Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Fix issue that could lead to RCE if using unsecure Jinja templates #8095

Merged
merged 4 commits into from
Jul 26, 2024
Merged

fix: Fix issue that could lead to RCE if using unsecure Jinja templates #8095

merged 4 commits into from
Jul 26, 2024

Conversation

silvanocerza
Copy link
Contributor

Proposed Changes:

Fix issue with Jinja templates.

How did you test it?

I ran tests locally.

Notes for the reviewer

N/A

Checklist

@silvanocerza silvanocerza self-assigned this Jul 26, 2024
@silvanocerza silvanocerza requested review from a team as code owners July 26, 2024 13:06
@silvanocerza silvanocerza requested review from dfokina and Amnah199 and removed request for a team and Amnah199 July 26, 2024 13:06
@coveralls
Copy link
Collaborator

coveralls commented Jul 26, 2024
edited
Loading

Pull Request Test Coverage Report for Build 10112264105

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 4 unchanged lines in 3 files lost coverage.
  • Overall coverage decreased (-0.001%) to 90.045%
Files with Coverage Reduction New Missed Lines %
components/builders/chat_prompt_builder.py 1 98.44%
components/converters/output_adapter.py 1 98.28%
components/routers/conditional_router.py 2 97.53%
Totals Coverage Status
Change from base Build 10108371805: -0.001%
Covered Lines: 6793
Relevant Lines: 7544
💛 - Coveralls

@silvanocerza silvanocerza enabled auto-merge (squash) July 26, 2024 13:41
@silvanocerza silvanocerza merged commit 3fed136 into main Jul 26, 2024
17 checks passed
@silvanocerza silvanocerza deleted the fix-jinja-env branch July 26, 2024 14:02
silvanocerza added a commit that referenced this pull request Jul 26, 2024
@silvanocerza
fix: Fix issue that could lead to RCE if using unsecure Jinja templat…
5a28246 
…es (#8095)

* Fix issue that could lead to RCE if using unsecure Jinja templates

* Add comment explaining exception suppression

* Update release note

* Update release note
@silvanocerza silvanocerza mentioned this pull request Jul 26, 2024
Merged
This was referenced Jul 29, 2024
Merged
Closed
@julian-risch julian-risch mentioned this pull request Aug 2, 2024
Closed
@silvanocerza silvanocerza mentioned this pull request Aug 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shadeMe shadeMe shadeMe approved these changes

@dfokina dfokina Awaiting requested review from dfokina dfokina is a code owner automatically assigned from deepset-ai/documentation

Assignees

@silvanocerza silvanocerza

Labels
topic:core topic:tests type:documentation Improvements on the docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@silvanocerza @coveralls @shadeMe