Add a CVE-2018-12557 release note
Add a security release note for the "credentials leak on ansible unreachable error despite no_log" story. It's added to an existing file so that it will appear in the 3.1.0 section. Change-Id: I1060a964cad9863ce24abe830622370a3dbfbf80 Story: #2002177 Task: #22238
This commit is contained in:
parent
de3187a356
commit
6ddf3dbb9c
|
@ -7,3 +7,13 @@ upgrade:
|
||||||
other job attribute. The final values are used to determine
|
other job attribute. The final values are used to determine
|
||||||
whether the job should ultimately run.
|
whether the job should ultimately run.
|
||||||
- Zuul now uses Ansible 2.5.
|
- Zuul now uses Ansible 2.5.
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
Tobias Henkel (BMW Car IT GmbH) discovered a vulnerability which
|
||||||
|
is fixed in this release. If nodes become offline during the
|
||||||
|
build, the no_log attribute of a task is ignored. If the
|
||||||
|
unreachable error occurred in a task used with a loop variable
|
||||||
|
(e.g., with_items), the contents of the loop items would be
|
||||||
|
printed in the console. This could lead to accidentally leaking
|
||||||
|
credentials or secrets. MITRE has assigned CVE-2018-12557 to this
|
||||||
|
vulnerability.
|
||||||
|
|
Loading…
Reference in New Issue