New release v2.8.20rc1v2.8.20rc1

4 files changed, 88 insertions, 1 deletions

diff --git a/changelogs/.changes.yaml b/changelogs/.changes.yaml
index 86897a054a..3f5810d790 100644
--- a/changelogs/.changes.yaml
+++ b/changelogs/.changes.yaml
@@ -1863,6 +1863,17 @@ releases:
     - win_get_url-Fix-restricted-header-handling.yml
     - win_shell-arg-space.yaml
     release_date: '2019-07-03'
+  2.8.20rc1:
+    codename: How Many More Times
+    fragments:
+    - 471-no_log.yml
+    - community.aws-475-no_log-missing.yml
+    - community.docker-103-docker_swarm-no_log.yml
+    - community.general-2018-missing-no_log-again.yml
+    - community.network-223-no_log-missing.yml
+    - more-no_log-fixes.yml
+    - v2.8.20rc1_summary.yaml
+    release_date: '2021-04-05'
   2.8.3:
     codename: How Many More Times
     fragments:
diff --git a/changelogs/CHANGELOG-v2.8.rst b/changelogs/CHANGELOG-v2.8.rst
index 1714fddf82..8ab5becafb 100644
--- a/changelogs/CHANGELOG-v2.8.rst
+++ b/changelogs/CHANGELOG-v2.8.rst
@@ -5,6 +5,79 @@ Ansible 2.8 "How Many More Times" Release Notes
 .. contents:: Topics
 
 
+v2.8.20rc1
+==========
+
+Release Summary
+---------------
+
+| Release Date: 2021-04-05
+| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
+
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)
+
+Security Fixes
+--------------
+
+- avi_cloudconnectoruser - mark the ``azure_userpass`` parameter as ``no_log`` to prevent leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)
+- avi_sslkeyandcertificate - mark the ``enckey_base64`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)
+- avi_webhook - mark the ``verification_token`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/community.network/pull/223). (CVE-2021-3447)
+- aws_direct_connect_virtual_interface - mark the ``authentication_key`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)
+- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471) (CVE-2021-3447).
+- azure_rm_devtestlabartifactsource - ``security_token`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- bigip_device_license - ``license_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- bigip_dns_nameserver - ``tsig_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- bigip_dns_zone - ``tsig_server_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- bigip_profile_client_ssl - ``key`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). (CVE-2021-3447)
+- fortios_dlp_fp_doc_source - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_endpoint_control_forticlient_ems - ``admin_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_endpoint_control_profile - ``preshared_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_endpoint_control_settings - ``forticlient_reg_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_extender_controller_extender - ``aaa_shared_secret``, ``ha_shared_secret``, ``modem_passwd``, and ``ppp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_firewall_ssh_local_ca - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_firewall_ssh_local_key - ``password`` and ``private_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_log_disk_setting - ``uploadpass`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_router_bgp - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_router_ospf - ``authentication_key`` and `md5_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_router_rip - ``auth_string`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_system_admin - ``fortitoken`` and ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_system_api_user - ``api_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_system_interface - ``password`` and ``pptp_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_system_sdn_connector - ``access_key``, ``client_secret``, ``key_passwd``, ``password``, ``private_key``, and ``secret_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_system_virtual_wan_link - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_user_radius - ``secret``, ``rsso_secret``, ``secondary_secret``, and ``tertiary_secret`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_user_tacacsplus - ``key``, ``secondary_key``, and ``tertiary_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_vpn_ipsec_manualkey - ``authkey`` and ``enckey`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_vpn_ipsec_manualkey_interface - ``auth_key`` and ``enc_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_vpn_ipsec_phase1 - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_vpn_ipsec_phase1_interface - ``authpasswd``, ``group_authentication_secret``, ``ppk_secret``, ``psksecret``, and ``psksecret_remote`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_vpn_ssl_web_portal - ``logon_password`` and ``sso_password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_wireless_controller_vap - ``captive_portal_macauth_radius_secret``, ``captive_portal_radius_secret``, ``key``, and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_wireless_controller_wtp - ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- fortios_wireless_controller_wtp_profile - ``fortipresence_secret`` and ``login_passwd`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- gcp_compute_instance - ``raw_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- gcp_container_cluster - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- gcp_sql_instance - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- ios_ntp - ``auth_key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- logentries_msg - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). (CVE-2021-3447)
+- na_elementsw_cluster_snmp - ``password`` and ``passphrase`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- netscaler_lb_monitor - ``password`` and ``secondarypassword`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- nxos_aaa_server_host - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- ovirt_auth - ``token`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- pingdom - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- rollbar_deployment - ``token` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- stackdriver - ``key`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- sts_assume_role - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)
+- sts_session_token - mark the ``mfa_token`` parameter as ``no_log`` to avoid accidental leaking of secrets in logs (https://github.com/ansible-collections/community.aws/pull/475). (CVE-2021-3447)
+- tower_credential - ``security_token`` and ``secret`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+- zabbix_action - ``password`` no longer appears in logs (``no_log``) (CVE-2021-3447)
+
 v2.8.19
 =======
 
diff --git a/changelogs/fragments/v2.8.20rc1_summary.yaml b/changelogs/fragments/v2.8.20rc1_summary.yaml
new file mode 100644
index 0000000000..2a0d37c5a9
--- /dev/null
+++ b/changelogs/fragments/v2.8.20rc1_summary.yaml
@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2021-04-05
+   | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
diff --git a/lib/ansible/release.py b/lib/ansible/release.py
index 29e5ab6a8e..ff6ed7b45e 100644
--- a/lib/ansible/release.py
+++ b/lib/ansible/release.py
@@ -19,6 +19,6 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-__version__ = '2.8.19.post0'
+__version__ = '2.8.20rc1'
 __author__ = 'Ansible, Inc.'
 __codename__ = 'How Many More Times'