Skip to content

23.1.2

Compare
Choose a tag to compare
@TheRealFalcon TheRealFalcon released this 26 Apr 20:17
· 1181 commits to main since this release
23.1.2

Security release.

Make user/vendor data sensitive and remove log permissions

Because user data and vendor data may contain sensitive information,
this commit ensures that any user data or vendor data written to
instance-data.json gets redacted and is only available to root user.

Also, modify the permissions of cloud-init.log to be 640, so that
sensitive data leaked to the log isn't world readable.
Additionally, remove the logging of user data and vendor data to
cloud-init.log from the Vultr datasource.

LP: #2013967
CVE: CVE-2023-1786