7f4befdea7
* Wrap .encode and .decode on AnsibleUnsafe objects * runme.sh needs to be executable * ci_complete * Update changelog with CVE
12 lines
609 B
YAML
12 lines
609 B
YAML
bugfixes:
|
|
- >
|
|
**security issue** - Convert CLI provided passwords to text initially, to
|
|
prevent unsafe context being lost when converting from bytes->text during
|
|
post processing of PlayContext. This prevents CLI provided passwords from
|
|
being incorrectly templated (CVE-2019-14856)
|
|
- >
|
|
**security issue** - Update ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes``
|
|
to maintain unsafe context by overriding ``.encode`` and ``.decode``. This
|
|
prevents future issues with ``to_text``, ``to_bytes``, or ``to_native``
|
|
removing the unsafe wrapper when converting between string types
|
|
(CVE-2019-14856)
|