github canonical/cloud-init 23.1.2

latest releases: ubuntu/24.3.1-0ubuntu0_24.04.2, ubuntu/24.4_3+really24.3.1-0ubuntu4, ubuntu/24.4_3+really24.3.1-0ubuntu3...
18 months ago

Security release.

Make user/vendor data sensitive and remove log permissions

Because user data and vendor data may contain sensitive information,
this commit ensures that any user data or vendor data written to
instance-data.json gets redacted and is only available to root user.

Also, modify the permissions of cloud-init.log to be 640, so that
sensitive data leaked to the log isn't world readable.
Additionally, remove the logging of user data and vendor data to
cloud-init.log from the Vultr datasource.

LP: #2013967
CVE: CVE-2023-1786

Don't miss a new cloud-init release

NewReleases is sending notifications on new releases.