Hi all, Ansible 2.5.14, 2.6.11, and 2.7.5 were released today. These releases include a fix for a reported security vulnerability, CVE-2018-16876 https://bugzilla.redhat.com/show_bug.cgi?id=1657330 as well as other general bugfixes.
CVE-2018-16876 prevented Ansible from respecting the no_log task setting for ssh output when verbosity was high and Ansible had to retry the ssh connection. The new releases are available via the usual installation methods on PyPI, https://releases.ansible.com/ansible/, and on GitHub. Detailed installation instructions are available at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html. The next releases for the 2.6 and 2.7 series are expected in January, after the winter holiday season is over. 2.5 will only release for security updates. Changelog links for each release and tarball SHAs from releases.ansible.com: - 2.7.5 URL: https://releases.ansible.com/ansible/ansible-2.7.5.tar.gz Changelog: https://github.com/ansible/ansible/blob/v2.7.5/changelogs/CHANGELOG-v2.7.rst SHA256: aaf9e1974bd12840ca055ac156f37601c08d73d726a3a6b98a2fe759a57051bb ansible-2.7.5.tar.gz - 2.6.11 URL: https://releases.ansible.com/ansible/ansible-2.6.11.tar.gz Changelog: https://github.com/ansible/ansible/blob/v2.6.11/changelogs/CHANGELOG-v2.6.rst SHA256: 2cc41e51a70a0e37d7db29e2f16af137bf548c3372fec4f7b48cc0575da55e32 ansible-2.6.11.tar.gz - 2.5.14 URL: https://releases.ansible.com/ansible/ansible-2.5.14.tar.gz Changelog: https://github.com/ansible/ansible/blob/v2.5.14/changelogs/CHANGELOG-v2.5.rst SHA256: 695ac8ebce0be57062924ff90f4b98cd61caa99cd21cdb10a964e3320524a069 ansible-2.5.14.tar.gz -Toshio Kuratomi (@abadger1999) -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.