Skip to content

v1.0.5

Compare
Choose a tag to compare
@github-actions github-actions released this 10 Jun 14:15
· 333 commits to main since this release

Note

The v0.3.0 release of the Packer plugin SDK contains the following changes which will may affect the downloading of external files such as ISOs used by this plugin.

  • Default timeouts have been added to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
  • Support for the X-Terraform-Get header has been disabled to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
  • The default go-getter client has been updated to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.

See Security Options for more details.

What's Changed

Bug fixes🧑‍🔧 🐞

  • Bump packer-plugin-sdk to v0.3.0 to address vulnerabilities in go-getter, as described in
    HCSEC-2022-13.

Full Changelog: v1.0.4...v1.0.5