diff options
author | Matt Clay <matt@mystile.com> | 2020-04-16 16:33:11 -0700 |
---|---|---|
committer | Matt Clay <matt@mystile.com> | 2020-04-16 16:33:11 -0700 |
commit | b9ebc0ceefd2bad292b75f5e2e5f7340fd23e896 (patch) | |
tree | 547133db136f42fbed994584bab6dde1a946b39e | |
parent | 6f75aa26648de5d9882528c3862f5127230bf31f (diff) | |
download | ansible-b9ebc0ceefd2bad292b75f5e2e5f7340fd23e896.tar.gz |
New release v2.8.11v2.8.11
-rw-r--r-- | changelogs/.changes.yaml | 17 | ||||
-rw-r--r-- | changelogs/CHANGELOG-v2.8.rst | 36 | ||||
-rw-r--r-- | changelogs/fragments/v2.8.11_summary.yaml | 3 | ||||
-rw-r--r-- | lib/ansible/release.py | 2 |
4 files changed, 57 insertions, 1 deletions
diff --git a/changelogs/.changes.yaml b/changelogs/.changes.yaml index bc9855466a..96166efee9 100644 --- a/changelogs/.changes.yaml +++ b/changelogs/.changes.yaml @@ -1633,6 +1633,23 @@ releases: - openstack-regression.yml - v2.8.10_summary.yaml release_date: '2020-03-05' + 2.8.11: + codename: How Many More Times + fragments: + - 63280-fix_acl_spaces_in_path.yml + - 64906-always-delegate-fact-prefixes.yml + - af_clean.yml + - ansible-test-opensuse-15.1.yml + - ansible-test-rhel-7.8.yml + - fetch_no_slurp.yml + - ldap-params-removal.yml + - remote_mkdir_fix.yml + - subversion_password.yaml + - v2.8.11_summary.yaml + - vault_tmp_file.yml + - vault_tmp_race_fix.yml + - win-unzip-check-extraction-path.yml + release_date: '2020-04-16' 2.8.2: codename: How Many More Times fragments: diff --git a/changelogs/CHANGELOG-v2.8.rst b/changelogs/CHANGELOG-v2.8.rst index ceb35c1a46..e6aa7b7971 100644 --- a/changelogs/CHANGELOG-v2.8.rst +++ b/changelogs/CHANGELOG-v2.8.rst @@ -5,6 +5,42 @@ Ansible 2.8 "How Many More Times" Release Notes .. contents:: Topics +v2.8.11 +======= + +Release Summary +--------------- + +| Release Date: 2020-04-16 +| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + +Minor Changes +------------- + +- ansible-test - Upgrade OpenSUSE containers to use Leap 15.1. +- ansible-test now supports testing against RHEL 7.8 when using the ``--remote`` option. + +Removed Features (previously deprecated) +---------------------------------------- + +- ldap_attr, ldap_entry - The ``params`` option has been removed in Ansible-2.10 as it circumvents Ansible's option handling. Setting ``bind_pw`` with the ``params`` option was disallowed in Ansible-2.7, 2.8, and 2.9 as it was insecure. For information about this policy, see the discussion at: https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html This fixes CVE-2020-1746 + +Bugfixes +-------- + +- **security issue** - The ``subversion`` module provided the password via the svn command line option ``--password`` and can be retrieved from the host's /proc/<pid>/cmdline file. Update the module to use the secure ``--password-from-stdin`` option instead, and add a warning in the module and in the documentation if svn version is too old to support it. (CVE-2020-1739) + +- **security issue** win_unzip - normalize paths in archive to ensure extracted files do not escape from the target directory (CVE-2020-1737) + +- **security_issue** - create temporary vault file with strict permissions when editing and prevent race condition (CVE-2020-1740) +- Ensure DataLoader temp files are removed at appropriate times and that we observe the LOCAL_TMP setting. +- Ensure we don't allow ansible_facts subkey of ansible_facts to override top level, also fix 'deprefixing' to prevent key transforms. +- Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733 +- Fact Delegation - Add ability to indicate which facts must always be delegated. Primarily for ``discovered_interpreter_python`` right now, but extensible later. (https://github.com/ansible/ansible/issues/61002) +- In fetch action, avoid using slurp return to set up dest, also ensure no dir traversal CVE-2019-3828. +- acl - fixed module failure if there are spaces in a path + v2.8.10 ======= diff --git a/changelogs/fragments/v2.8.11_summary.yaml b/changelogs/fragments/v2.8.11_summary.yaml new file mode 100644 index 0000000000..e239de64d0 --- /dev/null +++ b/changelogs/fragments/v2.8.11_summary.yaml @@ -0,0 +1,3 @@ +release_summary: | + | Release Date: 2020-04-16 + | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ diff --git a/lib/ansible/release.py b/lib/ansible/release.py index 9a0a0cec03..df41080d19 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.8.10.post0' +__version__ = '2.8.11' __author__ = 'Ansible, Inc.' __codename__ = 'How Many More Times' |