internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-03-31 15:53:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6f2cd64cff48c88903432edbb64ef08734e7d8ea
community.general/docs
History
James Cammarata ed56f51f18 Fixing security issue with lookup returns not tainting the jinja2 environment 
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
2017-05-08 12:43:46 -05:00
..
api
Fix docs/api sphinx-build err on 'make rpm' (#24334)
2017-05-05 17:09:38 -04:00
bin
When outputting text to a file, convert to bytes first.
2017-03-30 12:34:38 -04:00
docsite
Fixing security issue with lookup returns not tainting the jinja2 environment
2017-05-08 12:43:46 -05:00
man
added docs to CLI docstringsadded
2017-03-24 15:52:36 -04:00
templates
Docs how to test (2nd) (#24094)
2017-04-28 09:08:26 +01:00