Skip to content

Commit

Permalink
New release v2.7.16
Browse files Browse the repository at this point in the history
  • Loading branch information
nitzmahone committed Jan 15, 2020
1 parent 7c7d334 commit 8fd406e
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 1 deletion.
10 changes: 10 additions & 0 deletions changelogs/.changes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -672,6 +672,16 @@ releases:
- 63522-remove-args-from-sumologic-and-splunk-callbacks.yml
- v2.7.15_summary.yaml
release_date: '2019-11-13'
2.7.16:
codename: In the Light
fragments:
- ansible-test-coverage-constraint.yml
- ansible-test-ignore-pip-warnings.yml
- ansible-test-setuptools-constraint.yml
- nxos_file_copy_path_issue.yml
- solaris_zone_name_fix.yml
- v2.7.16_summary.yaml
release_date: '2020-01-15'
2.7.2:
codename: In the Light
fragments:
Expand Down
19 changes: 19 additions & 0 deletions changelogs/CHANGELOG-v2.7.rst
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,25 @@ Ansible 2.7 "In the Light" Release Notes
.. contents:: Topics


v2.7.16
=======

Release Summary
---------------

| Release Date: 2020-01-15
| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__

Bugfixes
--------

- **SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. However, there is no user input validation done while performing actions. A malicious user could provide a crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding user input validation as per Solaris Zone documentation fixes this issue.
- CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name and performs actions related to that on the device using the value of remote_file which is of string type However, there is no user input validation done while performing actions. A malicious code could crafts the filename parameter to take advantage by performing an OS command injection. This fix validates the option value if it is legitimate file path or not.
- ansible-test no longer tries to install ``coverage`` 5.0+ since those versions are unsupported
- ansible-test no longer tries to install ``setuptools`` 45+ on Python 2.x since those versions are unsupported
- ansible-test now ignores warnings when comparing pip versions before and after integration tests run

v2.7.15
=======

Expand Down
3 changes: 3 additions & 0 deletions changelogs/fragments/v2.7.16_summary.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
release_summary: |
| Release Date: 2020-01-15
| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
2 changes: 1 addition & 1 deletion lib/ansible/release.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,6 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

__version__ = '2.7.15.post0'
__version__ = '2.7.16'
__author__ = 'Ansible, Inc.'
__codename__ = 'In the Light'

0 comments on commit 8fd406e

Please sign in to comment.