Commit Graph

1 Commits (36aebcd4069a6b43c7874ba1e257fcbc383ca358)

Author SHA1 Message Date
Matt Davis c9ac477e53
Preserve `_ansible_no_log` from action result; fix `include_vars` to set properly (#84143)
* fixes for CVE-2024-8775

* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)

* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )

* changelog

* use ternary, coerce to bool explicitly
1 month ago