New Ansible releases 2.8.4, 2.7.13, and 2.6.19
19 views
Skip to first unread message
Toshio Kuratomi
Aug 15, 2019, 11:12:36 PM8/15/19
to ansible-devel, ansible...@googlegroups.com, ansible-...@googlegroups.com
Hi all- we're happy to announce that the general releases of Ansible
2.8.4, 2.7.13, and 2.6.19 are now available!
How do you get it?
------------------
$ pip install ansible==2.8.4 --user
or
$ pip install ansible==2.7.13 --user
or
$ pip install ansible==2.6.19 --user
The tar.gz of the releases can be found here:
* 2.8.4
https://releases.ansible.com/ansible/ansible-2.8.4.tar.gz
SHA256: a0153e2de3619b7e307df179cd91a3c3804cf1fe048273fe4ea5238b76679ff1
* 2.7.13
https://releases.ansible.com/ansible/ansible-2.7.13.tar.gz
SHA256: 339c87a1bf9e8555ce1e1c1a9452d8ed1df240944ec1a3fc2e813e6c7d70aeae
* 2.6.19
https://releases.ansible.com/ansible/ansible-2.6.19.tar.gz
SHA256: dbcfc9ddf620d05e1147b4c713738045a67c32be7260b11cbdbd84e92b77ca06
What's new in 2.8.4, 2.7.13, and 2.6.19
---------------------------------------
2.7.13 and 2.6.19 are security releases containing a fix for
CVE-2019-10206. 2.8.4 is a maintenance release containing numerous
bugfixes in addition to a fix for CVE-2019-10206 and CVE-2019-10217
(the latter does not affect 2.7.13 and 2.6.19).
CVEs fixed:
* CVE-2019-10206: Avoid templating passwords from the command prompt
as templating may reveal secret information.
* CVE-2019-10217: Add no_log to credential fields in gcp_* modules so
that these modules do not display credentials on stdout or save them
to log iles.
The full changelogs for these releases are at:
* 2.8.4
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
* 2.7.13
https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst
* 2.6.19
https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
What's the schedule for future maintenance releases?
----------------------------------------------------
Future maintenance releases of 2.8.4 will occur approximately every 3
weeks. So expect
the next one around 2019-09-05.
2.7.x and 2.6.x are released on an as needed basis for critical and
security bugfixes respectively.
Porting Help
------------
We've published a porting guide at
https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.8.html to
help migrate your content to 2.8.
If you discover any errors or if any of your working playbooks break when you
upgrade to 2.8.4, please use the following link to report the regression:
https://github.com/ansible/ansible/issues/new/choose
In your issue, be sure to mention the Ansible version that works and the one
that doesn't.
Thanks!
-Toshio Kuratomi
2.8.4, 2.7.13, and 2.6.19 are now available!
How do you get it?
------------------
$ pip install ansible==2.8.4 --user
or
$ pip install ansible==2.7.13 --user
or
$ pip install ansible==2.6.19 --user
The tar.gz of the releases can be found here:
* 2.8.4
https://releases.ansible.com/ansible/ansible-2.8.4.tar.gz
SHA256: a0153e2de3619b7e307df179cd91a3c3804cf1fe048273fe4ea5238b76679ff1
* 2.7.13
https://releases.ansible.com/ansible/ansible-2.7.13.tar.gz
SHA256: 339c87a1bf9e8555ce1e1c1a9452d8ed1df240944ec1a3fc2e813e6c7d70aeae
* 2.6.19
https://releases.ansible.com/ansible/ansible-2.6.19.tar.gz
SHA256: dbcfc9ddf620d05e1147b4c713738045a67c32be7260b11cbdbd84e92b77ca06
What's new in 2.8.4, 2.7.13, and 2.6.19
---------------------------------------
2.7.13 and 2.6.19 are security releases containing a fix for
CVE-2019-10206. 2.8.4 is a maintenance release containing numerous
bugfixes in addition to a fix for CVE-2019-10206 and CVE-2019-10217
(the latter does not affect 2.7.13 and 2.6.19).
CVEs fixed:
* CVE-2019-10206: Avoid templating passwords from the command prompt
as templating may reveal secret information.
* CVE-2019-10217: Add no_log to credential fields in gcp_* modules so
that these modules do not display credentials on stdout or save them
to log iles.
The full changelogs for these releases are at:
* 2.8.4
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
* 2.7.13
https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst
* 2.6.19
https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
What's the schedule for future maintenance releases?
----------------------------------------------------
Future maintenance releases of 2.8.4 will occur approximately every 3
weeks. So expect
the next one around 2019-09-05.
2.7.x and 2.6.x are released on an as needed basis for critical and
security bugfixes respectively.
Porting Help
------------
We've published a porting guide at
https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.8.html to
help migrate your content to 2.8.
If you discover any errors or if any of your working playbooks break when you
upgrade to 2.8.4, please use the following link to report the regression:
https://github.com/ansible/ansible/issues/new/choose
In your issue, be sure to mention the Ansible version that works and the one
that doesn't.
Thanks!
-Toshio Kuratomi
Reply all
Reply to author
Forward
0 new messages