Contributors mailing list archives

contributors@odoo-community.org

Browse archives

A meeting with the functionals that feel excluded by the OCA

restarting some OCA servers

Security Advisory: runbot_travis2docker - Database Password Exposed

Dave Lasley

- 17/08/2017 17:27:29

Hi All,

Please note that an edge case was recently discovered in maintainer-quality-tools that caused Runbot implementations using runbot_travis2docker to expose the host database password when the Odoo container exits with a non-zero code.

I committed the fix yesterday, but it is recommended that you change your Runbot PostgreSQL password immediately if your Runbot deploy meets the following conditions:

Runbot that builds using the module runbot_travis2docker
Runbot instance has a configured database host (as opposed to the default `localhost`)
Runbot test logs are exposed to the public

For anyone that wants to confirm whether your password has been exposed:

You can create a commit such as this
Look for your database password at the bottom of the test_all logs.

— Dave Lasley

1 attachments 1 attachments

signature.asc

Re: Security Advisory: runbot_travis2docker - Database Password Exposed
by

Dave Lasley

- 17/08/2017 17:36:18 - 1