Chapter 7. System and Subscription Management
reposync
now by default skips packages whose location falls outside the destination directory
Previously, the
reposync
command did not sanitize paths to packages specified in a remote repository, which was insecure. A security fix for CVE-2018-10897 has changed the default behavior of reposync
to not store any packages outside the specified destination directory. To restore the original insecure behavior, use the new --allow-path-traversal
option. (BZ#1609302)