Nomad v0.11.5 Release Notes
Release Date: 2020-10-21 // over 3 years ago-
🔒 SECURITY:
- artifact: Backport from v0.12.6 - Fixed a bug where interpolation can be used in the artifact
destination
field to write artifact payloads outside the allocation directory. CVE-2020-27195 [GH-9129] - template: Backport from v0.12.6 - Fixed a bug where interpolation can be used in the template
source
anddestination
fields to read or write files outside the allocation directory even whendisable_file_sandbox
was set tofalse
(the default). CVE-2020-27195 [GH-9129] - template: Backport from v0.12.6 - Fixed a bug where the
disable_file_sandbox
configuration was only respected for the templatefile
function and not the templatesource
anddestination
fields. CVE-2020-27195 [GH-9129]
- artifact: Backport from v0.12.6 - Fixed a bug where interpolation can be used in the artifact