ba87c225cd
* fixed fetch traversal from slurp * ignore slurp result for dest * fixed naming when source is relative * fixed bug in local connection plugin * added tests with fake slurp * moved existing role tests into runme.sh * normalized on action excepts * moved dest transform down to when needed * added is_subpath check * fixed bug in local connection fixes #67793 CVE-2019-3828
2 lines
118 B
YAML
2 lines
118 B
YAML
bugfixes:
|
|
- In fetch action, avoid using slurp return to set up dest, also ensure no dir traversal CVE-2019-3828.
|