ansible/changelogs/fragments/dont-template-cli-passwords.yml

bugfixes:
- >
  **security issue** - Convert CLI provided passwords to text initially, to
  prevent unsafe context being lost when converting from bytes->text during
  post processing of PlayContext. This prevents CLI provided passwords from
  being incorrectly templated (CVE-2019-14856)
- >
  **security issue** - Update ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes``
  to maintain unsafe context by overriding ``.encode`` and ``.decode``. This
  prevents future issues with ``to_text``, ``to_bytes``, or ``to_native``
  removing the unsafe wrapper when converting between string types
  (CVE-2019-14856)
Wrap CLI Passwords with AnsibleUnsafeText, ensure unsafe context is not lost during encode/decode (#63351) * Wrap .encode and .decode on AnsibleUnsafe objects * runme.sh needs to be executable * ci_complete * Update changelog with CVE 2019-10-11 16:17:10 +02:00			`bugfixes:`
			`- >`
			`security issue - Convert CLI provided passwords to text initially, to`
			`prevent unsafe context being lost when converting from bytes->text during`
			`post processing of PlayContext. This prevents CLI provided passwords from`
			`being incorrectly templated (CVE-2019-14856)`
			`- >`
			security issue - Update ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes``
			to maintain unsafe context by overriding ``.encode`` and ``.decode``. This
			prevents future issues with ``to_text``, ``to_bytes``, or ``to_native``
			`removing the unsafe wrapper when converting between string types`
			`(CVE-2019-14856)`