1d5b35c4bf
corrected the typo error several in release notes Change-Id: I5593ef80d4305ab9f977de35f6271dbf7572ef2d Closes-Bug: #1625312
10 lines
405 B
YAML
10 lines
405 B
YAML
---
|
|
security:
|
|
- cve-2016-4972 has been addressed. In several places
|
|
Murano used loaders inherited directly from yaml.Loader
|
|
when parsing MuranoPL and UI files from packages.
|
|
This is unsafe, because this loader is capable of creating
|
|
custom python objects from specifically constructed
|
|
yaml files. With this change all yaml loading operations are done
|
|
using safe loaders instead.
|