Backporting CHANGELOG/RELEASES and packaging updates for 1.6.7-8 releases

author: James Cammarata <jimi@sngx.net> 2014-07-22 17:26:15 -0500
committer: James Cammarata <jimi@sngx.net> 2014-07-22 17:26:15 -0500
commit: d2a130971ac6058c9467821d4fe10ce5d81cd855 (patch)
tree: 6995053ffb4d31721d31161f1f62f7c7176103ec /CHANGELOG.md
parent: 75e5b6401c65da9de8ec4acee0dd54cabdcdb546 (diff)
download: ansible-d2a130971ac6058c9467821d4fe10ce5d81cd855.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c3d19a288..2c6c4d864c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,18 @@ Other notable changes:
 * Inventory speed improvements for very large inventories.
 * Vault password files can now be executable, to support scripts that fetch the vault password.
 
+## 1.6.8 "And the Cradle Will Rock" - Jul 22, 2014
+
+- Corrects a regression in the way shell and command parameters were being parsed
+
+## 1.6.7 "And the Cradle Will Rock" - Jul 21, 2014
+
+- Security fixes:
+  * Strip lookup calls out of inventory variables and clean unsafe data
+    returned from lookup plugins (CVE-2014-4966)
+  * Make sure vars don't insert extra parameters into module args and prevent
+    duplicate params from superseding previous params (CVE-2014-4967)
+
 ## 1.6.6 "And the Cradle Will Rock" - Jul 01, 2014
 
 - Security updates to further protect against the incorrect execution of untrusted data
author	James Cammarata <jimi@sngx.net>	2014-07-22 17:26:15 -0500
committer	James Cammarata <jimi@sngx.net>	2014-07-22 17:26:15 -0500
commit	d2a130971ac6058c9467821d4fe10ce5d81cd855 (patch)
tree	6995053ffb4d31721d31161f1f62f7c7176103ec /CHANGELOG.md
parent	75e5b6401c65da9de8ec4acee0dd54cabdcdb546 (diff)
download	ansible-d2a130971ac6058c9467821d4fe10ce5d81cd855.tar.gz