1. ansible
  2. changelogs
  3. fragments
  4. dont-template-cli-passwords.yml
Raw Blame History 
security_fixes:
- >
  **security issue** - Convert CLI provided passwords to text initially, to
  prevent unsafe context being lost when converting from bytes->text during
  post processing of PlayContext. This prevents CLI provided passwords from
  being incorrectly templated (CVE-2019-14856)
- >
  **security issue** - Update ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes``
  to maintain unsafe context by overriding ``.encode`` and ``.decode``. This
  prevents future issues with ``to_text``, ``to_bytes``, or ``to_native``
  removing the unsafe wrapper when converting between string types
  (CVE-2019-14856)