Hi all!
We have released 1.7.1, which addresses one security issue reported by Tomasz Kontusz, as well as some other bugs.
-
A security fix to disallow specifying ‘args:’ as a string, which could allow the insertion of extra module parameters through variables.
-
Performance enhancements related to a previous security fix, which could cause slowness when modules returned very large JSON results. This specifically impacted the unarchive module frequently, which returns the details of all unarchived files in the result.
-
Docker module bug fixes:
-
Fixed support for specifying rw/ro bind modes for volumes
-
Fixed support for allowing the tag in the image parameter
This update is available via PyPi and releases.ansible.com now, and packages for distros will be available as soon as possible.
Thanks!