Hi all,
Ansible 2.5.14, 2.6.11, and 2.7.5 were released today. These releases
include a fix for a reported security vulnerability, CVE-2018-16876
https://bugzilla.redhat.com/show_bug.cgi?id=1657330 as well as other
general bugfixes.
CVE-2018-16876 prevented Ansible from respecting the no_log task
setting for ssh output when verbosity was high and Ansible had to
retry the ssh connection.
The new releases are available via the usual installation methods on
PyPI, https://releases.ansible.com/ansible/, and on GitHub. Detailed
installation instructions are available at
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html.
The next releases for the 2.6 and 2.7 series are expected in January,
after the winter holiday season is over. 2.5 will only release for
security updates.
Changelog links for each release and tarball SHAs from releases.ansible.com:
- 2.7.5
URL: https://releases.ansible.com/ansible/ansible-2.7.5.tar.gz
Changelog: https://github.com/ansible/ansible/blob/v2.7.5/changelogs/CHANGELOG-v2.7.rst
SHA256: aaf9e1974bd12840ca055ac156f37601c08d73d726a3a6b98a2fe759a57051bb
ansible-2.7.5.tar.gz
- 2.6.11
URL: https://releases.ansible.com/ansible/ansible-2.6.11.tar.gz
Changelog: https://github.com/ansible/ansible/blob/v2.6.11/changelogs/CHANGELOG-v2.6.rst
SHA256: 2cc41e51a70a0e37d7db29e2f16af137bf548c3372fec4f7b48cc0575da55e32
ansible-2.6.11.tar.gz
- 2.5.14
URL: https://releases.ansible.com/ansible/ansible-2.5.14.tar.gz
Changelog: https://github.com/ansible/ansible/blob/v2.5.14/changelogs/CHANGELOG-v2.5.rst
SHA256: 695ac8ebce0be57062924ff90f4b98cd61caa99cd21cdb10a964e3320524a069
ansible-2.5.14.tar.gz
-Toshio Kuratomi (@abadger1999)