baeff7462d
* isa string should rewrap as unsafe in get_validated_value * _is_unsafe shouldn't be concerned with underlying types * Start with passwords as text, instead of bytes * Remove unused imports * Add changelog fragment * Update changelog with CVE
6 lines
289 B
YAML
6 lines
289 B
YAML
bugfixes:
|
|
- >
|
|
**security issue** - Convert CLI provided passwords to text initially, to
|
|
prevent unsafe context being lost when converting from bytes->text during
|
|
post processing of PlayContext. This prevents CLI provided passwords from
|
|
being incorrectly templated (CVE-2019-14856)
|