Hi all, Ansible 2.5.11 and 2.6.7 were released today. These releases only fix reported security vulnerability CVE-2018-16837 (https://nvd.nist.gov/vuln/detail/CVE-2018-16837).
The fix protects the user module from potentially disclosing the passphrase used for ssh-keygen when generating a new user key. The new releases are available via the usual installation methods on PyPI, https://releases.ansible.com/ansible/, and on GitHub. Detailed installation instructions are available at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html. Future 2.6 series releases will occur every few weeks. 2.5 will only receive security updates going forward. Release tarball SHAs from releases.ansible.com: - 2.6.7 SHA256: 003ae1df874cd3a2c12454dd8f073cecc03b8a10508d898367a3f134139fea82 - 2.5.11 SHA256: 44544a9e8b9c9b1ab8168a53a8131aec05636ef8fe2688732a6a0935e87c301f Happy automating! Matt Davis (@nitzmahone) Ansible Core Engineering -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
