Hi all,

Today we are releasing two new release candidates to address CVE-2016-9587,
which we are removing from embargo today:

2.1.4 RC1
2.2.1 RC3

CVE-2016-9587 is rated as HIGH in risk, as a compromised remote system
being managed
via Ansible can lead to commands being run on the Ansible controller (as
the user
running the ansible or ansible-playbook command).

If you have the ability, please test the above release candidates so that
we can get
the final releases out as quickly as possible.

Finally, thanks to the security team at Computest, who did an amazing job
of finding
the flaws and creating an excellent set of tests to reproduce them for us.

Thanks, and let us know if you run into any problems with the above release
candidates!

James Cammarata

Ansible Lead/Sr. Principal Software Engineer
Ansible by Red Hat
twitter: @thejimic, github: jimi-c

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAMFyvFgYBK-Ze4YE5ocxfRVobRCV_WDRmbf8Cj3_dxMMMGJNpA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to