github hashicorp/packer-plugin-vsphere v1.0.5

latest releases: v1.4.2, v1.4.1, v1.4.0...
2 years ago

Note

The v0.3.0 release of the Packer plugin SDK contains the following changes which will may affect the downloading of external files such as ISOs used by this plugin.

  • Default timeouts have been added to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
  • Support for the X-Terraform-Get header has been disabled to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
  • The default go-getter client has been updated to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.

See Security Options for more details.

What's Changed

Bug fixesπŸ§‘β€πŸ”§ 🐞

  • Bump packer-plugin-sdk to v0.3.0 to address vulnerabilities in go-getter, as described in
    HCSEC-2022-13.

Full Changelog: v1.0.4...v1.0.5

Don't miss a new packer-plugin-vsphere release

NewReleases is sending notifications on new releases.