These vulnerabilities have been seen exploited in the wild and primarily are affecting the master servers but do give access to the minions. This requires updating to the releases provided on April 29th. I have not seen any community announcements stating these updates have been applied.
We are very much aware of this and all our servers are secured from this vulnerbility in salt. We’ve already, prior to this, taken measurements to ensure that this kind of attack is not possible on our servers, by applying all needed patches, but also closing down the entry used in the CVE.