
On Fri, 2019-05-03 at 11:03 +0100, Daniel P. Berrangé wrote:
The yaml.load() method is historically unsafe as it allowed for arbitrary code execution:
./lcitool:323: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
The PyYAML >= 5.1 is now safe by default, but has none the less deprecated the plain load() method to avoid risk for people running their app on older versions. For our needs safe_load() suffices and is compatible with RHEL-7
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- guests/lcitool | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization