Ansible 2.5.11 and 2.6.7 are available

Archives Ansible Project
1

Hi all,

Ansible 2.5.11 and 2.6.7 were released today. These releases only fix reported security vulnerability CVE-2018-16837 (https://nvd.nist.gov/vuln/detail/CVE-2018-16837).

The fix protects the user module from potentially disclosing the passphrase used for ssh-keygen when generating a new user key.

The new releases are available via the usual installation methods on PyPI, https://releases.ansible.com/ansible/, and on GitHub. Detailed installation instructions are available at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html.

Future 2.6 series releases will occur every few weeks. 2.5 will only receive security updates going forward.

Release tarball SHAs from releases.ansible.com:

  • 2.6.7 SHA256: 003ae1df874cd3a2c12454dd8f073cecc03b8a10508d898367a3f134139fea82
  • 2.5.11 SHA256: 44544a9e8b9c9b1ab8168a53a8131aec05636ef8fe2688732a6a0935e87c301f

Happy automating!

Matt Davis (@nitzmahone)
Ansible Core Engineering

2

Apologies for a silly question but I am on Ansible 2.7.0 so why announcement made for 2.5.11 and 2.6.7? I would have expected the announcement of 2.7.1 or 2.8.0 something like that?

Kindly educate me.

Thank you
Ameya Agashe

3

2.7.1 was released Friday(posted on this list) and if you check release notes you'll see the fix is in there.

4

Ameya, Ansible has major releases in the form of 2.x and each of these releases contains new features and fixes. Periodically we also release a minor or bugfix release of these major versions (list 2.5.11 and 2.6.7) that contains bugfixes only. This allows people to take advantages of fixes in the latest development version of Ansible without waiting a few months for the next major release. Currently 2.5.x will only contain security fixes like a CVE fix, while 2.6.x will continue to receive major bug fixes and 2.7.x minor fixes. This shuffles along a version once a new major version of Ansible is released. Have a look at https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html for more info.

Thanks

Jordan