Fix for bucket_path security vulnerability
0d6d29933e61Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

Fix for bucket_path security vulnerability

This is a fix for Bugs #13553, #13418, #13511. The bucket_path parameter
allowed control over where the filebucket will try to read and write to.
The only place available to stop this parameter is in the resolution
from a URI to an indirectory terminus. The bucket_path is used
internally for local filebuckets and so cannot be removed completely
without a larger change to the design.

Details

Provenance

Andrew Parker <andy@puppetlabs.com>	Authored on
Matthaus Litteken <matthaus@puppetlabs.com>	Committed on Apr 3 2012, 11:36 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU19bd30a35c0d: Removed text/marshal support

Branches

Unknown

Tags

Unknown

Event Timeline

Matthaus Litteken <matthaus@puppetlabs.com> committed rPU0d6d29933e61: Fix for bucket_path security vulnerability (authored by Andrew Parker <andy@puppetlabs.com>).Apr 3 2012, 11:36 PM

Changes (2)

Path

Size

lib/

puppet/

network/

http/

api/

v1.rb

spec/

unit/

network/

http/

api/

v1_spec.rb

rPU0d6d29933e61

View Options

lib/puppet/network/http/api/v1.rb