Hi all, we’re very happy to announce that RC1 for Ansible 2.1.5 and 2.2.2 are ready for testing!
First and foremost, these release candidates address two security issues:
- [SECURITY] (HIGH) handle some additional corner cases in the way conditionals are parsed and evaluated (both 2.1.5 and 2.2.2)
- [SECURITY] (LOW) properly filter passwords out of URLs when displaying output from some modules (both 2.1.5 and 2.2.2)
The first of these is a continuation of the bug fixes related to CVE-2016-9587.
Other bug fix highlights:
- Use proper PyYAML classes for safe loading YAML files (both 2.1.5 and 2.2.2)
- Fix for bug related to when statements for older jinja2 versions (both 2.1.5 and 2.2.2)
- Fix a bug/traceback when using to_yaml/to_nice_yaml (both 2.1.5 and 2.2.2)
- Properly clean data of jinja2-like syntax, even if that data came from an unsafe source (both 2.1.5 and 2.2.2)
- Fix bug regarding undefined entries in HostVars
- Skip fact gathering if the entire play was included via conditional which evaluates to False
- Fixed a performance regression when using a large number of items in a with loop
- Fixed a bug in the way the end of role was detected, which in some cases could cause a role to be run more than once
- Add jinja2 groupby filter override to cast namedtuple to tuple to handle a non-compatible change in jinja2 2.9.4-2.9.5
- Fixed several bugs related to temp directory creation on remote systems when using shell expansions and become privilege escalation
- Fixed a bug related to spliting/parsing the output of a become privilege escalation when looking for a password prompt
- Several unicode/bytes fixes
How do you get it?