Hi all- we're happy to announce that the general release of Ansible 2.8.6, 2.7.14, 2.6.20, and a new prerelease of 2.9.0, 2.9.0rc4, are now available!
How do you get it? ------------------ $ pip install ansible==2.8.6 --user or $ pip install ansible==2.7.14 --user or $ pip install ansible==2.6.20 --user or $ pip install ansible==2.9.0rc4 --user The tar.gz of the releases can be found here: * 2.8.6 https://releases.ansible.com/ansible/ansible-2.8.6.tar.gz SHA256: 31203b27c9d61123e8c86b6eb5116a21859ed4f26d55a1a71eaf27bd92bce355 * 2.7.14 https://releases.ansible.com/ansible/ansible-2.7.14.tar.gz SHA256: 6a52f43b5e4446aa04f3907a750010fbbf41eb050cb726065c6c877ed3a98d02 * 2.6.20 https://releases.ansible.com/ansible/ansible-2.6.20.tar.gz SHA256: 16cfb99d7f321cec408afcd3ead538337ebc3247c7a77080e5cabb58054e2a0b * 2.9.0rc4 https://releases.ansible.com/ansible/ansible-2.9.0rc4.tar.gz SHA256: 563f21d7720efbf4def9820ca17790eed33b2c1aaaa6dacea99d28f8fe2e5237 What's new in 2.8.6, 2.7.14, 2.6.20, and 2.9.0rc4 ------------------------------------------------- These releases contain fixes for three CVEs: * ansible: Incomplete fix for CVE-2019-10206 (CVE-2019-14856) * ansible: sub parameters marked as no_log are not masked in certain failure scenarios (CVE-2019-14858) * ansible: secrets disclosed on logs when no_log enabled (CVE-2019-14846) [Note: This cve did not affect 2.9.0rc4 as Ansible 2.9 had changed the affected code as part of an unrelated cleanup] Ansible-2.6.20 is only seeing security fixes at this point in its lifecycle but 2.7.x, 2.8.x, and 2.9.x saw other bugfixes as well. Please see the full changelogs for each release to see what's changed: * 2.8.6 https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst * 2.7.14 https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst * 2.6.20 https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst * 2.9.0rc4 https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst What's the schedule for future maintenance releases? ---------------------------------------------------- Ansible-2.6 and Ansible-2.7 are only updated as needed for security and critical bugfixes respectively. Ansible-2.8 will have one more scheduled release after Ansible-2.9.0 comes out. Since the Ansible-2.9.0 release date has slipped to the 31st of October, expect the Ansible-2.8.7 release in the beginning of November. Ansible-2.9.0 may have an rc5 next week if any bugs which deserve an rc5 are discovered between now and then. Otherwise, expect to see Ansible-2.9.0 on October 31st! Porting Help ------------ We've published a porting guide at https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.9.html to help migrate your content to 2.9. and https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.8.html to help migrate your content to 2.8. If you discover any errors or if any of your working playbooks break when you upgrade to 2.8.6, please use the following link to report the regression: https://github.com/ansible/ansible/issues/new/choose In your issue, be sure to mention the Ansible version that works and the one that doesn't. Thanks! -Toshio Kuratomi -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/CAPrnkaQet4Z%3D%2BrRSkcW%2Bh8cdc_fuoLuBf4zRe4kTwvNBj_w-7w%40mail.gmail.com.
