On Fri, 2019-05-03 at 11:03 +0100, Daniel P. Berrangé wrote: > The yaml.load() method is historically unsafe as it allowed for > arbitrary code execution: > > ./lcitool:323: YAMLLoadWarning: calling yaml.load() without > Loader=... is deprecated, as the default Loader is unsafe. > Please read https://msg.pyyaml.org/load for full details. > > The PyYAML >= 5.1 is now safe by default, but has none the less > deprecated the plain load() method to avoid risk for people > running their app on older versions. For our needs safe_load() > suffices and is compatible with RHEL-7 > > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > --- > guests/lcitool | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
