You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This Pulp CVE describes issue 3521 whereby the previous run's override config can be read as the attribute last_override_config on both importers and distributors. The decision (on the issue) was made to remove this attribute altogether due to it's security implications.
Without the fix, when you set an override_config, you'll be able to read that data when viewing the importer or distributor again. With this fix that data will always show up as 'last_override_config': {}.
This should be verified for both Importers and Distributors.
This Pulp CVE describes issue 3521 whereby the previous run's override config can be read as the attribute
last_override_config
on both importers and distributors. The decision (on the issue) was made to remove this attribute altogether due to it's security implications.Without the fix, when you set an override_config, you'll be able to read that data when viewing the importer or distributor again. With this fix that data will always show up as
'last_override_config': {}
.This should be verified for both Importers and Distributors.
Details on how I tested this during development (with commands) is here: https://pulp.plan.io/issues/3521#note-15
This is a backwards compatible change for 2.16.2 and a release note was added for it.
The text was updated successfully, but these errors were encountered: