Publish - upload to S3 stage $IMG_VERSION

This template is ONLY used for reporting bugs. New feature request or pipeline enhancement issues should use the other template options for issue submission.

Current Behavior

Line 11:

$IMG_VERSION is untrusted (it can be set to any value in the repo), if the user puts ../../ in it you will get a directory traversal vulnerability here. This is actually pretty hard to fix.

Live Example

Pipeline publish stage upload-to-s3.sh script.

Expected Behavior

Should not allow users to put ../../ in the image version.

Possible Solution

N/A