Contributors mailing list archives

Browse archives


Security Advisory: runbot_travis2docker - Database Password Exposed

LasLabs, Dave Lasley
- 17/08/2017 19:27:29
Hi All,

Please note that an edge case was recently discovered in maintainer-quality-tools that caused Runbot implementations using runbot_travis2docker to expose the host database password when the Odoo container exits with a non-zero code. 

I committed the fix yesterday, but it is recommended that you change your Runbot PostgreSQL password immediately if your Runbot deploy meets the following conditions:

  • Runbot that builds using the module runbot_travis2docker
  • Runbot instance has a configured database host (as opposed to the default `localhost`)
  • Runbot test logs are exposed to the public

For anyone that wants to confirm whether your password has been exposed: 

— Dave Lasley