Thanks James and Ansible team. I presume that this affects Ansible 2.0 and 1.9, but the CVE text is a little ambiguous: (Affected versions: < 2.1.4, < 2.2.1). Can you or someone from Ansible confirm? If 1.9 is affected, will the fix will be back-ported?
Thank you, Robb On Wednesday, January 11, 2017 at 3:36:22 PM UTC-7, James Cammarata wrote: > > Hi all, > > We've just released the following release candidates to address a few more > corner cases found after the release of the previous RCs for CVE-2016-9587: > > 2.1.4 RC2 > 2.2.1 RC4 > > Thanks again to Computest for double-checking our fixes and pointing out a > couple of places we had missed. > > We are still looking to get the final releases out by the end of the week, > so please be sure to test these RC's for any breaks in your playbooks. > > Thanks! > > James Cammarata > > Ansible Lead/Sr. Principal Software Engineer > Ansible by Red Hat > twitter: @thejimic, github: jimi-c > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9bcb23c0-afb2-4b18-993d-ddb6e64703c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
