mirror of https://github.com/ansible/ansible.git
Re-add changelogs and add docs for CVE-2020-1736 reverts [2.9] (#71515)
Signed-off-by: Rick Elrod <rick@elrod.me>pull/71551/head
parent
dfaadf6f33
commit
7eec8e4d26
@ -0,0 +1,4 @@
|
|||||||
|
security_fixes:
|
||||||
|
- >
|
||||||
|
**security issue** atomic_move - change default permissions when creating
|
||||||
|
temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736)
|
@ -0,0 +1,4 @@
|
|||||||
|
security_fixes:
|
||||||
|
- >
|
||||||
|
Fix warning for default permission change when no mode is specified. Follow up
|
||||||
|
to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736)
|
@ -0,0 +1,2 @@
|
|||||||
|
security_fixes:
|
||||||
|
- The fix for CVE-2020-1736 has been reverted. Users are encouraged to specify a ``mode`` parameter in their file-based tasks when the files being manipulated contain sensitive data.
|
Loading…
Reference in New Issue