Skip to content

23.1.2
Compare
Choose a tag to compare
@TheRealFalcon TheRealFalcon released this 26 Apr 20:17
· 783 commits to main since this release
23.1.2
This tag was signed with the committer’s verified signature.
TheRealFalcon James Falcon
GPG key ID: 6748F550622BA5D4
Learn about vigilant mode.
76066fe

Security release.

Make user/vendor data sensitive and remove log permissions

Because user data and vendor data may contain sensitive information,
this commit ensures that any user data or vendor data written to
instance-data.json gets redacted and is only available to root user.

Also, modify the permissions of cloud-init.log to be 640, so that
sensitive data leaked to the log isn't world readable.
Additionally, remove the logging of user data and vendor data to
cloud-init.log from the Vultr datasource.

LP: #2013967
CVE: CVE-2023-1786

Assets 2