zuul
/
zuul
Code Issues Proposed changes

Add a CVE-2018-12557 release note 

Add a security release note for the "credentials leak on ansible
unreachable error despite no_log" story. It's added to an existing
file so that it will appear in the 3.1.0 section.

Change-Id: I1060a964cad9863ce24abe830622370a3dbfbf80
Story: #2002177
Task: #22238
This commit is contained in:
Jeremy Stanley 2018-06-19 14:57:14 +00:00
parent de3187a356
commit 6ddf3dbb9c
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
releasenotes/notes/override-file-matchers-128731229d551d81.yaml
View File

@ -7,3 +7,13 @@ upgrade:
other job attribute. The final values are used to determine other job attribute. The final values are used to determine
whether the job should ultimately run. whether the job should ultimately run.
- Zuul now uses Ansible 2.5. - Zuul now uses Ansible 2.5.
security:
- |
Tobias Henkel (BMW Car IT GmbH) discovered a vulnerability which
is fixed in this release. If nodes become offline during the
build, the no_log attribute of a task is ignored. If the
unreachable error occurred in a task used with a loop variable
(e.g., with_items), the contents of the loop items would be
printed in the console. This could lead to accidentally leaking
credentials or secrets. MITRE has assigned CVE-2018-12557 to this
vulnerability.