- Merge patches from Debian
- New upstream release 126.96.36.199:
- Security fix for CVE-2016-9587 - An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server as the user and group Ansible is running as.
- Fixes a bug where undefined variables in with_* loops would cause a task failure even if the when condition would cause the task to be skipped.
- Fixed a bug related to roles where in certain situations a role may be run more than once despite not allowing duplicates.
- Fixed some additional bugs related to atomic_move for modules.
- Fixes multiple bugs related to field/attribute inheritance in nested blocks and includes, as well as task iteration logic during failures.
- Fixed pip installing packages into virtualenvs using the system pip instead of the virtualenv pip.
- Fixed dnf on systems with dnf-2.0.x (some changes in the API).
- Fixed traceback with dnf install of groups.
- Fixes a bug in which include_vars was not working with failed_when.
- Fix for include_vars only loading files with .yml, .yaml, and .json extensions. This was only supposed to apply to loading a directory of vars files.
- Fixes several bugs related to properly incrementing the failed count in the host statistics.
- Fixes a bug with listening handlers which did not specify a
- Fixes a bug with the
play_hosts internal variable, so that it properly reflects the current list of hosts.
- Fixes a bug related to the v2_playbook_on_start callback method and legacy (v1) plugins.
- Fixes an openssh related process exit race condition, related to the fact that connections using ControlPersist do not close stderr.
- Improvements and fixes to OpenBSD fact gathering.
make deb to use pbuilder. Use
make local_deb for the previous non-pbuilder build.
- Fixed Windows async to avoid blocking due to handle inheritance.
- Fixed bugs in the mount module on older Linux kernels and *BSDs
- Various minor fixes for Python 3
- Inserted some checks for jinja2-2.9, which can cause some issues with Ansible currently.
- New upstream release 188.8.131.52:
- Somes fixes and changes:
- Security fix for CVE-2016-8628 - Command injection by compromised server via fact variables. In some situations, facts returned by modules could overwrite connection-based facts or some other special variables, leading to injected commands running on the Ansible controller as the user running Ansible (or via escalated permissions).
- Security fix for CVE-2016-8614 - apt_key module not properly validating keys in some situations.
- Added the
listen feature for modules. This feature allows tasks to more easily notify multiple handlers, as well as making it easier for handlers from decoupled roles to be notified.
- Added support for binary modules
- Added the ability to specify serial batches as a list (
serial: [1, 5, 10]), which allows for so-called "canary" actions in one play.
- Fixed 'local type' plugins and actions to have a more predictable relative path. Fixes a regression of 1.9 (PR #16805). Existing users of 2.x will need to adjust related tasks.
meta tasks can now use conditionals.
raw now returns
changed: true to be consistent with shell/command/script modules. Add
changed_when: false to
raw tasks to restore the pre-2.2 behavior if necessary.n
- Added a new
end_play, which can be used to skip to the end of a play.
- roles can now be included in the middle of a task list via the new
include_role module, this also allows for making the role import 'loopable' and/or conditional.
- The service module has been changed to use system specific modules if they exist and fall back to the old service module if they cannot be found or detected.
- Add ability to specify what ssh client binary to use on the controller. This can be configured via ssh_executable in the ansible config file or by setting ansible_ssh_executable as an inventory variable if different ones are needed for different hosts.
- Refactored all network modules to remove duplicate code and take advantage of Ansiballz implementation
- All functionality from *_template network modules have been combined into *_config module
- Network *_command modules not longer allow configuration mode statements
- Some new modules:
- docker (docker_network)
- jenkins (jenkins_job, jenkins_plugin)
- lxd (lxd_profile, lxd_container)
- github (github_key, github_release)
- google (gcdns_record, gcdns_zone, gce_mig)
- vmware (vmware_guest, vmware_local_user_manager, vmware_vmotion)
- Incompatible Changes:
- Use of
recursive=True (the default) is no longer supported. Custom action plugins using
_fixup_perms will require changes unless they already use
_fixup_perms2 if support for previous releases is not required. Otherwise use