Browse code
Updating CHANGELOG for CVEs fixed in 2.2.0
James Cammarata authored on 2016/11/01 11:41:58Showing 1 changed files
| ... | ... |
@@ -1,10 +1,12 @@ |
| 1 | 1 |
Ansible Changes By Release |
| 2 | 2 |
========================== |
| 3 | 3 |
|
| 4 |
-## 2.2 "The Battle of Evermore" - ACTIVE DEVELOPMENT |
|
| 4 |
+## 2.2 "The Battle of Evermore" - 11-01-2016 |
|
| 5 | 5 |
|
| 6 | 6 |
###Major Changes: |
| 7 | 7 |
|
| 8 |
+* Security fix for CVE-2016-8628 - Command injection by compromised server via fact variables. In some situations, facts returned by modules could overwrite connection-based facts or some other special variables, leading to injected commands running on the Ansible controller as the user running Ansible (or via escalated permissions). |
|
| 9 |
+* Security fix for CVE-2016-8614 - apt_key module not properly validating keys in some situations. |
|
| 8 | 10 |
* Added the `listen` feature for modules. This feature allows tasks to more easily notify multiple handlers, as well as making it easier for handlers from decoupled roles to be notified. |
| 9 | 11 |
* Major performance improvements. |
| 10 | 12 |
* Added support for binary modules |
| ... | ... |
@@ -289,9 +291,6 @@ Ansible Changes By Release |
| 289 | 289 |
* Fix for yum module incorrectly thinking it succeeded in installing packages |
| 290 | 290 |
* Make the default ansible_managed template string into a static string since |
| 291 | 291 |
all of the replacable values lead to non-idempotent behaviour. |
| 292 |
-* apt_key fixes for when the user specifies a longer key id. These allow more |
|
| 293 |
- specific targetting of keys to download while still working around |
|
| 294 |
- limitations in the apt-key tool that require shorter key id strings. |
|
| 295 | 292 |
|
| 296 | 293 |
###For custom front ends using the API: |
| 297 | 294 |
* ansible.parsing.vault: |