AnsibleGuy

Re-open if there's still an issue

Greetings! Thank you for reporting this issue. Had overlooked that validation.

I actually do not know how to publish a CVE. Would have to read into it.. Using this form? https://cveform.mitre.org/

Alright. Have added the policy and `security advisories` are now enabled. Would you mind testing the validation-fix in version 0.0.21?

Here you go: https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj Thank you again for reporting it. Have a nice day

May be fixed with the changes of today.. not completely sure

Greetings. From what I've read in the code the 'environment variables' are essentially set at the 'ansible-playbook' execution. You could, per example, set [Ansible configuration parameters](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#the-configuration-file) using them (_instead of...

For 'environment extra-vars' here would be the references: * [Variables being loaded from config](https://github.com/ansible-semaphore/semaphore/blob/develop/services/tasks/runner.go#L657) * [Passing them](https://github.com/ansible-semaphore/semaphore/blob/develop/services/tasks/runner.go#L738) * [Args being set](https://github.com/ansible-semaphore/semaphore/blob/develop/services/tasks/runner.go#L743) NOTE: references do not exist any more