Browse code
New release v2.7.14
Toshio Kuratomi authored on 2019/10/18 01:46:03Showing 4 changed files
- changelogs/.changes.yaml
- changelogs/CHANGELOG-v2.7.rst
- changelogs/fragments/v2.7.14_summary.yaml
- lib/ansible/release.py
| ... | ... |
@@ -656,6 +656,16 @@ releases: |
| 656 | 656 |
- dont_template_passwords_from_prompt.yml |
| 657 | 657 |
- v2.7.13_summary.yaml |
| 658 | 658 |
release_date: '2019-08-15' |
| 659 |
+ 2.7.14: |
|
| 660 |
+ codename: In the Light |
|
| 661 |
+ fragments: |
|
| 662 |
+ - aci-42-filter-whitespace.yaml |
|
| 663 |
+ - ansible-test-redact.yml |
|
| 664 |
+ - boto-logging-credentials.yml |
|
| 665 |
+ - dont-template-cli-passwords.yml |
|
| 666 |
+ - no-log-sub-options-invalid-parameter.yaml |
|
| 667 |
+ - v2.7.14_summary.yaml |
|
| 668 |
+ release_date: '2019-10-17' |
|
| 659 | 669 |
2.7.2: |
| 660 | 670 |
codename: In the Light |
| 661 | 671 |
fragments: |
| ... | ... |
@@ -5,6 +5,30 @@ Ansible 2.7 "In the Light" Release Notes |
| 5 | 5 |
.. contents:: Topics |
| 6 | 6 |
|
| 7 | 7 |
|
| 8 |
+v2.7.14 |
|
| 9 |
+======= |
|
| 10 |
+ |
|
| 11 |
+Release Summary |
|
| 12 |
+--------------- |
|
| 13 |
+ |
|
| 14 |
+| Release Date: 2019-10-17 |
|
| 15 |
+| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ |
|
| 16 |
+ |
|
| 17 |
+ |
|
| 18 |
+Minor Changes |
|
| 19 |
+------------- |
|
| 20 |
+ |
|
| 21 |
+- ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option) |
|
| 22 |
+ |
|
| 23 |
+Bugfixes |
|
| 24 |
+-------- |
|
| 25 |
+ |
|
| 26 |
+- **SECURITY** - CVE-2019-14846 - Several Ansible plugins could disclose aws credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py, lookup/aws_account_attribute.py, and lookup/aws_secret.py, lookup/aws_ssm.py use the boto3 library from the Ansible process. The boto3 library logs credentials at log level DEBUG. If Ansible's logging was enabled (by setting LOG_PATH to a value) Ansible would set the global log level to DEBUG. This was inherited by boto and would then log boto credentials to the file specified by LOG_PATH. This did not affect aws ansible modules as those are executed in a separate process. This has been fixed by switching to log level INFO |
|
| 27 |
+- **security issue** - Convert CLI provided passwords to text initially, to prevent unsafe context being lost when converting from bytes->text during post processing of PlayContext. This prevents CLI provided passwords from being incorrectly templated (CVE-2019-14856) |
|
| 28 |
+ |
|
| 29 |
+- **security issue** - properly hide parameters marked with ``no_log`` in suboptions when invalid parameters are passed to the module (CVE-2019-14858) |
|
| 30 |
+- ACI modules - Fix a whitespace issue in filters for ACI 4.2 strict validation |
|
| 31 |
+ |
|
| 8 | 32 |
v2.7.13 |
| 9 | 33 |
======= |
| 10 | 34 |
|