On Thu, 11 Jul 2019 10:16:48 +0300 mer...@debian.org wrote:
> Hello,
>
> According to [1] the unsafe loader yaml.UnsafeLoader is still
> vulnerable, and could be used upon request. While strictly speaking the
> vulnerability is fixed by using safe reader by default, I assume
> complete safety can
Hello,
According to [1] the unsafe loader yaml.UnsafeLoader is still
vulnerable, and could be used upon request. While strictly speaking the
vulnerability is fixed by using safe reader by default, I assume
complete safety can only be achieved by disabling the yaml.UnsafeLoader.
Best,
Andrius
[1]
2 matches
Mail list logo
