diff options
author | James Cammarata <jimi@sngx.net> | 2016-10-31 21:41:58 -0500 |
---|---|---|
committer | James Cammarata <jimi@sngx.net> | 2016-10-31 22:19:37 -0500 |
commit | 23812ab87d72e0170b3035fd33244987219c86a4 (patch) | |
tree | 952c379ce5ccfe8f35fa23474ea8d03a5d2001cb | |
parent | 1f80e35312413eb3ea86d5c1c79083e41cd72bab (diff) | |
download | ansible-23812ab87d72e0170b3035fd33244987219c86a4.tar.gz |
Updating CHANGELOG for CVEs fixed in 2.2.0
-rw-r--r-- | CHANGELOG.md | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 911007a828..05b343d91a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,12 @@ Ansible Changes By Release ========================== -## 2.2 "The Battle of Evermore" - ACTIVE DEVELOPMENT +## 2.2 "The Battle of Evermore" - 11-01-2016 ###Major Changes: +* Security fix for CVE-2016-8628 - Command injection by compromised server via fact variables. In some situations, facts returned by modules could overwrite connection-based facts or some other special variables, leading to injected commands running on the Ansible controller as the user running Ansible (or via escalated permissions). +* Security fix for CVE-2016-8614 - apt_key module not properly validating keys in some situations. * Added the `listen` feature for modules. This feature allows tasks to more easily notify multiple handlers, as well as making it easier for handlers from decoupled roles to be notified. * Major performance improvements. * Added support for binary modules @@ -289,9 +291,6 @@ Ansible Changes By Release * Fix for yum module incorrectly thinking it succeeded in installing packages * Make the default ansible_managed template string into a static string since all of the replacable values lead to non-idempotent behaviour. -* apt_key fixes for when the user specifies a longer key id. These allow more - specific targetting of keys to download while still working around - limitations in the apt-key tool that require shorter key id strings. ###For custom front ends using the API: * ansible.parsing.vault: |