Releases: runatlantis/atlantis
Releases · runatlantis/atlantis
v0.3.2
Description
This release focused on some security issues reported by @eriksw, thanks Erik!
By default, Atlantis will be more secure now and you'll have to specify which repositories
you want it to work on.
Features
- New flag
--allow-fork-prsadded toatlantis servercontrols whether Atlantis will operate on pull requests from forks. Defaults tofalse.
This flag was added because on a public repository anyone could open up a pull request to your repo and use your Atlantis
install. - New mandatory flag
--repo-whitelistadded toatlantis servercontrols which repos Atlantis will operate on. This flag was added
so that if a webhook secret is compromised (or you're not using webhook secrets) Atlantis won't be used on repos you don't control. - Warn if running
atlantis serverwithout any webhook secrets set. This is dangerous because without a webhook secret, an attacker
could spoof requests to Atlantis. - Make CLI output more readable by setting a fixed column width.
Bug Fixes
- None
Backwards Incompatibilities / Notes:
- Must set
--allow-fork-prsnow if you want to run Atlantis on pull requests from forked repos. - Must set
--repo-whitelistin order to startatlantis server. Seeatlantis server --helpfor how that flag works.
v0.3.1
v0.3.0
Features
- Fix security issue where Atlantis wasn't escaping the optional "extra args" that could be appended to comments (#16)
- example exploit:
atlantis plan ; cat /etc/passwd
- example exploit:
- Atlantis moved to new repo:
atlantisrun/atlantis. Read why here - New -w/--workspace and -d/--dir flags in comments (#14)
- You can now specify which directory to plan/apply in, ex.
atlantis plan -d dir1/dir2
- You can now specify which directory to plan/apply in, ex.
- Better feedback from atlantis when asking for help via comments, ex.
atlantis plan -h
Bug Fixes
- Convert
--data-dirpaths to absolute from relative. Fixes (#245) - Don't run plan in the parent of
modules/unless there's amain.tfpresent. Fixes (#12)
Backwards Incompatibilities / Notes:
- You must use the
-wflag to specify a workspace when commenting now- Previously:
atlantis plan staging, now:atlantis plan -w staging
- Previously:
- You must use a double-dash between Atlantis flags and extra args to be appended to the terraform command
- Previously:
atlantis plan -target=resource, now:atlantis plan -- -target=resource
- Previously:
- Atlantis will no longer run
planin the parent directory ofmodules/unless there is amain.tfin that directory.
