fd30f53289
CVE-2017-7481 Lookup returns wrap the result in unsafe, however when used through the standard templar engine, this does not result in the jinja2 environment being marked as unsafe as a whole. This means the lookup result looses the unsafe protection and may become simple unicode strings, which can result in bad things being re-templated. This also adds a global lookup param and cfg options for lookups to allow unsafe returns, so users can force the previous (insecure) behavior. (cherry picked from commit 72dfb1570d22ac519350a8c09e76c458789120ed) (cherry picked from commit fadccda7c7a2e8d0650f4dee8e3cea93cf17acfd) |
||
|---|---|---|
| .. | ||
| playbooks | ||
| scripts | ||
| ansible.cfg | ||
| DOCUMENTATION.yml | ||
| hosts | ||
| hosts.yaml | ||