diff options
author | Rick Elrod <rick@elrod.me> | 2021-02-08 19:05:25 -0600 |
---|---|---|
committer | Rick Elrod <rick@elrod.me> | 2021-02-08 19:05:25 -0600 |
commit | 16ba79b5acb43db10fdfe74c791ceeb73184091a (patch) | |
tree | b8041b332f3c3164fd70799a7f540373c1d31ae2 | |
parent | 069311bff3c6c9bf4bc0120ec4a493644acdc9b4 (diff) | |
download | ansible-2.9.18rc1.tar.gz |
New release v2.9.18rc1v2.9.18rc1
-rw-r--r-- | changelogs/.changes.yaml | 24 | ||||
-rw-r--r-- | changelogs/CHANGELOG-v2.9.rst | 100 | ||||
-rw-r--r-- | changelogs/fragments/v2.9.18rc1_summary.yaml | 3 | ||||
-rw-r--r-- | lib/ansible/release.py | 2 |
4 files changed, 128 insertions, 1 deletions
diff --git a/changelogs/.changes.yaml b/changelogs/.changes.yaml index 98e943fe41..8da75b5084 100644 --- a/changelogs/.changes.yaml +++ b/changelogs/.changes.yaml @@ -1718,6 +1718,30 @@ releases: - systemd-preserve-full-unit-name.yml - v2.9.17rc1_summary.yaml release_date: '2021-01-11' + 2.9.18rc1: + codename: Immigrant Song + fragments: + - 16456-correct-YAML-error-message-when-file-load-failed.yml + - 42-postgresql_set_add_message_when_parameter_not_found.yml + - 43-postgresql_modules_fix_version_parsing.yml + - 46-postgresql_query_fix_decimal_handling.yml + - 51-postgresql_query_fix_datetime_timedelta_type_handling.yml + - 58466-FIX_win_find-Bug-Get-FileStat_fails_on_large_files.yml + - 72615-jinja-import-context-fix.yml + - 73167-bhyve-facts.yml + - 87-mysql_user_update_valid_privs_frozen_set.yml + - ansible-test-pip-bootstrap-s3.yml + - ansible-test-pip-bootstrap.yml + - ansible-test-pylint-python-3.8.yml + - cve_bitbucket_pipeline_variable.yml + - inventory-cache-file-missing-warning.yaml + - new-nolog-entries.yml + - no_log-fallback.yml + - pause-do-not-warn-background-with-seconds.yml + - psrp-json-loads-bytes.yml + - snmp_facts.yml + - v2.9.18rc1_summary.yaml + release_date: '2021-02-08' 2.9.2: codename: Immigrant Song fragments: diff --git a/changelogs/CHANGELOG-v2.9.rst b/changelogs/CHANGELOG-v2.9.rst index 69003e8b11..17a90d2345 100644 --- a/changelogs/CHANGELOG-v2.9.rst +++ b/changelogs/CHANGELOG-v2.9.rst @@ -5,6 +5,106 @@ Ansible 2.9 "Immigrant Song" Release Notes .. contents:: Topics +v2.9.18rc1 +========== + +Release Summary +--------------- + +| Release Date: 2021-02-08 +| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + +Minor Changes +------------- + +- ansible-test - The ``pylint`` sanity test is now supported on Python 3.8. +- inventory cache - do not show a warning when the cache file does not (yet) exist. + +Security Fixes +-------------- + +- **security issue** - Mask default and fallback values for ``no_log`` module options (CVE-2021-20228) +- _sf_account_manager - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- _sf_account_manager - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_active_directory - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_active_directory - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_filesystems - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_filesystems - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_pool - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_pool - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_snapshots - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- aws_netapp_cvs_snapshots - `secret_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- bitbucket_pipeline_variable - hide user sensitive information which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635) (CVE-2021-20180). +- ce_vrrp - `auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- cp_mgmt_vpn_community_meshed - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- cp_mgmt_vpn_community_star - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- docker_swarm - `signing_ca_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_backend_service - `oauth2_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_disk - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_disk - `source_image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_disk - `source_snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_image - `image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_image - `source_disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_instance_template - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_instance_template - `source_image_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_region_disk - `disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_region_disk - `source_snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_snapshot - `snapshot_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_snapshot - `source_disk_encryption_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_ssl_certificate - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_compute_vpn_tunnel - `shared_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gcp_sql_instance - `client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- gitlab_runner - `registration_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- iap_start_workflow - `token_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- ibm_sa_host - `iscsi_chap_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- keycloak_client - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- keycloak_client - `registration_access_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- keycloak_clienttemplate - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- keycloak_group - `auth_client_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- librato_annotation - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- na_elementsw_account - `initiator_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- na_elementsw_account - `target_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- netscaler_lb_monitor - `radkey` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- nios_nsgroup - `tsig_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- nxos_aaa_server - `global_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- nxos_pim_interface - `hello_auth_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- oneandone_firewall_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- oneandone_load_balancer - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- oneandone_monitoring_policy - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- oneandone_private_network - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- oneandone_public_ip - `auth_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- ovirt - `instance_rootpw` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- pagerduty_alert - `api_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- pagerduty_alert - `integration_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- pagerduty_alert - `service_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- pulp_repo - `feed_client_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- rax_clb_ssl - `private_key` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- snmp_facts - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621) (CVE-2021-20178). +- spotinst_aws_elastigroup - `multai_token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- spotinst_aws_elastigroup - `token` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). +- utm_proxy_auth_profile - `frontend_cookie_secret` is now masked with no_log and no longer emitted in logging/output (CVE-2021-20191). + +Bugfixes +-------- + +- Fix incorrect variable scoping when using ``import with context`` in Jinja2 templates. (https://github.com/ansible/ansible/issues/72615) +- ansible-test - The ``--remote`` option has been updated for Python 2.7 to work around breaking changes in the newly released ``get-pip.py`` bootstrapper. +- ansible-test - The ``--remote`` option has been updated to use a versioned ``get-pip.py`` bootstrapper to avoid issues with future releases. +- display correct error information when an error exists in the last line of the file (https://github.com/ansible/ansible/issues/16456) +- facts - properly report virtualization facts for Linux guests running on bhyve (https://github.com/ansible/ansible/issues/73167) +- mysql_user - add ``INVOKE LAMBDA`` privilege support (https://github.com/ansible-collections/community.general/issues/283). +- mysql_user - add ``SHOW_ROUTINE`` privilege support (https://github.com/ansible-collections/community.mysql/issues/86). +- mysql_user - add missed privileges to support (https://github.com/ansible-collections/community.general/issues/617). +- pause - do not warn when running in the background if a timeout is provided (https://github.com/ansible/ansible/issues/73042) +- postgresql_info - fix crash caused by wrong PgSQL version parsing (https://github.com/ansible-collections/community.postgresql/issues/40). +- postgresql_ping - fix crash caused by wrong PgSQL version parsing (https://github.com/ansible-collections/community.postgresql/issues/40). +- postgresql_query - fix datetime.timedelta type handling (https://github.com/ansible-collections/community.postgresql/issues/47). +- postgresql_query - fix decimal handling (https://github.com/ansible-collections/community.postgresql/issues/45). +- postgresql_set - return a message instead of traceback when a passed parameter has not been found (https://github.com/ansible-collections/community.postgresql/issues/41). +- psrp connection plugin - ``to_text(stdout)`` before json.loads in psrp.Connection.put_file in case stdout is bytes. +- win_find - Get-FileStat used [int] instead of [int64] for file size calculations + v2.9.17 ======= diff --git a/changelogs/fragments/v2.9.18rc1_summary.yaml b/changelogs/fragments/v2.9.18rc1_summary.yaml new file mode 100644 index 0000000000..5c863c94e0 --- /dev/null +++ b/changelogs/fragments/v2.9.18rc1_summary.yaml @@ -0,0 +1,3 @@ +release_summary: | + | Release Date: 2021-02-08 + | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ diff --git a/lib/ansible/release.py b/lib/ansible/release.py index bafe95622d..619997f500 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.9.17.post0' +__version__ = '2.9.18rc1' __author__ = 'Ansible, Inc.' __codename__ = 'Immigrant Song' |