83e28324e1
The format function allowed too arbitrary access to the values being formatted, and this behavior caused information leakage in some cases. Closes-Bug: #2048114 Change-Id: Id7ec5f267314bb7166ca64802ab47d768bb5eb89
13 lines
430 B
YAML
13 lines
430 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The format YAQL function has been removed, because of its vulnability. See
|
|
the security section to find more details.
|
|
|
|
security:
|
|
- |
|
|
`<https://bugs.launchpad.net/murano/+bug/2048114>`_: The format YAQL
|
|
function has been removed, because it allowed too arbitrary data access
|
|
which results in data leak. Users can replace the format function by
|
|
``+`` operator and ``str`` YAQL function.
|