Ansible 2.0.2.0 has been released

Hi all, 2.0.2.0 has been released, and is now available.

This release continues to fix bugs introduced in the 2.0 release, as well as one security bug:

  • SECURITY: Fix lxc_container module having predictable temp file names and setting file
    permissions on the temporary file too leniently on a temporary file that was
    executed as a script. Addresses CVE-2016-3096
  • Fixed bugs related to the iteration of tasks when certain combinations of roles,
    blocks, and includes were used, especially when handling errors in rescue/always
    portions of blocks.
  • Fixed some bugs in the URI module related to redirects and SSL handling.
  • Fixed some bugs related to the incorrect creation of extra temp directories for
    uploading files, which were not cleaned up properly.
  • Fixed a bug related to the variable precedence of role parameters, especially when

a role may be used both as a dependency of a role and directly by itself within the
same play.

  • Fixed some bugs in the 2.0 implementation of do/until.
  • Fixed some bugs related to run_once:
  • Ensure that all hosts are marked as failed if a task marked as run_once fails.
  • Show a warning when using the free strategy when a run_once task is encountered, as
    there is no way for the free strategy to guarantee the task is not run more than once.
  • Fixed a bug where the assemble module was not honoring check mode in some situations.

  • Fixed a bug related to delegate_to, where we were incorrectly using variables from
    the inventory host rather than the delegated-to host.

  • The ‘package’ meta-module now properly squashes items down to a single execution (as the
    apt/yum/other package modules do).

  • Fixed a bug related to the ansible-galaxy CLI command dealing with paged results from
    the Galaxy server.

  • Pipelining support is now available for the local and jail connection plugins, which is
    useful for users who do not wish to have temp files/directories created when running
    tasks with these connection types.

  • Improvements in support for additional shell types.

  • Improvements in the code which is used to calculate checksums for remote files.

  • Some speed ups and bug fixes related to the variable merging code.

  • Workaround bug in python subprocess on El Capitan that was making vault fail
    when attempting to encrypt a file

  • Fix a bug in the uri module where setting headers via module params that

start with HEADER_ were causing a traceback.

  • Fix bug in the free strategy that was causing it to synchronize its workers
    after every task (making it a lot more like linear than it should have been).

As always, this update is available via PyPi and releases.ansible.com now, and packages for distros will be available as soon as possible.

Thanks, and enjoy!