Besides performance enhancements and other bug fixes:
- Security fix to disallow specifying 'args:' as a string, which
could allow the insertion of extra module parameters through
variables.
OK aja@ sthen@
- Security fix for vault, to ensure the umask is set to a restrictive
mode before creating/editing vault files.
- Backported apt_repository security fixes relating to filename/mode
upon sources list file creation.
OK sthen@
- Security fix for safe_eval, which further hardens the checking
of the evaluation function.
- Changing order of variable precendence for system facts, to
ensure that inventory variables take precedence over any facts
that may be set on a host.
OK aja@ sthen@
Changes since 1.5:
- Fix validate_certs and run_command errors from previous release
- Fixes to the git module related to host key checking
- Fix module errors in airbrake and apt from previous release
- Force command action to not be executed by the shell unless specifically enabled.
- Validate SSL certs accessed through urllib*.
- Implement new default cipher class AES256 in ansible-vault.
- Misc bug fixes.
OK aja@
- Fixed a bug in the copy module, where a filename containing the
string "raw" was handled incorrectly
- Fixed a bug in accelerate mode, where copying a zero-length file
out would fail
ok aja@, sthen@
CVE-2013-4259: Ansible uses a socket with predictable filename in /tmp
CVE-2013-4260: Predictable filename used for failed results in world
writable directory
- Remove a temporary post-extract hook, that was only there because
of stray files in the 1.2.1 distfile.
ok aja@ sthen@
- Security Fix for CVE-2013-2233:
Does not cache SSH host keys (preventing possibility of server's
host key to be checked against system host keys).
- Move OpenBSD examples in /etc/ansible/hosts to end of the file
ok aja@ sthen@ jasper@
Ansible is a radically simple model-driven configuration management,
deployment, and command execution framework.
with help from and ok
sthen@ ajacoutot@ (looks fine)
