- Security fixes to check that hostnames match certificates with
https urls (CVE-2015-3908)
- get_url and uri modules
- url and etcd lookup plugins
- Security fixes to the zone (Solaris containers), jail (bsd
containers), and chroot connection plugins.
For a full list of changes see:
https://github.com/ansible/ansible/blob/v1.9.2-1/CHANGELOG.md
OK aja@
for example php-fpm-5.4* and ensure the correct version is installed.
Previously, one had to specify the exact version, or ansible would fail
since there were alternatives.
https://github.com/ansible/ansible/issues/8990
ok rpe@
Besides performance enhancements and other bug fixes:
- Security fix to disallow specifying 'args:' as a string, which
could allow the insertion of extra module parameters through
variables.
OK aja@ sthen@
- Security fix for vault, to ensure the umask is set to a restrictive
mode before creating/editing vault files.
- Backported apt_repository security fixes relating to filename/mode
upon sources list file creation.
OK sthen@
- Security fix for safe_eval, which further hardens the checking
of the evaluation function.
- Changing order of variable precendence for system facts, to
ensure that inventory variables take precedence over any facts
that may be set on a host.
OK aja@ sthen@
Changes since 1.5:
- Fix validate_certs and run_command errors from previous release
- Fixes to the git module related to host key checking
- Fix module errors in airbrake and apt from previous release
- Force command action to not be executed by the shell unless specifically enabled.
- Validate SSL certs accessed through urllib*.
- Implement new default cipher class AES256 in ansible-vault.
- Misc bug fixes.
OK aja@
- Fixed a bug in the copy module, where a filename containing the
string "raw" was handled incorrectly
- Fixed a bug in accelerate mode, where copying a zero-length file
out would fail
ok aja@, sthen@
CVE-2013-4259: Ansible uses a socket with predictable filename in /tmp
CVE-2013-4260: Predictable filename used for failed results in world
writable directory
- Remove a temporary post-extract hook, that was only there because
of stray files in the 1.2.1 distfile.
ok aja@ sthen@
- Security Fix for CVE-2013-2233:
Does not cache SSH host keys (preventing possibility of server's
host key to be checked against system host keys).
- Move OpenBSD examples in /etc/ansible/hosts to end of the file
ok aja@ sthen@ jasper@
shebang line in module files.
- provide an example in the ansible hosts file how to deal with the
location of python on OpenBSD
help/feedback and ok sthen@
Ansible is a radically simple model-driven configuration management,
deployment, and command execution framework.
with help from and ok
sthen@ ajacoutot@ (looks fine)
