diff options
author | Toshio Kuratomi <a.badger@gmail.com> | 2019-10-17 09:46:03 -0700 |
---|---|---|
committer | Toshio Kuratomi <a.badger@gmail.com> | 2019-10-17 09:46:03 -0700 |
commit | 71affa9d7c2e051951bd8cbd909e6c19203e1a2b (patch) | |
tree | 78042e06dc7f9ccc5e8bedbdd137d539d54193d6 | |
parent | 0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b (diff) | |
download | ansible-71affa9d7c2e051951bd8cbd909e6c19203e1a2b.tar.gz |
New release v2.7.14v2.7.14
-rw-r--r-- | changelogs/.changes.yaml | 10 | ||||
-rw-r--r-- | changelogs/CHANGELOG-v2.7.rst | 24 | ||||
-rw-r--r-- | changelogs/fragments/v2.7.14_summary.yaml | 3 | ||||
-rw-r--r-- | lib/ansible/release.py | 2 |
4 files changed, 38 insertions, 1 deletions
diff --git a/changelogs/.changes.yaml b/changelogs/.changes.yaml index afc18f8375..0f245abfd5 100644 --- a/changelogs/.changes.yaml +++ b/changelogs/.changes.yaml @@ -656,6 +656,16 @@ releases: - dont_template_passwords_from_prompt.yml - v2.7.13_summary.yaml release_date: '2019-08-15' + 2.7.14: + codename: In the Light + fragments: + - aci-42-filter-whitespace.yaml + - ansible-test-redact.yml + - boto-logging-credentials.yml + - dont-template-cli-passwords.yml + - no-log-sub-options-invalid-parameter.yaml + - v2.7.14_summary.yaml + release_date: '2019-10-17' 2.7.2: codename: In the Light fragments: diff --git a/changelogs/CHANGELOG-v2.7.rst b/changelogs/CHANGELOG-v2.7.rst index 25333065db..1796c33712 100644 --- a/changelogs/CHANGELOG-v2.7.rst +++ b/changelogs/CHANGELOG-v2.7.rst @@ -5,6 +5,30 @@ Ansible 2.7 "In the Light" Release Notes .. contents:: Topics +v2.7.14 +======= + +Release Summary +--------------- + +| Release Date: 2019-10-17 +| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + +Minor Changes +------------- + +- ansible-test defaults to redacting sensitive values (disable with the ``--no-redact`` option) + +Bugfixes +-------- + +- **SECURITY** - CVE-2019-14846 - Several Ansible plugins could disclose aws credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py, lookup/aws_account_attribute.py, and lookup/aws_secret.py, lookup/aws_ssm.py use the boto3 library from the Ansible process. The boto3 library logs credentials at log level DEBUG. If Ansible's logging was enabled (by setting LOG_PATH to a value) Ansible would set the global log level to DEBUG. This was inherited by boto and would then log boto credentials to the file specified by LOG_PATH. This did not affect aws ansible modules as those are executed in a separate process. This has been fixed by switching to log level INFO +- **security issue** - Convert CLI provided passwords to text initially, to prevent unsafe context being lost when converting from bytes->text during post processing of PlayContext. This prevents CLI provided passwords from being incorrectly templated (CVE-2019-14856) + +- **security issue** - properly hide parameters marked with ``no_log`` in suboptions when invalid parameters are passed to the module (CVE-2019-14858) +- ACI modules - Fix a whitespace issue in filters for ACI 4.2 strict validation + v2.7.13 ======= diff --git a/changelogs/fragments/v2.7.14_summary.yaml b/changelogs/fragments/v2.7.14_summary.yaml new file mode 100644 index 0000000000..b136c13811 --- /dev/null +++ b/changelogs/fragments/v2.7.14_summary.yaml @@ -0,0 +1,3 @@ +release_summary: | + | Release Date: 2019-10-17 + | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ diff --git a/lib/ansible/release.py b/lib/ansible/release.py index 1dd3fe4d3d..ea43757a87 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.7.13.post0' +__version__ = '2.7.14' __author__ = 'Ansible, Inc.' __codename__ = 'In the Light' |