Ryan Petrello 5950f26c69

only allow the task dispatch worker to import and run decorated tasks ...

this _technically_ prevents a remote code exploit where a user who has
access to publish AMQP messages to the dispatch queue could craft
a special message that would import and run arbitrary Python functions;
that said, the types of user with this privilege level are generally
_already_ the awx user (so they can already do this by hand if they
want)

2018-12-12 17:46:41 -05:00

..

api

Merge pull request #2880 from AlanCoding/fix_v1_links

2018-12-07 14:33:15 +00:00

conf

Merge remote-tracking branch 'tower/release_3.3.1' into devel

2018-11-01 12:07:02 -04:00

lib

Make sure we reference the actual hostname

2018-11-02 10:37:58 -04:00

locale

Extract latest strings from source code for translations

2018-11-27 12:31:52 -05:00

main

only allow the task dispatch worker to import and run decorated tasks

2018-12-12 17:46:41 -05:00

playbooks

Merge remote-tracking branch 'tower/release_3.3.0' into devel

2018-08-10 11:54:34 -04:00

plugins

Update foreman.py from Ansible devel, primarily for unicode fixes.

2018-12-03 10:23:28 -05:00

settings

more sane default log handlers

2018-12-05 09:38:27 -05:00

sso

make current_user ck secure and httponly

2018-11-21 10:36:35 -05:00

static

Update .gitignore, remove ui static file from wrong dir

2017-07-25 09:39:06 -04:00

templates

make the API browser direct you to the proper location post-login

2018-07-09 13:58:38 -04:00

ui

stop various async background requests from bumping the session expiry

2018-12-11 09:15:58 -05:00

__init__.py

only override django for FIPS in environments where Django is installed

2018-11-26 09:17:48 -05:00

asgi.py

…

devonly.py

…

urls.py

remove the network UI

2018-07-30 11:03:53 -04:00

wsgi.py

Update Django version in version check.

2018-10-18 09:23:59 -04:00