CVE-2017-7481
Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.
This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
* Added test for 'RETURN' field in validate-modules
* print the field being tested.
Useful when the RETURN structure is complex.
* Fixed schema after CI traceback fail
* Fixed list_string_types
* Fixed line in 319 code for RETURN
* Big testing doc refactor
* Combine all the testing documentation in to one place to make it easier to find
* Convert everything to RST
* Create testing_network guide
* Create testing landing page
* For each section detail "how to run" and "how to extend testing"
* More examples
* Lots more detail
* Document deprecation of fetch module validate_md5 and update --tags merging deprecation
Update the default of --tags merging config option to merge by default
* Update CHANGELOG.md
Minor edit
This setting allows us to reference jinja2 and python stdlib docs
via docutils refs instead of hardcoding urls.
Fixes#18039
Remove extraneous sphinx config
* Add example task succeeding when RC is non-zero
I added an example on how to use the return code to decide yourself
what is considered a failure.
This might have helped for #23679.
* Use diff as example command, instead of robocopy
* Windows: Add Windows Subsystem for Linux documentation
As discussed during the Windows Working Group meeting we do want
documentation on running Ansible on Windows as it may help grow
the Windows/Ansible community and does work out-of-the-box.
However we do take care to emphasize that WSL is not fit for
production use.
* Update intro_windows.rst
Edits for mechanics and clarity.
The Python3 dev doc is more general than just modules
* Rename it to make that obvious.
* Move generally applicable Python3 information to the Controller section
* Add a Py3/Py2 section on formatting strings
* Fix code-blocks to highlight as python
* Enhance python3 support page
* Add Python3/Python2 compat note
Due to the number of "real world" caveats in the current runas become method, it was agreed that we'd warn that it's experimental on use. A potential future version based on LogonUser/CreateProcessAsUser will have very different requirements and limitations.
* fix 'sequence' lookup shortcut syntax and documentation
* Update playbooks_loops.rst
Minor edits for grammar and clarity.
* Update playbooks_loops.rst
Another tweak for clarity.
* Updated 2.4 roadmap for final publish
* Update ROADMAP_2_4.rst
* Remove "code refactor and unit tests"
This is just technical debt work, and not note-worthy for the roadmap
* Update ROADMAP_2_4.rst
* Update ROADMAP_2_4.rst