From 4e497440315b64514d5092d25ba6eaab2ed4899b Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Thu, 19 Jan 2017 12:44:06 -0500 Subject: [PATCH] added 2.1 release info --- CHANGELOG.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a17c8bcded..5374f8c9147 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -442,7 +442,30 @@ Notice given that the following will be removed in Ansible 2.4: * nxos_template * ops_template -## 2.1.2 "The Song Remains the Same" - 09-29-2016 +## 2.1.4 "The Song Remains the Same" - 2017-01-16 + +* Security fix for CVE-2016-9587 - An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server as the user and group Ansible is running as. +* Fixed a bug with conditionals in loops, where undefined variables and other errors will defer raising the error until the conditional has been evaluated. +* Added a version check for jinja2-2.9, which does not fully work with Ansible currently. + +## 2.1.3 "The Song Remains the Same" - 2016-11-04 + +* Security fix for CVE-2016-8628 - Command injection by compromised server via fact variables. In some situations, facts returned by modules could overwrite connection-based facts or some other special variables, leading to injected commands running on the Ansible controller as the user running Ansible (or via escalated permissions). +* Security fix for CVE-2016-8614 - apt_key module not properly validating keys in some situations. + +###Minor Changes: +* The subversion module from core now marks its password parameter as no_log so + the password is obscured when logging. +* The postgresql_lang and postgresql_ext modules from extras now mark + login_password as no_log so the password is obscured when logging. +* Fixed several bugs related to locating files relative to role/playbook directories. +* Fixed a bug in the way hosts were tested for failed states, resulting in incorrectly skipped block sessions. +* Fixed a bug in the way our custom JSON encoder is used for the to_json* filters. +* Fixed some bugs related to the use of non-ascii characters in become passwords. +* Fixed a bug with Azure modules which may be using the latest rc6 library. +* Backported some docker_common fixes. + +## 2.1.2 "The Song Remains the Same" - 2016-09-29 ###Minor Changes: * Fixed a bug related to creation of retry files (#17456)