#1107995 ansible-lint unsafely evaluates jinja2 expressions

#1107995#5
Date:
2025-06-18 19:21:20 UTC
From:
To:
Hi,

discussing with upstream, it seems that ansible-lint unsafely evaluates jinja2
expressions. The patch I introduced in 25.2.1-2 accidentally allows this for
lookups.

For more details:
https://github.com/ansible/ansible-lint/pull/4593#issuecomment-2985265115

I'm leaving this on severity important for now as I'm not 100% sure this is
release-critical. On the one hand it allows for code execution where it should
only be linting, on the other hand this is possible with older releases, too
(just not with lookups, but any custom filter). Feel free to adjust if you
believe it warrants higher severity.

Greets,
Lee