github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 22:57:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

replace YAML.parse with YAML.safe_load in release tool

Browse source 
YAML.parse returns Psych nodes that then need to be converted to plain ruby objects.

Calling YAML.safe_load outputs basic ruby objects already and also increases security as it greatly restricts the classes it deserializes.

Fixes #11208
This commit is contained in:
João Duarte 2019-10-11 09:31:17 +01:00 committed by João Duarte
parent afcb045774
commit a6f02a3826
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/release/bump_plugin_versions.rb
View file

@ -96,7 +96,7 @@ puts "Pushing commit.."
`git remote add upstream git@github.com:elastic/logstash.git` `git remote add upstream git@github.com:elastic/logstash.git`
`git push upstream #{branch_name}` `git push upstream #{branch_name}`
current_release = YAML.parse(IO.read("versions.yml"))["logstash"] current_release = YAML.safe_load(IO.read("versions.yml"))["logstash"]
puts "Creating Pull Request" puts "Creating Pull Request"
pr_title = "bump lock file for #{current_release}" pr_title = "bump lock file for #{current_release}"