Skip to content

v0.11.5
Compare
Choose a tag to compare
@tgross tgross released this 21 Oct 17:53
v0.11.5
cb0cc46

0.11.5 (October 21, 2020)

SECURITY:

  • artifact: Backport from v0.12.6 - Fixed a bug where interpolation can be used in the artifact destination field to write artifact payloads outside the allocation directory. CVE-2020-27195 [GH-9129]
  • template: Backport from v0.12.6 - Fixed a bug where interpolation can be used in the template source and destination fields to read or write files outside the allocation directory even when disable_file_sandbox was set to false (the default). CVE-2020-27195 [GH-9129]
  • template: Backport from v0.12.6 - Fixed a bug where the disable_file_sandbox configuration was only respected for the template file function and not the template source and destination fields. CVE-2020-27195 [GH-9129]
Assets 2
Loading