ansible/changelogs/fragments/subversion_password.yaml

10 lines
405 B
YAML
Raw Normal View History

security_fixes:
- >
**security issue** - The ``subversion`` module provided the password
via the svn command line option ``--password`` and can be retrieved
from the host's /proc/<pid>/cmdline file. Update the module to use
the secure ``--password-from-stdin`` option instead, and add a warning
in the module and in the documentation if svn version is too old to
support it.
(CVE-2020-1739)