ansible_2_8: 2.8.4 -> 2.8.7
This addresses the following security issues:
* Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when
invalid parameters are passed to the module (CVE-2019-14858)
Changelog: 24220a618a/changelogs/CHANGELOG-v2.8.rst
This commit is contained in:
parent
64e2791092
commit
71cde971c7
@ -18,13 +18,13 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "ansible";
|
||||
version = "2.8.4";
|
||||
version = "2.8.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ansible";
|
||||
repo = "ansible";
|
||||
rev = "v${version}";
|
||||
sha256 = "1fp7zz8awfv70nn8i6x0ggx4472377hm7787x16qv2kz4nb069ki";
|
||||
sha256 = "08vqjk85j0g1x0iad03d7ysws433dikii8j2lr3a1mlx6d186vv8";
|
||||
};
|
||||
|
||||
prePatch = ''
|
||||
|
Loading…
Reference in New Issue
Block a user