10 lines
400 B
YAML
10 lines
400 B
YAML
---
|
|
security:
|
|
- Addressed cve-2016-4972. In several places
|
|
Murano used loaders inherited directly from ``yaml.Loader``
|
|
when parsing MuranoPL and UI files from packages.
|
|
This is unsafe, because this loader is capable of creating
|
|
custom python objects from specifically constructed
|
|
yaml files. With this change all yaml loading operations are done
|
|
using safe loaders instead.
|