Bug #22954: Template importing should only deserialize safe objects from YAML - Foreman

Bug #22954

Template importing should only deserialize safe objects from YAML

Added by Marek Hulán 5 months ago. Updated about 1 month ago.

Status:

Closed

Priority:

Normal

Assignee:

Marek Hulán

Category:

Templates

Target version:

1.18.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/5340

Team Backlog:

Fixed in Releases:

Found in Releases:

Related issues

Related to Foreman - Refactor #19846: Fix Rubocop: Security/YAMLLoad New 2017-06-04

Issue # Delay: days Cancel

Associated revisions

Revision f2ab59d7 (diff)
Added by Marek Hulán 4 months ago

Fixes #22954 - only deserialize safe objects

History

#1 Updated by The Foreman Bot 5 months ago

Status changed from New to Ready For Testing

Pull request https://github.com/theforeman/foreman/pull/5340 added

#2 Updated by Tomer Brisker 5 months ago

Related to Refactor #19846: Fix Rubocop: Security/YAMLLoad added

#3 Updated by Michael Moll 4 months ago

Legacy Backlogs Release (now unused) set to 330

#4 Updated by Marek Hulán 4 months ago

% Done changed from 0 to 100

Status changed from Ready For Testing to Closed

Applied in changeset f2ab59d71abb022ee4d0da77eeaf24f8765010d3.

Also available in: Atom PDF

Project

General

Profile

Issues

Custom queries

Bug #22954

Template importing should only deserialize safe objects from YAML

Associated revisions

History

#1 Updated by The Foreman Bot 5 months ago

#2 Updated by Tomer Brisker 5 months ago

#3 Updated by Michael Moll 4 months ago

#4 Updated by Marek Hulán 4 months ago