cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/examples
History
James Cammarata ed56f51f18 Fixing security issue with lookup returns not tainting the jinja2 environment 
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
2017-05-08 12:43:46 -05:00
..
playbooks
scripts ConfigureRemotingForAnsible: RSA 1024 to RSA 4096 (#23684) 2017-04-19 13:21:25 +02:00
ansible.cfg Fixing security issue with lookup returns not tainting the jinja2 environment 2017-05-08 12:43:46 -05:00
DOCUMENTATION.yml Link to module developing_modules_documenting.html 2017-04-03 17:17:12 +01:00
hosts comment examples in default hosts file 2015-12-04 16:24:19 -05:00
hosts.yaml updated better yaml host examples 2017-03-08 14:51:52 -05:00
hosts.yml linked cause people forget yaml and yml exist 2016-09-08 14:18:10 -04:00