... | ... |
@@ -656,6 +656,16 @@ releases: |
656 | 656 |
- dont_template_passwords_from_prompt.yml |
657 | 657 |
- v2.7.13_summary.yaml |
658 | 658 |
release_date: '2019-08-15' |
659 |
+ 2.7.14: |
|
660 |
+ codename: In the Light |
|
661 |
+ fragments: |
|
662 |
+ - aci-42-filter-whitespace.yaml |
|
663 |
+ - ansible-test-redact.yml |
|
664 |
+ - boto-logging-credentials.yml |
|
665 |
+ - dont-template-cli-passwords.yml |
|
666 |
+ - no-log-sub-options-invalid-parameter.yaml |
|
667 |
+ - v2.7.14_summary.yaml |
|
668 |
+ release_date: '2019-10-17' |
|
659 | 669 |
2.7.2: |
660 | 670 |
codename: In the Light |
661 | 671 |
fragments: |
... | ... |
@@ -5,6 +5,30 @@ Ansible 2.7 "In the Light" Release Notes |
5 | 5 |
.. contents:: Topics |
6 | 6 |
|
7 | 7 |
|
8 |
+v2.7.14 |
|
9 |
+======= |
|
10 |
+ |
|
11 |
+Release Summary |
|
12 |
+--------------- |
|
13 |
+ |
|
14 |
+| Release Date: 2019-10-17 |
|
15 |
+| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ |
|
16 |
+ |
|
17 |
+ |
|
18 |
+Minor Changes |
|
19 |
+------------- |
|
20 |
+ |
|
21 |
+- ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option) |
|
22 |
+ |
|
23 |
+Bugfixes |
|
24 |
+-------- |
|
25 |
+ |
|
26 |
+- **SECURITY** - CVE-2019-14846 - Several Ansible plugins could disclose aws credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py, lookup/aws_account_attribute.py, and lookup/aws_secret.py, lookup/aws_ssm.py use the boto3 library from the Ansible process. The boto3 library logs credentials at log level DEBUG. If Ansible's logging was enabled (by setting LOG_PATH to a value) Ansible would set the global log level to DEBUG. This was inherited by boto and would then log boto credentials to the file specified by LOG_PATH. This did not affect aws ansible modules as those are executed in a separate process. This has been fixed by switching to log level INFO |
|
27 |
+- **security issue** - Convert CLI provided passwords to text initially, to prevent unsafe context being lost when converting from bytes->text during post processing of PlayContext. This prevents CLI provided passwords from being incorrectly templated (CVE-2019-14856) |
|
28 |
+ |
|
29 |
+- **security issue** - properly hide parameters marked with ``no_log`` in suboptions when invalid parameters are passed to the module (CVE-2019-14858) |
|
30 |
+- ACI modules - Fix a whitespace issue in filters for ACI 4.2 strict validation |
|
31 |
+ |
|
8 | 32 |
v2.7.13 |
9 | 33 |
======= |
10 | 34 |
|