diff options
author | Rick Elrod <rick@elrod.me> | 2021-04-05 21:43:54 -0500 |
---|---|---|
committer | Rick Elrod <rick@elrod.me> | 2021-04-05 21:43:54 -0500 |
commit | 2b584b6f3d8801e70ea198487461ed285bf336b3 (patch) | |
tree | 2c21dd80cd6b830683b93274b6df4ab7533a5498 | |
parent | 6ac19b7757670029b895b62c4458e8ad2bc965b3 (diff) | |
download | ansible-2b584b6f3d8801e70ea198487461ed285bf336b3.tar.gz |
New release v2.8.20rc1v2.8.20rc1
-rw-r--r-- | changelogs/.changes.yaml | 11 | ||||
-rw-r--r-- | changelogs/CHANGELOG-v2.8.rst | 73 | ||||
-rw-r--r-- | changelogs/fragments/v2.8.20rc1_summary.yaml | 3 | ||||
-rw-r--r-- | lib/ansible/release.py | 2 |
4 files changed, 88 insertions, 1 deletions
diff --git a/changelogs/.changes.yaml b/changelogs/.changes.yaml index 86897a054a..3f5810d790 100644 --- a/changelogs/.changes.yaml +++ b/changelogs/.changes.yaml @@ -1863,6 +1863,17 @@ releases: - win_get_url-Fix-restricted-header-handling.yml - win_shell-arg-space.yaml release_date: '2019-07-03' + 2.8.20rc1: + codename: How Many More Times + fragments: + - 471-no_log.yml + - community.aws-475-no_log-missing.yml + - community.docker-103-docker_swarm-no_log.yml + - community.general-2018-missing-no_log-again.yml + - community.network-223-no_log-missing.yml + - more-no_log-fixes.yml + - v2.8.20rc1_summary.yaml + release_date: '2021-04-05' 2.8.3: codename: How Many More Times fragments: diff --git a/changelogs/CHANGELOG-v2.8.rst b/changelogs/CHANGELOG-v2.8.rst index 1714fddf82..8ab5becafb 100644 --- a/changelogs/CHANGELOG-v2.8.rst +++ b/changelogs/CHANGELOG-v2.8.rst @@ -5,6 +5,79 @@ Ansible 2.8 "How Many More Times" Release Notes .. contents:: Topics +v2.8.20rc1 +========== + +Release Summary +--------------- + +| Release Date: 2021-04-05 +| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + +Breaking Changes / Porting Guide +-------------------------------- + +- docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447) + +Security Fixes +-------------- + +- avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447) +- avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447) +- avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447) +- aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447) +- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471) (CVE-2021-3447). +- azure_rm_devtestlabartifactsource - ``security_token`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- bigip_device_license - ``license_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- bigip_dns_nameserver - ``tsig_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- bigip_dns_zone - ``tsig_server_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- bigip_profile_client_ssl - ``key`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447) +- fortios_dlp_fp_doc_source - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_endpoint_control_forticlient_ems - ``admin_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_endpoint_control_profile - ``preshared_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_endpoint_control_settings - ``forticlient_reg_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_extender_controller_extender - ``aaa_shared_secret``, ``ha_shared_secret``, ``modem_passwd``, and ``ppp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_firewall_ssh_local_ca - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_firewall_ssh_local_key - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_log_disk_setting - ``uploadpass`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_router_bgp - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_router_ospf - ``authentication_key`` and `md5_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_router_rip - ``auth_string`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_system_admin - ``fortitoken`` and ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_system_api_user - ``api_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_system_interface - ``password`` and ``pptp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_system_sdn_connector - ``access_key``, ``client_secret``, ``key_passwd``, ``password``, ``private_key``, and ``secret_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_system_virtual_wan_link - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_user_radius - ``secret``, ``rsso_secret``, ``secondary_secret``, and ``tertiary_secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_user_tacacsplus - ``key``, ``secondary_key``, and ``tertiary_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_vpn_ipsec_manualkey - ``authkey`` and ``enckey`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_vpn_ipsec_manualkey_interface - ``auth_key`` and ``enc_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_vpn_ipsec_phase1 - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_vpn_ipsec_phase1_interface - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_vpn_ssl_web_portal - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_wireless_controller_vap - ``captive_portal_macauth_radius_secret``, ``captive_portal_radius_secret``, ``key``, and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_wireless_controller_wtp - ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- fortios_wireless_controller_wtp_profile - ``fortipresence_secret`` and ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- gcp_compute_instance - ``raw_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- gcp_container_cluster - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- gcp_sql_instance - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- ios_ntp - ``auth_key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- logentries_msg - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). (CVE-2021-3447) +- na_elementsw_cluster_snmp - ``password`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- netscaler_lb_monitor - ``password`` and ``secondarypassword`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- nxos_aaa_server_host - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- ovirt_auth - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- pingdom - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- rollbar_deployment - ``token` no longer appears in logs (``no_log``) (CVE-2021-3447) +- stackdriver - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447) +- sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447) +- tower_credential - ``security_token`` and ``secret`` no longer appears in logs (``no_log``) (CVE-2021-3447) +- zabbix_action - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447) + v2.8.19 ======= diff --git a/changelogs/fragments/v2.8.20rc1_summary.yaml b/changelogs/fragments/v2.8.20rc1_summary.yaml new file mode 100644 index 0000000000..2a0d37c5a9 --- /dev/null +++ b/changelogs/fragments/v2.8.20rc1_summary.yaml @@ -0,0 +1,3 @@ +release_summary: | + | Release Date: 2021-04-05 + | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ diff --git a/lib/ansible/release.py b/lib/ansible/release.py index 29e5ab6a8e..ff6ed7b45e 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.8.19.post0' +__version__ = '2.8.20rc1' __author__ = 'Ansible, Inc.' __codename__ = 'How Many More Times' |