an
+N2VKBgUCZmnEOwIbAwUJB4TOAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
+CRDov3anN2VKBk7rD/9QdcYdNGfk96W906HlVpb3JCwT0t9T7ElP97Ot0YN6LqMj
+vVQpxWYi7riUSyt1FtlCAM+hmghImzILF9LKDRCZ1H5UStI/u9T53cZpUZtVW/8R
+bUNBCl495UcgioIZG5DsfZ/GdBOgY+hQfdgh7HC8a8A/owCt2hHbnth970NQ+LHb
+/0ERLfOHRxozgPBhze8Vqf939KlteM5ljgTw/IkJJIsxJi4C6pQntSHvB3/Bq/Nw
+Kf3vk3XYFtVibeQODSVvc6useo+SNGV/wsK/6kvh/vfP9Trv/GMOn/89Bj2aL1PR
+M382E6sDB9d22p4ehVgbcOpkwHtr9DGerK9xzfG4aUjLu9qVD5Ep3gqKSsCe+P8z
+bpADdVCnk+Vdp3Bi+KI7buSkqfbZ0m9vCY3ei1fMiDiTTjvNliL5QCO6PvYNYiDw
++LLImrQThv55ZRQsRRT7J6A94kwDoI6zcBEalv/aPws0nQHJtgWRUpmy5RcbVu9Z
+QBXlUpCzCB+gGaGRE1u0hCfuvkbcG1pXFFBdSUuAK4o4ktiRALVUndELic/PU1nR
+jwo/+j0SGw/jTwqVChUfLDZbiAQ2JICoVpZ+e1zQfsxa/yDu2e4D543SvNFHDsxh
+bsBeCsopzJSA0n2HAdYvPxOPoWVvZv+U8ZV3EEVOUgsO5//cRJddCgLU89Q4DrkC
+DQRmacQ7ARAAsz8jnpfw3DCRxdCVGiqWAtgj8r2gx5n1wJsKsgvyGQdKUtPwlX04
+7w13lIDT2DwoXFozquYsTn9XkIoWbVckqo0NN/V7/QxIZIYTqRcFXouHTbXDJm5C
+tsvfDlnTsaplyRawPU2mhYg39/lzIt8zIjvy5zo/pElkRP5m03nG+ItrsHN6CCvf
+ZiRxme6EQdn+aoHh2GtICL8+c3HvQzTHYKxFn84Ibt3uNxwt+Mu6YhG9tkYMQQk5
+SkYA4CYAaw2Lc/g0ee36iqw/5d79M8YcQtHhy5zzqgdEvExjFPdowV1hhFIEkNkM
+uqIAknXVesqLLw2hPeYmyhYQqeBKIrWmBhBKX9c0vMYkDDH3T/sSylVhH0QAXP6E
+WmLja3E1ov6pt6j7j/wWzC9LSMFDJI2yWCeOE1oea5D89tH6XvsGRTiog62zF/9a
+77197iIa0+o91chp4iLkzDvuK8pVujPx8bNsK8jlJ+OW73NmliCVg+hecoFLNsri
+/TsBngFNVcu79Q1XfyvoDdR2C09ItCBEZGt6LOlq/+ATUw1aBz6L1hvLBtiR3Hfu
+X31YlbxdvVPjlzg6O6GXSfnokNTWv2mVXWTRIrP0RrKvMyiNPXVW7EunUuXI0Axk
+Xg3E5kAjKXkBXzoCTCVz/sXPLjvjI0x3Z7obgPpcTi9h5DIX6PFyK/kAEQEAAYkC
+PAQYAQoAJhYhBJnvJvJkaS0klzpwB+i/dqc3ZUoGBQJmacQ7AhsMBQkHhM4AAAoJ
+EOi/dqc3ZUoGDeAQAKbyiHA1sl0fnvcZxoZ3mWA/Qesddp7Nv2aEW8I3hAJoTVml
+ZvMxk8leZgsQJtSsVDNnxeyW+WCIUkhxmd95UlkTTj5mpyci1YrxAltPJ2TWioLe
+F2doP8Y+4iGnaV+ApzWG33sLr95z37RKVdMuGk/O5nLMeWnSPA7HHWJCxECMm0SH
+uI8aby8w2aBZ1kOMFB/ToEEzLBu9fk+zCzG3uH8QhdciMENVhsyBSULIrmwKglyI
+VQwj2dXHyekQh7QEHV+CdKMfs3ZOANwm52OwjaK0dVb3IMFGvlUf4UXXfcXwLAkj
+vW+Ju4kLGxVQpOlh1EBain9WOaHZGh6EGuTpjJO32PyRq8iSMNb8coeonoPFWrE/
+A5dy3z5x5CZhJ6kyNwYs/9951r30Ct9qNZo9WZwp8AGQVs+J9XEYnZIWXnO1hdKs
+dRStPvY7VqS500t8eWqWRfCLgofZAb9Fv7SwTPQ2G7bOuTXmQKAIEkU9vzo5XACu
+AtR/9bC9ghNnlNuH4xiViBclrq2dif/I2ZwItpQHjuCDeMKz9kdADRI0tuNPpRHe
+QP1YpURW+I+PYZzNgbnwzl6Bxo7jCHFgG6BQ0ih5sVwEDhlXjSejd8CNMYEy3ElL
+xJLUpltwXLZSrJEXYjtJtnh0om71NXes0OyWE1cL4+U6WA9Hho6xedjk2bai
+=pPmt
 \-\-\-\-\-END PGP PUBLIC KEY BLOCK\-\-\-\-\-
 .ft P
 .fi
@@ -152431,7 +152423,7 @@ salt \(aq*\(aq cmd.retcode \(dqgrep f\(dq stdin=\(aqone\entwo\enthree\enfour\enf
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, password=None, encoded_cmd=False, raise_err=False, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs)
+.B salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, redirect_stderr=True, bg=False, password=None, encoded_cmd=False, raise_err=False, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs)
 Execute the passed command and return the output as a string
 .INDENT 7.0
 .TP
@@ -152622,6 +152614,16 @@ New in version 2018.3.0.
 .IP \(bu 2
 \fBuse_vt\fP (\fI\%bool\fP) \-\- Use VT utils (saltstack) to stream the command output
 more interactively to the console and the logs. This is experimental.
+.IP \(bu 2
+\fBredirect_stderr\fP (\fI\%bool\fP) \-\-
+.sp
+If set to \fBTrue\fP, then stderr will be
+redirected to stdout. This is helpful for cases where obtaining both
+the retcode and output is desired. Default is \fBTrue\fP
+.sp
+New in version 3006.9.
+
+
 .IP \(bu 2
 \fBencoded_cmd\fP (\fI\%bool\fP) \-\-
 .sp
@@ -154251,13 +154253,17 @@ the source string is salt://spam/eggs
 .sp
 String of command line args to pass to the script. Only
 used if no args are specified as part of the \fIname\fP argument. To pass a
-string containing spaces in YAML, you will need to doubly\-quote it:
+string containing spaces in YAML, you will need to doubly\-quote it.
+Additionally, if you need to pass falsey values (e.g., \(dq0\(dq, \(dq\(dq, \(dqFalse\(dq),
+you should doubly\-quote them to ensure they are correctly interpreted:
 .INDENT 2.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
 salt myminion cmd.script salt://foo.sh \(dqarg1 \(aqarg two\(aq arg3\(dq
+salt myminion cmd.script salt://foo.sh \(dq\(aq\(aq0\(aq\(aq\(dq
+salt myminion cmd.script salt://foo.sh \(dq\(aq\(aqFalse\(aq\(aq\(dq
 .ft P
 .fi
 .UNINDENT
@@ -154479,6 +154485,11 @@ New in version 2019.2.0.
 
 
 .UNINDENT
+.TP
+.B Returns
+The return value of the script execution, including stdout, stderr,
+and the exit code. If the script returns a falsey string value, it should be
+doubly\-quoted to ensure it is correctly interpreted by Salt.
 .UNINDENT
 .sp
 CLI Example:
@@ -194172,7 +194183,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.8\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
+.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.9\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .INDENT 7.0
@@ -312367,7 +312378,7 @@ Defaults to \fBvirtualenv\fP\&.
 .TP
 .B system_site_packages
 False
-Passthrough argument given to virtualenv or pyvenv
+Passthrough argument given to virtualenv or venv
 .TP
 .B distribute
 False
@@ -312380,7 +312391,7 @@ Install pip after creating a virtual environment. Implies
 .TP
 .B clear
 False
-Passthrough argument given to virtualenv or pyvenv
+Passthrough argument given to virtualenv or venv
 .TP
 .B python
 None (default)
@@ -312400,11 +312411,11 @@ Passthrough argument given to virtualenv if not None
 .TP
 .B symlinks
 None
-Passthrough argument given to pyvenv if True
+Passthrough argument given to venv if True
 .TP
 .B upgrade
 None
-Passthrough argument given to pyvenv if True
+Passthrough argument given to venv if True
 .TP
 .B user
 None
@@ -413484,8 +413495,12 @@ New in version 2016.3.5.
 Set to \fBFalse\fP to discard the cached copy of the source file once the
 state completes. This can be useful for larger files to keep them from
 taking up space in minion cache. However, keep in mind that discarding
-the source file will result in the state needing to re\-download the
-source file if the state is run again.
+the source file might result in the state needing to re\-download the
+source file if the state is run again. If the source is not a local or
+\fBsalt://\fP one, the source hash is known, \fBskip_verify\fP is not true
+and the managed file exists with the correct hash and is not templated,
+this is not the case (i.e. remote downloads are avoided if the local hash
+matches the expected one).
 .sp
 New in version 2017.7.3.
 
@@ -425386,6 +425401,26 @@ root:
 .fi
 .UNINDENT
 .UNINDENT
+.sp
+\fBWARNING:\fP
+.INDENT 0.0
+.INDENT 3.5
+The effective permissions of Linux file access control lists (ACLs) are
+governed by the \(dqeffective rights mask\(dq (the \fImask\fP line in the output of
+the \fIgetfacl\fP command) combined with the \fIperms\fP set by this module: any
+permission bits (for example, r=read) present in an ACL but not in the mask
+are ignored.  The mask is automatically recomputed when setting an ACL, so
+normally this isn\(aqt important.  However, if the file permissions are
+changed (with \fIchmod\fP or \fIfile.managed\fP, for example), the mask will
+generally be set based on just the group bits of the file permissions.
+.sp
+As a result, when using \fIfile.managed\fP or similar to control file
+permissions as well as this module, you should set your group permissions
+to be at least as broad as any permissions in your ACL. Otherwise, the two
+state declarations will each register changes each run, and if the \fIfile\fP
+declaration runs later, your ACL will be ineffective.
+.UNINDENT
+.UNINDENT
 .INDENT 0.0
 .TP
 .B salt.states.linux_acl.absent(name, acl_type, acl_name=\(aq\(aq, perms=\(aq\(aq, recurse=False)
@@ -451534,7 +451569,9 @@ the file will be transferred from the master file server.
 Prefer wheel archives (requires pip >= 1.4).
 .TP
 .B python: None
-Python executable used to build the virtualenv
+Python executable used to build the virtualenv. When Salt is installed
+from a onedir package. You will likely want to specify which python
+interperter should be used.
 .TP
 .B user: None
 The user under which to run virtualenv and pip.
@@ -451596,6 +451633,12 @@ kwargs, such as the \fBpip\fP option, require \fB\- distribute: True\fP\&.
 .fi
 .UNINDENT
 .UNINDENT
+.sp
+Current versions of Salt use onedir packages and will use onedir python
+interpreter by default. If you\(aqve installed Salt via out package
+repository. You will likely want to provide the path to the interpreter
+with which you would like to be used to create the virtual environment. The
+interpreter can be specified by providing the \fIpython\fP option.
 .UNINDENT
 .UNINDENT
 .UNINDENT
@@ -451620,7 +451663,9 @@ the file will be transferred from the master file server.
 Prefer wheel archives (requires pip >= 1.4).
 .TP
 .B python: None
-Python executable used to build the virtualenv
+Python executable used to build the virtualenv. When Salt is installed
+from a onedir package. You will likely want to specify which python
+interperter should be used.
 .TP
 .B user: None
 The user under which to run virtualenv and pip.
@@ -451682,6 +451727,12 @@ kwargs, such as the \fBpip\fP option, require \fB\- distribute: True\fP\&.
 .fi
 .UNINDENT
 .UNINDENT
+.sp
+Current versions of Salt use onedir packages and will use onedir python
+interpreter by default. If you\(aqve installed Salt via out package
+repository. You will likely want to provide the path to the interpreter
+with which you would like to be used to create the virtual environment. The
+interpreter can be specified by providing the \fIpython\fP option.
 .UNINDENT
 .SS salt.states.webutil
 .sp
@@ -476896,6 +476947,11 @@ Thrown when token authentication fails
 .UNINDENT
 .INDENT 0.0
 .TP
+.B exception  salt.exceptions.UnsupportedAlgorithm(message=\(aq\(aq)
+Thrown when a requested encryption or signing algorithm is un\-supported.
+.UNINDENT
+.INDENT 0.0
+.TP
 .B exception  salt.exceptions.VMwareApiError(message=\(aq\(aq, info=None)
 Used when representing a generic VMware API error
 .UNINDENT
@@ -478701,6 +478757,122 @@ Bump to \fBidna==3.7\fP due to \fI\%https://github.com/advisories/GHSA\-jjg7\-2v
 .IP \(bu 2
 Bump to \fBaiohttp==3.9.4\fP due to \fI\%https://github.com/advisories/GHSA\-7gpw\-8wmc\-pm8g\fP \fI\%#66411\fP
 .UNINDENT
+(release\-3006.9)=
+.SS Salt 3006.9 release notes
+.SS Changelog
+.SS Deprecated
+.INDENT 0.0
+.IP \(bu 2
+Drop CentOS 7 support \fI\%#66623\fP
+.IP \(bu 2
+No longer build RPM packages with CentOS Stream 9 \fI\%#66624\fP
+.UNINDENT
+.SS Fixed
+.INDENT 0.0
+.IP \(bu 2
+Made slsutil.renderer work with salt\-ssh \fI\%#50196\fP
+.IP \(bu 2
+Fixed defaults.merge is not available when using salt\-ssh \fI\%#51605\fP
+.IP \(bu 2
+Fixed config.get does not support merge option with salt\-ssh \fI\%#56441\fP
+.IP \(bu 2
+Update to include croniter in pkg requirements \fI\%#57649\fP
+.IP \(bu 2
+Fixed state.test does not work with salt\-ssh \fI\%#61100\fP
+.IP \(bu 2
+Made slsutil.findup work with salt\-ssh \fI\%#61143\fP
+.IP \(bu 2
+Fixes multiple issues with the cmd module on Windows. Scripts are called using
+the \fB\-File\fP parameter to the \fBpowershell.exe\fP binary. \fBCLIXML\fP data in
+stderr is now removed (only applies to encoded commands). Commands can now be
+sent to \fBcmd.powershell\fP as a list. Makes sure JSON data returned is valid.
+Strips whitespace from the return when using \fBrunas\fP\&. \fI\%#61166\fP
+.IP \(bu 2
+Fixed the win_lgpo_netsh salt util to handle non\-English systems. This was a
+rewrite to use PowerShell instead of netsh to make the changes on the system \fI\%#61534\fP
+.IP \(bu 2
+file.replace and file.search work properly with /proc files \fI\%#63102\fP
+.IP \(bu 2
+Fix utf8 handling in \(aqpass\(aq renderer \fI\%#64300\fP
+.IP \(bu 2
+Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. \fI\%#64563\fP
+.IP \(bu 2
+salt\-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. \fI\%#64728\fP
+.IP \(bu 2
+Fixed slsutil.update with salt\-ssh during template rendering \fI\%#65067\fP
+.IP \(bu 2
+Fix config.items when called on minion \fI\%#65251\fP
+.IP \(bu 2
+Ensure on rpm and deb systems, that user and group for existing Salt, is maintained on upgrade \fI\%#65264\fP
+.IP \(bu 2
+Fix typo in nftables module to ensure unique nft family values \fI\%#65295\fP
+.IP \(bu 2
+pkg.installed state aggregate does not honors requires requisite \fI\%#65304\fP
+.IP \(bu 2
+Added SSH wrapper for logmod \fI\%#65630\fP
+.IP \(bu 2
+Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM \fI\%#65816\fP
+.IP \(bu 2
+Corrected x509_v2 CRL creation \fBlast_update\fP and \fBnext_update\fP values when system timezone is not UTC \fI\%#65837\fP
+.IP \(bu 2
+Make sure the root minion process handles SIGUSR1 and emits a traceback like it\(aqs child processes \fI\%#66095\fP
+.IP \(bu 2
+Replaced pyvenv with builtin venv for virtualenv_mod \fI\%#66132\fP
+.IP \(bu 2
+Made \fBfile.managed\fP skip download of a remote source if the managed file already exists with the correct hash \fI\%#66342\fP
+.IP \(bu 2
+Fix win_task ExecutionTimeLimit and result/error code interpretation \fI\%#66347\fP, \fI\%#66441\fP
+.IP \(bu 2
+Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses \fI\%#66382\fP
+.IP \(bu 2
+Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key \fI\%#66414\fP
+.IP \(bu 2
+Fixed parallel state execution with Salt\-SSH \fI\%#66514\fP
+.IP \(bu 2
+Fix support for FIPS approved encryption and signing algorithms. \fI\%#66579\fP
+.IP \(bu 2
+Fix relative file_roots paths \fI\%#66588\fP
+.IP \(bu 2
+Fixed an issue with cmd.run with requirements when the shell is not the
+default \fI\%#66596\fP
+.IP \(bu 2
+Fix RPM package provides \fI\%#66604\fP
+.IP \(bu 2
+Upgrade relAenv to 0.16.1. This release fixes several package installs for salt\-pip \fI\%#66632\fP
+.IP \(bu 2
+Upgrade relenv to 0.17.0 (\fI\%https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md\fP) \fI\%#66663\fP
+.IP \(bu 2
+Upgrade dependencies due to security issues:
+.INDENT 2.0
+.IP \(bu 2
+pymysql>=1.1.1
+.IP \(bu 2
+requests>=2.32.0
+.IP \(bu 2
+docker>=7.1.0 \fI\%#66666\fP
+.UNINDENT
+.IP \(bu 2
+Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 \fI\%#66683\fP
+.IP \(bu 2
+Remove debug output from shell scripts for packaging \fI\%#66747\fP
+.UNINDENT
+.SS Added
+.INDENT 0.0
+.IP \(bu 2
+Add Ubuntu 24.04 support \fI\%#66180\fP
+.IP \(bu 2
+Add Fedora 40 support, replacing Fedora 39 \fI\%#66300\fP
+.IP \(bu 2
+Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) \fI\%#66624\fP
+.UNINDENT
+.SS Security
+.INDENT 0.0
+.IP \(bu 2
+Bump to \fBjinja2==3.1.4\fP due to \fI\%https://github.com/advisories/GHSA\-h75v\-3vvj\-5mfj\fP \fI\%#66488\fP
+.IP \(bu 2
+CVE\-2024\-37088 salt\-call will fail with exit code 1 if bad pillar data is
+encountered. \fI\%#66702\fP
+.UNINDENT
 .sp
 See \fI\%Install a release candidate\fP
 for more information about installing an RC when one is available.
diff --git a/doc/man/spm.1 b/doc/man/spm.1
index 38440ca74073..93e18950e98f 100644
--- a/doc/man/spm.1
+++ b/doc/man/spm.1
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SPM" "1" "Generated on April 29, 2024 at 03:20:12 AM UTC." "3006.8" "Salt"
+.TH "SPM" "1" "Generated on July 29, 2024 at 07:43:51 AM UTC." "3006.9" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .sp
diff --git a/doc/topics/releases/3006.9.md b/doc/topics/releases/3006.9.md
new file mode 100644
index 000000000000..5f5d64051d58
--- /dev/null
+++ b/doc/topics/releases/3006.9.md
@@ -0,0 +1,87 @@
+(release-3006.9)=
+# Salt 3006.9 release notes
+
+<!---
+Do not edit this file. This is auto generated.
+Edit the templates in doc/topics/releases/templates/
+for a given release.
+-->
+
+
+<!--
+Add release specific details below
+-->
+
+<!--
+Do not edit the changelog below.
+This is auto generated.
+-->
+## Changelog
+
+### Deprecated
+
+- Drop CentOS 7 support [#66623](https://github.com/saltstack/salt/issues/66623)
+- No longer build RPM packages with CentOS Stream 9 [#66624](https://github.com/saltstack/salt/issues/66624)
+
+
+### Fixed
+
+- Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
+- Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
+- Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
+- Update to include croniter in pkg requirements [#57649](https://github.com/saltstack/salt/issues/57649)
+- Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
+- Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
+- Fixes multiple issues with the cmd module on Windows. Scripts are called using
+  the ``-File`` parameter to the ``powershell.exe`` binary. ``CLIXML`` data in
+  stderr is now removed (only applies to encoded commands). Commands can now be
+  sent to ``cmd.powershell`` as a list. Makes sure JSON data returned is valid.
+  Strips whitespace from the return when using ``runas``. [#61166](https://github.com/saltstack/salt/issues/61166)
+- Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a
+  rewrite to use PowerShell instead of netsh to make the changes on the system [#61534](https://github.com/saltstack/salt/issues/61534)
+- file.replace and file.search work properly with /proc files [#63102](https://github.com/saltstack/salt/issues/63102)
+- Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
+- Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. [#64563](https://github.com/saltstack/salt/issues/64563)
+- salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. [#64728](https://github.com/saltstack/salt/issues/64728)
+- Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
+- Fix config.items when called on minion [#65251](https://github.com/saltstack/salt/issues/65251)
+- Ensure on rpm and deb systems, that user and group for existing Salt, is maintained on upgrade [#65264](https://github.com/saltstack/salt/issues/65264)
+- Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
+- pkg.installed state aggregate does not honors requires requisite [#65304](https://github.com/saltstack/salt/issues/65304)
+- Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
+- Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM [#65816](https://github.com/saltstack/salt/issues/65816)
+- Corrected x509_v2 CRL creation `last_update` and `next_update` values when system timezone is not UTC [#65837](https://github.com/saltstack/salt/issues/65837)
+- Make sure the root minion process handles SIGUSR1 and emits a traceback like it's child processes [#66095](https://github.com/saltstack/salt/issues/66095)
+- Replaced pyvenv with builtin venv for virtualenv_mod [#66132](https://github.com/saltstack/salt/issues/66132)
+- Made `file.managed` skip download of a remote source if the managed file already exists with the correct hash [#66342](https://github.com/saltstack/salt/issues/66342)
+- Fix win_task ExecutionTimeLimit and result/error code interpretation [#66347](https://github.com/saltstack/salt/issues/66347), [#66441](https://github.com/saltstack/salt/issues/66441)
+- Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses [#66382](https://github.com/saltstack/salt/issues/66382)
+- Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key [#66414](https://github.com/saltstack/salt/issues/66414)
+- Fixed parallel state execution with Salt-SSH [#66514](https://github.com/saltstack/salt/issues/66514)
+- Fix support for FIPS approved encryption and signing algorithms. [#66579](https://github.com/saltstack/salt/issues/66579)
+- Fix relative file_roots paths [#66588](https://github.com/saltstack/salt/issues/66588)
+- Fixed an issue with cmd.run with requirements when the shell is not the
+  default [#66596](https://github.com/saltstack/salt/issues/66596)
+- Fix RPM package provides [#66604](https://github.com/saltstack/salt/issues/66604)
+- Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip [#66632](https://github.com/saltstack/salt/issues/66632)
+- Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) [#66663](https://github.com/saltstack/salt/issues/66663)
+- Upgrade dependencies due to security issues:
+  - pymysql>=1.1.1
+  - requests>=2.32.0
+  - docker>=7.1.0 [#66666](https://github.com/saltstack/salt/issues/66666)
+- Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 [#66683](https://github.com/saltstack/salt/issues/66683)
+- Remove debug output from shell scripts for packaging [#66747](https://github.com/saltstack/salt/issues/66747)
+
+
+### Added
+
+- Add Ubuntu 24.04 support [#66180](https://github.com/saltstack/salt/issues/66180)
+- Add Fedora 40 support, replacing Fedora 39 [#66300](https://github.com/saltstack/salt/issues/66300)
+- Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) [#66624](https://github.com/saltstack/salt/issues/66624)
+
+
+### Security
+
+- Bump to ``jinja2==3.1.4`` due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj [#66488](https://github.com/saltstack/salt/issues/66488)
+- CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is
+  encountered. [#66702](https://github.com/saltstack/salt/issues/66702)
diff --git a/doc/topics/releases/templates/3006.9.md.template b/doc/topics/releases/templates/3006.9.md.template
new file mode 100644
index 000000000000..6bcb03dd59c6
--- /dev/null
+++ b/doc/topics/releases/templates/3006.9.md.template
@@ -0,0 +1,14 @@
+(release-3006.9)=
+# Salt 3006.9 release notes{{ unreleased }}
+{{ warning }}
+
+<!--
+Add release specific details below
+-->
+
+<!--
+Do not edit the changelog below.
+This is auto generated.
+-->
+## Changelog
+{{ changelog }}
diff --git a/pkg/debian/changelog b/pkg/debian/changelog
index 0dddaac68ecb..6526d3dfb3bd 100644
--- a/pkg/debian/changelog
+++ b/pkg/debian/changelog
@@ -1,3 +1,74 @@
+salt (3006.9) stable; urgency=medium
+
+
+  # Deprecated
+
+  * Drop CentOS 7 support [#66623](https://github.com/saltstack/salt/issues/66623)
+  * No longer build RPM packages with CentOS Stream 9 [#66624](https://github.com/saltstack/salt/issues/66624)
+
+  # Fixed
+
+  * Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
+  * Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
+  * Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
+  * Update to include croniter in pkg requirements [#57649](https://github.com/saltstack/salt/issues/57649)
+  * Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
+  * Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
+  * Fixes multiple issues with the cmd module on Windows. Scripts are called using
+    the ``*File`` parameter to the ``powershell.exe`` binary. ``CLIXML`` data in
+    stderr is now removed (only applies to encoded commands). Commands can now be
+    sent to ``cmd.powershell`` as a list. Makes sure JSON data returned is valid.
+    Strips whitespace from the return when using ``runas``. [#61166](https://github.com/saltstack/salt/issues/61166)
+  * Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a
+    rewrite to use PowerShell instead of netsh to make the changes on the system [#61534](https://github.com/saltstack/salt/issues/61534)
+  * file.replace and file.search work properly with /proc files [#63102](https://github.com/saltstack/salt/issues/63102)
+  * Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
+  * Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. [#64563](https://github.com/saltstack/salt/issues/64563)
+  * salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. [#64728](https://github.com/saltstack/salt/issues/64728)
+  * Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
+  * Fix config.items when called on minion [#65251](https://github.com/saltstack/salt/issues/65251)
+  * Ensure on rpm and deb systems, that user and group for existing Salt, is maintained on upgrade [#65264](https://github.com/saltstack/salt/issues/65264)
+  * Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
+  * pkg.installed state aggregate does not honors requires requisite [#65304](https://github.com/saltstack/salt/issues/65304)
+  * Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
+  * Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM [#65816](https://github.com/saltstack/salt/issues/65816)
+  * Corrected x509_v2 CRL creation `last_update` and `next_update` values when system timezone is not UTC [#65837](https://github.com/saltstack/salt/issues/65837)
+  * Make sure the root minion process handles SIGUSR1 and emits a traceback like it's child processes [#66095](https://github.com/saltstack/salt/issues/66095)
+  * Replaced pyvenv with builtin venv for virtualenv_mod [#66132](https://github.com/saltstack/salt/issues/66132)
+  * Made `file.managed` skip download of a remote source if the managed file already exists with the correct hash [#66342](https://github.com/saltstack/salt/issues/66342)
+  * Fix win_task ExecutionTimeLimit and result/error code interpretation [#66347](https://github.com/saltstack/salt/issues/66347), [#66441](https://github.com/saltstack/salt/issues/66441)
+  * Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses [#66382](https://github.com/saltstack/salt/issues/66382)
+  * Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key [#66414](https://github.com/saltstack/salt/issues/66414)
+  * Fixed parallel state execution with Salt-SSH [#66514](https://github.com/saltstack/salt/issues/66514)
+  * Fix support for FIPS approved encryption and signing algorithms. [#66579](https://github.com/saltstack/salt/issues/66579)
+  * Fix relative file_roots paths [#66588](https://github.com/saltstack/salt/issues/66588)
+  * Fixed an issue with cmd.run with requirements when the shell is not the
+    default [#66596](https://github.com/saltstack/salt/issues/66596)
+  * Fix RPM package provides [#66604](https://github.com/saltstack/salt/issues/66604)
+  * Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip [#66632](https://github.com/saltstack/salt/issues/66632)
+  * Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) [#66663](https://github.com/saltstack/salt/issues/66663)
+  * Upgrade dependencies due to security issues:
+    * pymysql>=1.1.1
+    * requests>=2.32.0
+    * docker>=7.1.0 [#66666](https://github.com/saltstack/salt/issues/66666)
+  * Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 [#66683](https://github.com/saltstack/salt/issues/66683)
+  * Remove debug output from shell scripts for packaging [#66747](https://github.com/saltstack/salt/issues/66747)
+
+  # Added
+
+  * Add Ubuntu 24.04 support [#66180](https://github.com/saltstack/salt/issues/66180)
+  * Add Fedora 40 support, replacing Fedora 39 [#66300](https://github.com/saltstack/salt/issues/66300)
+  * Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) [#66624](https://github.com/saltstack/salt/issues/66624)
+
+  # Security
+
+  * Bump to ``jinja2==3.1.4`` due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj [#66488](https://github.com/saltstack/salt/issues/66488)
+  * CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is
+    encountered. [#66702](https://github.com/saltstack/salt/issues/66702)
+
+
+ -- Salt Project Packaging <saltproject-packaging@vmware.com>  Mon, 29 Jul 2024 07:42:36 +0000
+
 salt (3006.8) stable; urgency=medium
 
 
diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec
index 9a08cd93051c..180df99f34b1 100644
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@@ -40,7 +40,7 @@
 %define fish_dir %{_datadir}/fish/vendor_functions.d
 
 Name:    salt
-Version: 3006.8
+Version: 3006.9
 Release: 0
 Summary: A parallel remote execution system
 Group:   System Environment/Daemons
@@ -695,6 +695,74 @@ if [ $1 -ge 1 ] ; then
 fi
 
 %changelog
+* Mon Jul 29 2024 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.9
+
+# Deprecated
+
+- Drop CentOS 7 support [#66623](https://github.com/saltstack/salt/issues/66623)
+- No longer build RPM packages with CentOS Stream 9 [#66624](https://github.com/saltstack/salt/issues/66624)
+
+# Fixed
+
+- Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
+- Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
+- Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
+- Update to include croniter in pkg requirements [#57649](https://github.com/saltstack/salt/issues/57649)
+- Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
+- Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
+- Fixes multiple issues with the cmd module on Windows. Scripts are called using
+  the ``-File`` parameter to the ``powershell.exe`` binary. ``CLIXML`` data in
+  stderr is now removed (only applies to encoded commands). Commands can now be
+  sent to ``cmd.powershell`` as a list. Makes sure JSON data returned is valid.
+  Strips whitespace from the return when using ``runas``. [#61166](https://github.com/saltstack/salt/issues/61166)
+- Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a
+  rewrite to use PowerShell instead of netsh to make the changes on the system [#61534](https://github.com/saltstack/salt/issues/61534)
+- file.replace and file.search work properly with /proc files [#63102](https://github.com/saltstack/salt/issues/63102)
+- Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
+- Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module. [#64563](https://github.com/saltstack/salt/issues/64563)
+- salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows. [#64728](https://github.com/saltstack/salt/issues/64728)
+- Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
+- Fix config.items when called on minion [#65251](https://github.com/saltstack/salt/issues/65251)
+- Ensure on rpm and deb systems, that user and group for existing Salt, is maintained on upgrade [#65264](https://github.com/saltstack/salt/issues/65264)
+- Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
+- pkg.installed state aggregate does not honors requires requisite [#65304](https://github.com/saltstack/salt/issues/65304)
+- Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
+- Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM [#65816](https://github.com/saltstack/salt/issues/65816)
+- Corrected x509_v2 CRL creation `last_update` and `next_update` values when system timezone is not UTC [#65837](https://github.com/saltstack/salt/issues/65837)
+- Make sure the root minion process handles SIGUSR1 and emits a traceback like it's child processes [#66095](https://github.com/saltstack/salt/issues/66095)
+- Replaced pyvenv with builtin venv for virtualenv_mod [#66132](https://github.com/saltstack/salt/issues/66132)
+- Made `file.managed` skip download of a remote source if the managed file already exists with the correct hash [#66342](https://github.com/saltstack/salt/issues/66342)
+- Fix win_task ExecutionTimeLimit and result/error code interpretation [#66347](https://github.com/saltstack/salt/issues/66347), [#66441](https://github.com/saltstack/salt/issues/66441)
+- Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses [#66382](https://github.com/saltstack/salt/issues/66382)
+- Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key [#66414](https://github.com/saltstack/salt/issues/66414)
+- Fixed parallel state execution with Salt-SSH [#66514](https://github.com/saltstack/salt/issues/66514)
+- Fix support for FIPS approved encryption and signing algorithms. [#66579](https://github.com/saltstack/salt/issues/66579)
+- Fix relative file_roots paths [#66588](https://github.com/saltstack/salt/issues/66588)
+- Fixed an issue with cmd.run with requirements when the shell is not the
+  default [#66596](https://github.com/saltstack/salt/issues/66596)
+- Fix RPM package provides [#66604](https://github.com/saltstack/salt/issues/66604)
+- Upgrade relAenv to 0.16.1. This release fixes several package installs for salt-pip [#66632](https://github.com/saltstack/salt/issues/66632)
+- Upgrade relenv to 0.17.0 (https://github.com/saltstack/relenv/blob/v0.17.0/CHANGELOG.md) [#66663](https://github.com/saltstack/salt/issues/66663)
+- Upgrade dependencies due to security issues:
+  - pymysql>=1.1.1
+  - requests>=2.32.0
+  - docker>=7.1.0 [#66666](https://github.com/saltstack/salt/issues/66666)
+- Corrected missed line in branch 3006.x when backporting from PR 61620 and 65044 [#66683](https://github.com/saltstack/salt/issues/66683)
+- Remove debug output from shell scripts for packaging [#66747](https://github.com/saltstack/salt/issues/66747)
+
+# Added
+
+- Add Ubuntu 24.04 support [#66180](https://github.com/saltstack/salt/issues/66180)
+- Add Fedora 40 support, replacing Fedora 39 [#66300](https://github.com/saltstack/salt/issues/66300)
+- Build RPM packages with Rocky Linux 9 (instead of CentOS Stream 9) [#66624](https://github.com/saltstack/salt/issues/66624)
+
+# Security
+
+- Bump to ``jinja2==3.1.4`` due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj [#66488](https://github.com/saltstack/salt/issues/66488)
+- CVE-2024-37088 salt-call will fail with exit code 1 if bad pillar data is
+  encountered. [#66702](https://github.com/saltstack/salt/issues/66702)
+
+
 * Mon Apr 29 2024 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.8
 
 # Removed