2026-01-21 22:13:25
GitHub_M
PUBLISHED
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that its safe to generate a project from a safe template, i.e. one that doesnt use unsafe features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with `_preserve_symlinks: false` (which is Copiers default setting). Version 9.11.2 patches the issue.