From d28e4b63c7b70acbaf0a1fedd53c91b6686574a0 Mon Sep 17 00:00:00 2001
From: Matt Davis <mrd@redhat.com>
Date: Wed, 15 Jan 2020 15:04:55 -0800
Subject: New release v2.8.8

---
 changelogs/.changes.yaml                 | 36 ++++++++++++++++++++++
 changelogs/CHANGELOG-v2.8.rst            | 51 ++++++++++++++++++++++++++++++++
 changelogs/fragments/v2.8.8_summary.yaml |  3 ++
 lib/ansible/release.py                   |  2 +-
 4 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/v2.8.8_summary.yaml

diff --git a/changelogs/.changes.yaml b/changelogs/.changes.yaml
index bc2d3d6b67..806e8adb63 100644
--- a/changelogs/.changes.yaml
+++ b/changelogs/.changes.yaml
@@ -1994,3 +1994,39 @@ releases:
     - win_iis_website-restarted.yaml
     - win_partition-var.yaml
     release_date: '2019-11-13'
+  2.8.8:
+    codename: How Many More Times
+    fragments:
+    - 59887-scale-bug.yml
+    - 62348-yarn-no_version_install_fix.yml
+    - 63551-yum-single-YumBase-instantiation.yaml
+    - 63621-gitlab_user-fix-sshkey-and-user.yml
+    - 64397-netscaler_service-bugfix.yml
+    - 64648-acme_certificate-acmev1.yml
+    - 64902-fix-allow-duplicates-in-single-role.yml
+    - 64940_update_modules_docs_notes.yml
+    - 64941_update_modules_docs_notes.yml
+    - 64942_update_modules_docs_notes.yml
+    - 64943_update_modules_docs_notes.yml
+    - 64944_update_modules_docs_notes.yml
+    - 64945_update_modules_docs_notes.yml
+    - 65017-openssh_keypair-idempotence.yml
+    - 65018-docker-none-errors.yml
+    - 65065-plugins-netconf-ce-fix.yaml
+    - 65176-gitlab-runner-idempotency.yaml
+    - 65302-dnf-msg-return.yml
+    - 65435-openssl_csr-privatekey_path-required.yml
+    - 65839-docker_network-idempotence.yml
+    - 65854-docker_container-wait-for-removal.yml
+    - 65993-restart-docker_container-on-restart-policy-updates.yaml
+    - 66151-docker_swarm_service-healthcheck-start-period.yml
+    - ansible-test-coverage-constraint.yml
+    - ansible-test-ignore-pip-warnings.yml
+    - ansible-test-setuptools-constraint.yml
+    - fips-paramiko-import-error.yaml
+    - nxos_file_copy_path_issue.yml
+    - solaris_zone_name_fix.yml
+    - user-alpine-on-changed-fix.yaml
+    - v2.8.8_summary.yaml
+    - yum-enable-missing-repo.yaml
+    release_date: '2020-01-15'
diff --git a/changelogs/CHANGELOG-v2.8.rst b/changelogs/CHANGELOG-v2.8.rst
index c40204c110..0dd50ae044 100644
--- a/changelogs/CHANGELOG-v2.8.rst
+++ b/changelogs/CHANGELOG-v2.8.rst
@@ -5,6 +5,57 @@ Ansible 2.8 "How Many More Times" Release Notes
 .. contents:: Topics
 
 
+v2.8.8
+======
+
+Release Summary
+---------------
+
+| Release Date: 2020-01-15
+| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
+
+
+Minor Changes
+-------------
+
+- docker_container.py - update a containers restart_policy without restarting the container (https://github.com/ansible/ansible/issues/65993)
+
+Bugfixes
+--------
+
+- **SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. However, there is no user input validation done while performing actions. A malicious user could provide a crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding user input validation as per Solaris Zone documentation fixes this issue.
+- CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name and performs actions related to that on the device using the value of remote_file which is of string type However, there is no user input validation done while performing actions. A malicious code could crafts the filename parameter to take advantage by performing an OS command injection. This fix validates the option value if it is legitimate file path or not.
+- acme_certificate - fix misbehavior when ACME v1 is used with ``modify_account`` set to ``false``.
+- ansible-test no longer tries to install ``coverage`` 5.0+ since those versions are unsupported
+- ansible-test no longer tries to install ``setuptools`` 45+ on Python 2.x since those versions are unsupported
+- ansible-test now ignores warnings when comparing pip versions before and after integration tests run
+- ce modules - Update(add) docs notes to tell user modules work connection.
+- ce modules - Update(add) docs notes to tell user modules work connection.
+- ce modules - Update(add) docs notes to tell user modules work connection.
+- ce modules - Update(add) docs notes to tell user modules work connection.
+- ce modules - Update(add) docs notes to tell user modules work connection.
+- ce modules - Update(add) docs notes to tell user modules work connection.
+- decouple k8s_scale from the k8s module utils so that it doesn't complain about missing arguments
+- dnf module - Ensure the modules exit_json['msg'] response is always string, not sometimes a tuple.
+- docker_container - fix network idempotence comparison error.
+- docker_container - wait for removal of container if docker API returns early (https://github.com/ansible/ansible/issues/65811).
+- docker_network - fix idempotence comparison error.
+- docker_network - fix idempotency for multiple IPAM configs of the same IP version (https://github.com/ansible/ansible/issues/65815).
+- docker_network - validate IPAM config subnet CIDR notation on module setup and not during idempotence checking.
+- docker_swarm_service - fix task always reporting as changed when using ``healthcheck.start_period``.
+- gitlab_runner - fix idempotency for shared runner
+- gitlab_user - Fix adding ssh key to new/changed user and adding group membership for new/changed user
+- netscaler_service - fixed issue preventing use of graceful attribute
+- openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969).
+- openssl_csr - the module will now enforce that ``privatekey_path`` is specified when ``state=present``.
+- paramiko - catch and handle exception to prevent stack trace when running in FIPS mode
+- plugins-netconf-ce - Fix failed to get version information.
+- roles - Ensure that ``allow_duplicates: true`` enables to run single role multiple times (https://github.com/ansible/ansible/issues/64902)
+- user - on systems using busybox, honor the ``on_changed`` parameter to prevent unnecessary password changing (https://github.com/ansible/ansible/issues/65711)
+- yarn - handle no version when installing module by name (https://github.com/ansible/ansible/issues/55097)
+- yum - gracefully handle failure case of enabling a non existent repo, as the yum cli does (Fixes https://github.com/ansible/ansible/issues/52582)
+- yum - performance bugfix, the YumBase object was being  instantiated multiple times unnecessarily, which lead to considerable overhead when operating against large sets of packages.
+
 v2.8.7
 ======
 
diff --git a/changelogs/fragments/v2.8.8_summary.yaml b/changelogs/fragments/v2.8.8_summary.yaml
new file mode 100644
index 0000000000..0aab7b4302
--- /dev/null
+++ b/changelogs/fragments/v2.8.8_summary.yaml
@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2020-01-15
+   | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
diff --git a/lib/ansible/release.py b/lib/ansible/release.py
index ee19f51026..35bd82d86f 100644
--- a/lib/ansible/release.py
+++ b/lib/ansible/release.py
@@ -19,6 +19,6 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-__version__ = '2.8.7.post0'
+__version__ = '2.8.8'
 __author__ = 'Ansible, Inc.'
 __codename__ = 'How Many More Times'
-- 
cgit v1.2.1