Changelog

debops-api

This project adheres to Semantic Versioning and human-readable changelog.

The current role maintainer is ypid.

debops-api - unreleased

Added

  • Initial coding and design. [ypid]

Security

  • The default yaml.load method from PyYAML which is used to read Ansigenome YAML files is unsafe. As a result remote code execution was possible when the DebOps API script parsed role metadata.

    Refer to the issue Make load safe_load. This has been fixed by switching to yaml.safe_load. [ypid]