Chapter 10. Patch releases

10.1. Ansible Automation Platform patch release September 23, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
September 23, 2025	Automation controller 4.6.20 Automation hub 4.10.8 Event-Driven Ansible 1.1.13 Container-based installer Ansible Automation Platform (bundle) 2.5-19 Container-based installer Ansible Automation Platform (online) 2.5-19 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-18 RPM-based installer Ansible Automation Platform (online) 2.5-18

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1758147230
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1758147817

10.1.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.20. (AAP-53797)
The ansible.eda collection has been updated to 2.10.0. (AAP-53550)

10.1.2. CVE
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-5302 ansible-automation-platform-25/lightspeed-chatbot-rhel8: Denial of Service (DOS) in JSONReader in run-llama and llama_index. (AAP-52177)
CVE-2025-6984 ansible-automation-platform-25/lightspeed-chatbot-rhel8: Langchain-community insecure XML parsing. (AAP-52808)
CVE-2025-48432 automation-controller: Django Path Injection Vulnerability. (AAP-51443)
CVE-2025-57833 ansible-automation-platform-25/lightspeed-rhel8: Django SQL injection in FilteredRelation column aliases. (AAP-52622)
CVE-2025-57833 automation-controller: Django SQL injection in FilteredRelation column aliases. (AAP-53036)
CVE-2025-57833 python3.11-django: Django SQL injection in FilteredRelation column aliases. (AAP-53034)

10.1.3. Ansible Automation Platform
Link kopieren

10.1.3.1. Enhancements
Link kopieren

X-Forwarded-For and Real-Ip headers are now included in the NGINX logs. (AAP-52562)

10.1.3.2. Bug fixes
Link kopieren

Fixed an issue where if the gRPC server could not connect to the database it would return a 403 HTTP status to envoy. This has been changed to return an error message of 503. (AAP-51931)
Fixed an issue with the help text for the setting ALLOW_OAUTH2_FOR_EXTERNAL_USERS. (AAP-51886)
Fixed an incorrectly formatted error message in the SAML authenticator when passing invalid security settings. The error will now properly show the invalid fields and will also indicate what valid field values are. (AAP-51705)
Fixed an issue where authentication mapping for teams did not work if join_condition: and was used with attributes. (AAP-51639)
Fixed an issue with authenticator maps not properly evaluating the attribute in conditions. (AAP-51638)
Fixed an issue where platform gateway did not generate the necessary metadata for the UI to render Settings > Platform Gateway when the accessing user is an auditor rather than an administrator. (AAP-53279)
Fixed an issue where multi-select dialogs only showed a subset of users, and users were unable to scroll or advance to the next page. (AAP-52209)
Fixed an issue where the SAML based authenticators did not collect the group data even if the field had the attribute specified. (AAP-51503)
The View Logs link now matches the automation controller API being used. (AAP-52674)
PostgreSQL directory creation now works when TLS is disabled. (AAP-52569)
Fixed a path issue for custom_ca_cert when checking PostgreSQL connection and version during preflight. (AAP-53213)
Fixed the restore and implemented migration functionality for the automation controller resource secret key value. (AAP-53535)
Improved platform gateway control plane authorization performance to reduce sporadic request errors. (AAP-53468)
Disabled IPv6 binding on PostgreSQL and Redis services when IPv6 is disabled on the host. (AAP-53546)

10.1.4. Ansible Automation Platform Operator
Link kopieren

10.1.5. Bug fixes
Link kopieren

Fixed an issue where the deployment was failing with "dict object has no attribute version". (AAP-46528)
Fixed an issue where the Redis timeout configuration was overwritten by the Ansible Automation Platform Operator on reconciliation. The timeout for Redis connections has been added to the configuration and hard-coded to 300 seconds. (AAP-53309)
The automation hub web init container now uses resource limits when enabled. (AAP-52934)
Fixed a pulp_ansible compatibility issue that was preventing the hub-api pod from running migrations in the new container when upgrading to the latest 2.5 operator version. (AAP-49016)

10.1.6. Automation controller
Link kopieren

10.1.6.1. Bug Fixes
Link kopieren

Fixed an issue where the galaxy credentials could not be created and edited without the need to specify an organization. (AAP-52197)
Fixed an issue where the job template creation failed using ansible.controller.job_template when multiple inventories shared the same name across different organizations. (AAP-51311)
Fixed an issue that did not allow a user to save Schedule for Workflow job template when Limit has Prompt on Launch was enabled. (AAP-49794)
The export command now works through the automation controller collection or with awxkit when the correct environment variable is provided. (AAP-49452)
Fixed an issue where there were double escaped quotes in api/v2/jobs/{id}/stdout/?format=txt. (AAP-49077)
Fixed an issue where the fact storage was not working when automation controller’s time zone was not UTC. (AAP-45933)
Fixed a bug where exports did not work on deployments using the platform gateway. The export module in the collection now honors the CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX environment variable. (AAP-39265)

10.1.7. Automation hub
Link kopieren

10.1.7.1. Enhancements
Link kopieren

Added the GALAXY_API_SPEC_REQUIRE_AUTHENTICATION setting to automation hub (defaults to false). This setting restricts access to the OpenAPI specification to authenticated users only. This prevents exposing the OpenAPI spec and any unnecessary information. (AAP-53578)

10.1.8. Container-based Ansible Automation Platform
Link kopieren

10.1.8.1. Bug Fixes
Link kopieren

Fixed an issue where the create_initial_data command did not work during backup and restore onto different clusters for Event-Driven Ansible. (AAP-53382)
Fixed an issue where scheduled tasks failed in private automation hub when using quotes in the task name. (AAP-53307)
Uploading Ansible collections to private automation hub is no longer limited by the API pagination. (AAP-53526)

10.1.9. Event-Driven Ansible
Link kopieren

10.1.9.1. Bug Fixes
Link kopieren

Fixed an issue with Event-Driven Ansible restores where database credentials were not updated for the event stream. (AAP-53529)

10.1.10. RPM-based Ansible Automation Platform
Link kopieren

10.1.10.1. Bug Fixes
Link kopieren

Fixed an issue where backup was failing when the deployment had more than one Event-Driven Ansible node without eda_node_type defined. (AAP-52892)
Fixed a typographical error in the automation controller group name that led to restore failures. (AAP-52078) Fixed an issue where platform gateway uwsgi processes were not configurable in the Ansible Automation Platform 2.5 RPM installer. (AAP-50390)
Fixed an issue where redis_mode=standalone and the Redis group were defined at the same time. (AAP-53560)
Fixed an issue where the Redis node list could not be created on Event-Driven Ansible or platform gateway nodes which were not part of the Redis group. (AAP-53528)
Removed the pulpcore-manager sudo requirement. (AAP-52288)

10.2. Ansible Automation Platform patch release August 27, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
August 27, 2025	Automation controller 4.6.19 Automation hub 4.10.7 Event-Driven Ansible 1.1.13 Container-based installer Ansible Automation Platform (bundle) 2.5-18 Container-based installer Ansible Automation Platform (online) 2.5-18 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-17 RPM-based installer Ansible Automation Platform (online) 2.5-17

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1755835086
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1755835623

10.2.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.19.(AAP-51863)
The ansible.eda collection has been updated to 2.9.0.(AAP-51859)

10.2.2. CVE
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-48432 python3.11-django: Django Path Injection Vulnerability.(AAP-50994)
CVE-2025-47273 automation-controller: Path Traversal Vulnerability in setuptools PackageIndex.(AAP-47384)

10.2.3. Ansible Automation Platform
Link kopieren

10.2.3.1. Features
Link kopieren

Added a new field on Azure AD authenticator called Field to use as username which allows you to use an arbitrary field from the assertion as the username in Ansible Automation Platform.(AAP-49481)

10.2.3.2. Enhancements
Link kopieren

Enhanced Support for Streaming Chat Responses in Ansible Automation Platform. New settings added:
- stream_idle_timeout: Controls timeout for idle streaming connections.
- max_stream_duration: Sets maximum duration for streaming connections.
  (AAP-51756)
Allow for HTTP headers to be passed through envoy when https is offloaded by another device in front of envoy. This introduces two new settings:
- SECURE_PROXY_SSL_HEADER indicating which headers should be allowed through. The defaults are HTTP_X_FORWARDED_PROTO, https.
- XDS_XFF_NUM_TRUSTED_HOPS which says how many entries in the headers should be trusted. The default is 0 if there is only one device in front of envoy. Set to 1 if there are more, or increase as needed. These settings can only be changed in the /etc/ansible-automation-platform/gateway/settings.py file.
  (AAP-51347)

10.2.3.3. Bug fixes
Link kopieren

Fixed an issue where the OpenAPI spec did not reflect all query parameters available.(AAP-49824)
Fixed an issue where the LOGIN_REDIRECT_OVERRIDE was not being respected.(AAP-49726)
Fixed an issue where the breadcrumb in a launch template sent users to the wrong URL.(AAP-44194)
Fixed an issue where legacy users were not properly migrated to platform gateway in some scenarios that were previously leaving the users in a partly migrated state.(AAP-43251)
Fixed an issue where the LDAP filter splitter/validator did not handle some valid filters.(AAP-51591)
Fixed an issue that removes the required label from the organization field for galaxy credentials in automation controller credential create and edit forms.(AAP-51587)
Fixed an issue where subscription entitlement window displayed again after Ansible Automation Platform had been entitled when running in a load-balanced environment with multiple controller web pods.(AAP-43883)
Fixed an issue that did not allow all users to see the notifiers tab.(AAP-41342)
Fixed an issue where there was no limit field on the job details page.(AAP-36118)

10.2.4. Ansible Automation Platform Operator
Link kopieren

10.2.5. Bug fixes
Link kopieren

Fixed an issue in the PostgreSQL password encryption when upgrading from PG13 to PG15 on FIPS.(AAP-50443)
Fixed an issue where requests time out at client or proxy, but work continues long past the timeout.(AAP-50311)
Fixed an issue to align NGINX and web server timeouts to avoid issues where requests time out but work continues on already timed out requests.(AAP-50310)
Fixed an issue to align envoy, NGINX, web server, and jwt token timeouts to avoid issues where requests time out but work continues or tokens expire before they are used.(AAP-50309)
Fixed an issue to align web server timeouts to avoid issues where requests time out at client or proxy, but work continues long past the timeout.(AAP-50308)
Fixed backup and restores for deployments with external databases and refactored the tasks for managed database restores to be a separate code path.(AAP-50299)
Fixed an issue where the platform gateway operator client_request_timeout was not the same as haproxy timeout in OpenShift Container Platform.(AAP-51749)

10.2.6. Automation controller
Link kopieren

10.2.6.1. Bug Fixes
Link kopieren

Fixed regression in ansible.controller collection where the argument controller_oauthtoken was wrongfully removed.
- Fixed newly added aap_token to function the same as controller_oauthtoken.
- Fixed the ansible.controller.controller_api lookup plugin.
  (AAP-51289)
Fixed an issue where the Ansible Galaxy credentials could not be created and edited without specifying an organization.(AAP-51614)
Fixed an issue where the subscription is attached before subscription credentials have been set, returned a 400 Bad Request.(AAP-50322)

10.2.7. Container-based Ansible Automation Platform
Link kopieren

10.2.7.1. Enhancements
Link kopieren

Implemented PostgreSQL extra settings parameter on the installer.(AAP-51533)

10.2.7.2. Bug Fixes
Link kopieren

Fixed an issue where the PostgreSQL version failed during preflight with a customer provided CA certificate.(AAP-50884)
Fixed pcp data permissions by migrating the data to a Podman volume instead of a bind mount.(AAP-50807)
Fixed an issue where the backup script incorrectly Included .snapshot directories in the automation hub backup.(AAP-50784)
Fixed a bug where the Redis hostname fails to be set in a disconnected environment.(AAP-51532)
Fixed an issue where there was no exclusion parameter for containerized backup, that allowed users to specify snapshot paths to be excluded from the backup process.(AAP-46767)

10.2.8. Event-Driven Ansible
Link kopieren

10.2.8.1. Bug Fixes
Link kopieren

Fixed an issue where MQ_TLS did not accept a boolean value.(AAP-51012)
Fixed an issue where project import state may become stuck at pending or running.(AAP-51643)
Fixed an issue where %20 is not permitted in project git URL.(AAP-51642)
Fix an issue where a user who belongs to a team with an Event-Driven Ansible organization project admin role could not see the organization.(AAP-50921)

10.2.9. RPM-based Ansible Automation Platform
Link kopieren

10.2.9.1. Enhancements
Link kopieren

Added postgres_extra_settings for postgresql.conf customization for managed database installations.(AAP-51462)

10.2.9.2. Bug Fixes
Link kopieren

Fixed an issue where automation controller nodes set to a deprovision state were not removed from the platform gateway registry.(AAP-51461)
Fixed an issue where the missing RPM dependency for PostgreSQL client which resulted in container images missing psql binary.(AAP-50941)
Fixed an issue where disabling https for platform gateway and/or platform gateway proxy (envoy) caused installation failures.(AAP-48606)

10.3. Ansible Automation Platform patch release July 30, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
July 30, 2025	Automation controller 4.6.18 Automation hub 4.10.6 Event-Driven Ansible 1.1.11 Container-based installer Ansible Automation Platform (bundle) 2.5-17 Container-based installer Ansible Automation Platform (online) 2.5-17 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-16 RPM-based installer Ansible Automation Platform (online) 2.5-16

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1753402603
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1753403065

10.3.1. General
Link kopieren

The redhat.rhel_system_roles collection has been updated to 1.95.7.(AAP-49916)
The ansible.windows collection has been updated to 2.8.0.(AAP-49923)
The ansible.eda collection has been updated to 2.8.2.(AAP-49997)

10.3.2. CVE
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-7738 python3.11-django-ansible-base: Hide plain text OAuth2 secrets on GitHub Enterprise and GitHub Enterprise organization authenticator configuration views in platform-gateway.(AAP-49561)
CVE-2025-2099 ansible-automation-platform-25/lightspeed-chatbot-rhel8: Regular Expression Denial of Service (ReDoS) in uggingface/transformers.(AAP-48621)
CVE-2025-5988 automation-gateway: CSRF origin checking is enabled.(AAP-50374)

10.3.3. Ansible Automation Platform
Link kopieren

10.3.3.1. Features
Link kopieren

PosixUIDGroupType can be selected for LDAP Group Type.(AAP-49347)

10.3.3.2. Enhancements
Link kopieren

Optimized the handling of web socket messages from the Workflow Visualizer.(AAP-46800)

10.3.3.3. Bug fixes
Link kopieren

Fixed the fields content_type for role user assignments to indicate that null values are valid responses from the API.(AAP-49494)
Fixed the fields team_ansible_id for role team assignments to indicate that null values can be POSTed to the API.(AAP-49812)
Fixed an issue where auto-complete was not disabled on all forms for sensitive information such as usernames, passwords, secret keys, etc.(AAP-49079)
Fixed an issue related to workflow job template limits overriding workflow job template node limits upon save.(AAP-48946)
Fixed the Min and Max Limit values displayed on the Edit Survey form.(AAP-39933)
Fixed an issue where the case insensitivity for authentication map user attribute names and values and for group names was not available. Feature flag FEATURE_CASE_INSENSITIVE_AUTH_MAPS must be set to true to enable case insensitive comparisons.(AAP-49327)
Fixed an issue that adds an OIDC Callback URL field that, after creation of authenticator, displays the URL to use in setting up the IdP. The URL field is displayed on the creation page and this field is to be left blank.(AAP-49874)

10.3.4. Automation controller
Link kopieren

10.3.4.1. Enhancements
Link kopieren

Update the injectors for the Ansible Automation Platform credential type to work across collection.(AAP-47877)

10.3.4.2. Bug Fixes
Link kopieren

Removed API version from hard-coded URL in inventory plugin.(AAP-48443)
Fixed a 404 error for workflow nodes.(AAP-47362)
Fixed an issue where the automation controller pod was not working after an upgrade to aap-operator.v2.5.0-0.1750901870.(AAP-48771)

10.3.5. Container-based Ansible Automation Platform
Link kopieren

10.3.5.1. Enhancements
Link kopieren

Added an exclusion parameter for Container-based Ansible Automation Platform Backup, allowing users to specify snapshot paths to be excluded from the backup process.(AAP-50114)

10.3.5.2. Bug Fixes
Link kopieren

Fixed the issue where execution instances removed from the inventory would still be visible on the Topology View.(AAP-48615)
Fixed a bug when restoring automation hub to a new cluster when using NFS for the hub data filesystem.(AAP-48568)
Fixed permission issues when restoring automation hub when using NFS storage.(AAP-50118)

10.3.6. RPM-based Ansible Automation Platform
Link kopieren

10.3.6.1. Bug Fixes
Link kopieren

Event-Driven Ansible node type is now properly checked during restore.(AAP-49004)
Fixed an issue where gRPC server port was not configured properly when non-default value was used.(AAP-48543)
Fixed an issue where the firewall role logic improperly restricted Event-Driven Ansible event stream ports. Firewall ports are now restricted to event hosts, enhancing network security for Event-Driven Ansible users.(AAP-49792)
Fixed an issue where the gunicorn timeout to Event-Driven Ansible API service unit was not passed.(AAP-49858)
Fixed an issue where envoy, nginx, web server, and jwt token timeouts were not aligned, and caused issues where requests time out but work continues, or tokens expire before they are used.(AAP-49153)

10.4. Ansible Automation Platform patch release July 2, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
July 2, 2025	Automation controller 4.6.16 Automation hub 4.10.5 Event-Driven Ansible 1.1.11 Container-based installer Ansible Automation Platform (bundle) 2.5-16 Container-based installer Ansible Automation Platform (online) 2.5-16 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-15 RPM-based installer Ansible Automation Platform (online) 2.5-15

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1750901111
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1750901870

10.4.1. General
Link kopieren

Allows running ansible.platform collection modules in check_mode.(AAP-45246)
The ansible.eda collection has been updated to 2.8.1.(AAP-48324)
The ansible.platform collection has been updated to 2.5.20250702.(AAP-48344)
The ansible.controller collection has been updated to 4.6.16.(AAP-48347)

10.4.2. CVE
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-22871 receptor: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45132)
CVE-2025-22871 automation-gateway-proxy-openssl32: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45130)
CVE-2025-22871 automation-gateway-proxy-openssl30: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45129)
CVE-2025-22871 automation-gateway-proxy: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45128)

10.4.3. Ansible Automation Platform
Link kopieren

10.4.3.1. Enhancements
Link kopieren

Refactored V1RootView.get() and improve reverse lookup logic.(AAP-47366)
Refactored process_statuses() method to reduce its cognitive complexity.(AAP-47341)
All UI elements related to policy enforcement are visible to all users. See the policy enforcement documentation for more information. (AAP-47006)
On the inventory source form, for a source type of VMware ESXi the user will be able to select credentials of type VMware vCenter.(AAP-46784)
Reduced the cognitive complexity of method migrate_resource() in migrate_service_data.py from 56 to < =15.(AAP-45822)
Reduce the cognitive complexity of the process_fields() method in serializers/preference.py file.(AAP-45820)
Reduced the cognitive complexity of unique_fields_for_model() method to below 15.(AAP-45819)

10.4.3.2. Bug fixes
Link kopieren

Fixed an issue that did not allow role assignments using object_ansible_id in the role_user_assignment module.(AAP-48042)
Fixed an issue that did not allow the object_id field in the role_user_assignment module to accept a list of items.(AAP-47979)
Fixed an example task in the ansible.platform.token module.(AAP-47976)
Fixed an issue to aap_* parameters in ansible.platform.token module that resulted in user reminders not being sent out.(AAP-47975)
Fixed an API error messaging in the event a user logs in as the admin user via legacy auth on one component, then tries to do so via the other component.(AAP-47541)
Fixed an issue where API records could be missing or duplicated across pages.(AAP-47504)
Fixed a bug that was causing the UI to throw an error when launching a workflow job template with both Prompt on Launch and Survey enabled.(AAP-46813)
Fixed an issue where the platform gateway OpenAPI schema file was not being generated correctly.(AAP-46639)
Fixed an issue where modules in the ansible.platform collection did not accept AAP_* variable for authentication.(AAP-45363)
Fixed an issue where there was a missing option in the ansible.platform.user module to allow setting the is_platform_auditor flag on a user.(AAP-45244)
Fixed an issue where an extra validation to handle incorrect user input in the variables field was needed, as the API did not return an error for it.(AAP-42563)
Fixed an issue with the Hosts links in the Resource Counts section of the overview page to redirect to the Hosts page, filtered by either Show only ready hosts or Show only failed hosts depending on which count was clicked on.(AAP-42288)
Fixed an issue where API records could be missing or duplicated across pages.(AAP-41842)

10.4.4. Red Hat Ansible Lightspeed
Link kopieren

10.4.4.1. Enhancements
Link kopieren

Ansible Lightspeed intelligent assistant now supports third-party LLM providers such as Microsoft Azure OpenAI, OpenAI, and IBM watsonx.ai. For more information, see Deploying the Ansible Lightspeed intelligent assistant on OpenShift Container Platform.(AAP-44011)

10.4.5. Ansible Automation Platform Operator
Link kopieren

10.4.5.1. Enhancements
Link kopieren

Annotation can now be added to the route by specifying spec.route_annotations on the Ansible Automation Platform and automation controller custom resources.(AAP-45952)
New installations of Red Hat Ansible Lightspeed using the Ansible Automation Platform Custom Resource will automatically integrate with Ansible Automation Platform’s OAuth mechanism. The auth_config_secret_name setting is optional.(AAP-45686)

10.4.5.2. Bug fixes
Link kopieren

Fixed an issue where the jquery version included in the redirect page did not match the version from the rest framework directory.(AAP-47160)
Fixed an issue where the ingress class name could not be configured on the automation hub CR.(AAP-47054)
Fixed an issue where there was a missing resources limit on automation hub API init containers.(AAP-47053)
Fixed an issue where the resources limit on worker pods could not be configured.(AAP-47045)
Fixed an issue where there was no readinessProbe configuration in the PostgreSQL statefulset definition.(AAP-47043)

10.4.6. Automation controller
Link kopieren

10.4.6.1. Features
Link kopieren

Added AWX dispatcherd integration.(AAP-45800)

10.4.6.2. Bug Fixes
Link kopieren

Fixed a race condition where job templates with duplicate names in the same organization could be created.(AAP-45968)
Fixed an issue where ole_user_assignments failed to query for object_ansible_id. Enabled query filtering for fields user_ansible_id, team_ansible_id, and object_ansible_id on the role assignment API endpoints.(AAP-45443)
Fixed an issue where some credential types were not populated after upgrading. This adds a new migration to accomplish this.(AAP-44233)
Fixed an issue where there were large numbers of jobs queued that were stuck in waiting status.(AAP-44143)

10.4.7. Automation hub
Link kopieren

10.4.7.1. Enhancements
Link kopieren

Any user can search and filter using AI keywords to find AI related collections in automation hub.(AAP-43138)

10.4.7.2. Bug Fixes
Link kopieren

Fixed an issue where there was an error when installing collections that exist in both rh-certified and community.(AAP-24271)

10.4.8. Container-based Ansible Automation Platform
Link kopieren

10.4.8.1. Enhancements
Link kopieren

Validate that nodes are configured with at least 16G of RAM.(AAP-47542)
Containerized Ansible Automation Platform now supports RHEL 10.(AAP-47083)

10.4.8.2. Bug Fixes
Link kopieren

Fixed an issue where the TLS Certificate Authority (CA) certificate for Receptor mesh configuration when providing TLS certificates were not signed by the internal CA.(AAP-48065)
Fixed a missing user parameter for the sos report command on the log_gathering playbook.(AAP-47718)
Fixed an issue where the jquery version included in the redirect page did not match the version from the rest framework directory.(AAP-47074)

10.4.9. Event-Driven Ansible
Link kopieren

10.4.9.1. Features
Link kopieren

API REST supports the editing of the URL of the project.(AAP-47459)
Prior to this release, we suggested utilizing ansible.builtin.set_fact within playbooks. We now advise using ansible.builtin.set_stats as it enables seamless integration with job templates. We encourage migrating from ansible.builtin.set_fact to ansible.builtin.set_stats for optimal results, although ansible.builtin.set_fact will continue to be supported.(AAP-46841)

10.4.9.2. Enhancements
Link kopieren

Previously, when a project url/branch/scm_refspec was edited, users had to manually trigger a project resync through either the UI or API. Now, Event-Driven Ansible automatically does a resync in case one of url/branch/scm_refspec is modified.(AAP-46254)
Relevant settings and versions are emitted in logs when the worker starts.(AAP-40984)

10.4.9.3. Bug Fixes
Link kopieren

Fixed an issue when using gather_facts in a rulebook a user had to provide an inventory. This is only available when running ansible-rulebook as a CLI. When the rulebook with gather_facts is run as part of Activation the gather_facts is ignored, since Activations does not include inventory.(AAP-47846)
Fixed an issue where DE images that use an SHA digest in the URI would fail to pull. This is now addressed, enabling user reminders to be sent actively.(AAP-47725)
Fixed an issue introduced in #1296 where we were running under the advisory lock and not the actual import/sync task, but the proxy that schedules the job for rq and dispatcherd.(AAP-47554)
Fixed an issue where there were no validations to URL, branch/tag/commit, and refspec fields when creating or updating a project.(AAP-47227)
Fixed an issue on k8s-based deployments where activations would hang while being deleted or disabled.(AAP-46559)
Fixed an issue where the activation could get stuck in the disabling or deleting state under OpenShift Container Platform.(AAP-45298)

10.4.10. Receptor
Link kopieren

10.4.10.1. Bug Fixes
Link kopieren

Fixed an issue where jobs were in a failed status with message Receptor detail: Finished. EOF is now handled correctly when the pod is ready.(AAP-46484)

10.4.11. RPM-based Ansible Automation Platform
Link kopieren

10.4.11.1. Bug Fixes
Link kopieren

Fixed an issue where redis-platform would not restart on restore.(AAP-47689)
Fixed an issue where old service nodes were not removed from platform gateway when the installer ran with a new host or new host names.(AAP-47651)
Fixed an issue where restore was failing when a non-default port was used for Ansible Automation Platform managed database.(AAP-47639)
Fixed an issue where some pages didn’t render properly when non-default umask was being used.(AAP-47377)
Fixed an issue where the Event-Driven Ansible script was not starting nginx on restart.(AAP-46511)
Fixed an issue where the credentials associated to decision environments would not be updated with the site information defined in the source inventory during restore.(AAP-46271)
Fixed an issue where the receptor certificate tasks would require switching to a receptor user.(AAP-46189)
Fixed an issue where the firewall was not opening event stream ports.(AAP-45684)

10.5. Ansible Automation Platform patch release June 11, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
June 11, 2025	Automation controller 4.6.15 Automation hub 4.10.4 Event-Driven Ansible 1.1.9 Container-based installer Ansible Automation Platform (bundle) 2.5-15.1 Container-based installer Ansible Automation Platform (online) 2.5-15 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-14.1 RPM-based installer Ansible Automation Platform (online) 2.5-14

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1749604727
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1749607543

10.5.1. Automation controller
Link kopieren

10.5.1.1. Bug Fixes
Link kopieren

Fixed an issue where using or creating Azure keyvault credentials was failing with TypeError.(AAP-47413)

10.6. Ansible Automation Platform patch release June 9, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
June 9, 2025	Automation controller 4.6.14 Automation hub 4.10.4 Event-Driven Ansible 1.1.9 Container-based installer Ansible Automation Platform (bundle) 2.5-15 Container-based installer Ansible Automation Platform (online) 2.5-15 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-14 RPM-based installer Ansible Automation Platform (online) 2.5-14

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1749074128
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1749074612

10.6.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.14 (AAP-46562)
The ansible.platform collection has been updated to 2.5.20250604 (AAP-46552)

10.6.2. Ansible Automation Platform
Link kopieren

10.6.2.1. Features
Link kopieren

Adds ansible_base.lib.utils.address.classify_address providing common recognition and parsing of machine addressing hostname, IPv4 and IPv6 with and without an appended :<port>.(AAP-45910)

10.6.2.2. Enhancements
Link kopieren

LDAP filter validation improved such that all filters that meet LDAP standards including and/or should be properly validated.(AAP-46249)
Completely updated interface for managing authentication methods and mappings.(AAP-45750)
Default validity period for Oauth tokens reduced from 1000 years to 1 year. Existing tokens will NOT be updated. If you wish to reduce the validity period of existing tokens, please remove and re-issue them. The default validity period for Oauth tokens can be modified via the django setting ACCESS_TOKEN_EXPIRE_SECONDS in OAUTH2_PROVIDER.(AAP-46187)

10.6.2.3. Bug fixes
Link kopieren

Fixed an issue where there was a degraded logging performance notice removed on the job output page. Polling fallback functionality still exists.(AAP-46120)
Fixed an issue where the gateway proxy was not properly ejecting nodes failing health checks.(AAP-43931)
Fixed an issue where installations with Red Hat Ansible Lightspeed enabled were not handled properly during upgrade.(AAP-46154)

10.6.3. Automation controller
Link kopieren

10.6.3.1. Enhancements
Link kopieren

Updated license mechanism to allow users to provide username and password when fetching subscriptions via the API and Ansible Automation Platform user interface.(AAP-46797)

10.6.3.2. Bug Fixes
Link kopieren

Fixed an issue where the idle dispatch workers were not recycled based upon age, or after completing the last task. Default maximum age is 4 hours, controlled by WORKER_MAX_LIFETIME_SECONDS setting. Set to None to disable worker recycling.(AAP-45947)
Fixed an analytics collector failure to clean up temporary files after failed upload to Hybrid Cloud console.(AAP-45574)
Fixed an issue where inventory variables pulled in by update from a source with the option Overwrite Variables checked, were not deleted on subsequent updates from the same source when the source no longer contained the variable.(AAP-45571)

10.6.4. Container-based Ansible Automation Platform
Link kopieren

10.6.4.1. Enhancements
Link kopieren

Allow users to skip automation controller demo data creation.(AAP-46482)
Validating the Automation hub NFS share path format during the preflight role execution.(AAP-46306)

10.6.4.2. Bug Fixes
Link kopieren

Fixed an issue where the custom Certificate Authority (CA) TLS certificate was not passed to the external database validation during the preflight role execution.(AAP-46480)
Fixed a log redirection error for the Ansible automation hub, Event-Driven Ansible, and Unified UI containers.(AAP-46478)
Fixed an issue where ~/.local/bin path was not added to the user $PATH environment variable during PostgreSQL database dump and restore.(AAP-46209)
Fixed the order of operations for handling service nodes to ensure only valid nodes are configured.(AAP-45551)

10.6.5. Event-Driven Ansible
Link kopieren

10.6.5.1. Enhancements
Link kopieren

Rename env EDA_OIDC_TOKEN_URL to DA_AUTOMATION_ANALYTICS_OIDC_TOKEN_URL.(AAP-44862)

10.6.5.2. Bug Fixes
Link kopieren

Fixed an issue where the activation containers were not removed after a node goes offline.(AAP-45831)
Fixed an issue where the error reminding user to remap source with event stream should be under key source_mapping in the API return.(AAP-45105)
Fixed an issue where special characters such as [] were not allowed in the activation name on OCP deployment.(AAP-44691)

10.6.6. RPM-based Ansible Automation Platform
Link kopieren

10.6.6.1. Enhancements
Link kopieren

Setup will now retry automation gateway data migration attempts in case services take longer than expected to start.(AAP-46208)

10.6.6.2. Bug Fixes
Link kopieren

Fixed an issue Event stream worker would not restart like other workers when running setup.sh.(AAP-46205)
Fixed an issue where setup would not restart the podman socket whenever podman was reset.(AAP-46191)

10.7. Ansible Automation Platform patch release May 28, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
May 28, 2025	Automation controller 4.6.13 Automation hub 4.10.4 Event-Driven Ansible 1.1.8 Container-based installer Ansible Automation Platform (bundle) 2.5-14 Container-based installer Ansible Automation Platform (online) 2.5-14 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-13 RPM-based installer Ansible Automation Platform (online) 2.5-13

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1747343762
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1747345055

10.7.1. General
Link kopieren

The ansible.platform collection has been updated to 2.5.20250528.(AAP-45823)
The ansible.controller collection has been updated to 4.6.13.(AAP-45885)

10.7.2. Features
Link kopieren

10.7.2.1. Ansible Automation Platform
Link kopieren

Ansible Automation Platform now supports service account-based authentication for integration with services available through the Hybrid Cloud Console, including automation analytics, Insights for Ansible Automation Platform, and subscription management. See this Knowledgebase article for more information on the required changes.
Replaced basic authenticate with service account authentication for Ansible Automation Platform subscription management.(AAP-44643)
Updated the subscription wizard to accommodate fetching subscription information using service account credentials.(AAP-37077)
Adds ansible_base.lib.utils.address.classify_address providing common recognition and parsing of machine addressing (hostname, IPv4 and IPv6) with and without an appended :<port>.(AAP-45287)

10.7.3. Enhancements
Link kopieren

10.7.3.1. Ansible Automation Platform
Link kopieren

Reduced the cognitive complexity level of validate_password() method and reorganized the validate_authenticate_uid() method to increase code readability.(AAP-45346)
For clarity and to prevent misconfiguration, the SAML authenticator now requires both a permanent user ID and a username.(AAP-45333)
Updated field names and help text in the System Settings UI to indicate client ID and client secret for service accounts, as well as client ID and client secret for analytics.(AAP-43119)
Validation/enforcement of expected service types removed because service types are now dynamic.(AAP-40130)
Enables configuration of control plane authentication for custom services. You should not modify it for pre-defined services.(AAP-40131)
Custom service type support added. Arbitrary service types and services can be created rather than a fixed list.(AAP-39812)

10.7.3.2. Red Hat Ansible Lightspeed
Link kopieren

It is now possible to disable SSL verification for Red Hat Ansible Lightspeed <→ Model Server communication.(AAP-45337)

10.7.3.3. Automation controller
Link kopieren

Updated Azure Key Vault plugin to use managed identity when creating credentials.(AAP-43461)

10.7.4. Bug fixes
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-43859 ee-supported-container: h11 accepts some malformed Chunked-Encoding bodies.(AAP-44783)
CVE-2025-43859 ee-cloud-services-container: h11 accepts some malformed Chunked-Encoding bodies.(AAP-44781)
CVE-2025-43859 ansible-lightspeed-container: h11 accepts some malformed Chunked-Encoding bodies.(AAP-44779)

10.7.4.1. Ansible Automation Platform
Link kopieren

Fixed an issue found in SaaS deployments where the authentication proxy would use old, invalid database connections after an RDS database reboot.(AAP-44178)
Fixed an issue where administrators were not allowed to configure auto migration of legacy authenticators.(AAP-36841)
Fixed an issue where the usernames from LDAP were not case-insensitive. LDAP is case-insensitive so logging in as <Bob> and <bob> would result in two different users in platform gateway even though they are the same user in LDAP. With this change, both users will be authenticated as the lowercase username.(AAP-44177)

10.7.4.2. Ansible Automation Platform Operator
Link kopieren

Fixed a broken document link to Ansible Automation Platform Operator installation documents in the OpenShift Container Platform UI.(AAP-45199)
Fixed an issue where the user was unable configure kind: AnsibleInstanceGroup, and it failed with an error policy_spec_override is undefined.(AAP-45351)

10.7.4.3. Red Hat Ansible Lightspeed
Link kopieren

Fixed an issue where it was not possible to disable SSL verification between Model Server and Red Hat Ansible Lightspeed.(AAP-45269)
Fixed an issue where the provider type and context window size were not configurable in Red Hat Ansible Lightspeed Operator.(AAP-45166)

10.7.4.4. Automation controller
Link kopieren

Fixed an issue where the VMware credential was not applying to the source correctly.(AAP-45169)
Fixed an issue where the workflow job template did not have job access parity with UnifiedJobAccess.(AAP-45057)
Fixed an issue where error handling did not allow event processing to continue even if one event contained invalid data that cannot be parsed by jq.(AAP-44876)

10.7.4.5. Platform gateway
Link kopieren

Fixed AttributeError errors around the legacy_base authenticator which were harmless, but were showing in logs leading to customer and engineer confusion.(AAP-40159)
Fixed an issue where customized proxy authentication on a per service cluster basis was not allowed.(AAP-35601)
Fixed and issue where there was a server error on migrating an LDAP user in a freshly upgraded 2.4 2.5 instance. The fix prevents the 500 error during LDAP user legacy authentication and migration following an upgrade.(AAP-44958)

10.7.4.6. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue the max keyrings sysctl would produce common failures when running more than 200 containers on a node.(AAP-45260)
Fixed an issue where automation platform gateway proxy (envoy) ports were not included in the firewall.(AAP-45489)

10.7.5. Known Issues
Link kopieren

Red Hat Ansible Lightspeed enabled deployments must apply a workaround to avoid problems during upgrade from release 2.5.20250507. The service cluster and related objects must be removed before upgrade and re-created after upgrade. For more information please see this KCS article.(AAP-46154)

10.8. Ansible Automation Platform patch release May 7, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
May 7, 2025	Automation controller 4.6.12 Automation hub 4.10.4 Event-Driven Ansible 1.1.8 Container-based installer Ansible Automation Platform (bundle) 2.5-13 Container-based installer Ansible Automation Platform (online) 2.5-13 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-12 RPM-based installer Ansible Automation Platform (online) 2.5-12

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1746137767
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1746138413

10.8.1. General
Link kopieren

Implemented GitHub application credential type.(AAP-38589)
The ansible.platform collection has been updated to 2.5.20250507.(AAP-44992)
The ansible.controller collection has been updated to 4.6.12.
The ansible.eda collection has been updated to 2.7.0.

10.8.2. Technology Preview
Link kopieren

10.8.2.1. Policy as Code
Link kopieren

Policy enforcement is available in tech preview, behind a feature flag. See the product documentation and the Knowledgebase article How to set feature flags for Red Hat Ansible Automation Platform for information on working with feature flags.

10.8.3. Features
Link kopieren

10.8.3.1. Ansible Automation Platform
Link kopieren

Added an enhanced log viewer for rulebook activation instances similar to the job output logger.(AAP-43337)

10.8.3.2. Container-based Ansible Automation Platform
Link kopieren

Implemented a playbook to collect sos reports using the inventory file.(AAP-42606)

10.8.3.3. Event-Driven Ansible
Link kopieren

Event-Driven Ansible now submits analytics data.(AAP-40881)
Enabled Event-Driven Ansible analytics data to be uploaded to the cloud. This feature is guarded by a feature flag.(AAP-42468)
Added a log tracking id to each log message labelled as [tid: uuid-pattern].(AAP-42270)
Improved the user experience of managing rulebook activations in Event-Driven Ansible by introducing an edit capability.(AAP-33067)
The following datapoints Event-Driven Ansible now collects for analytics for MVP:
- Eventsources used in Event-Driven Ansible.
- Eventstreams used in Event-Driven Ansible.
- Version of Event-Driven Ansible installed.
- Installation type (container/OCP/VM).
- Platform organizations in Event-Driven Ansible.
- Which automation controller job template was launched from a rulebook activation.(AAP-31458)
Event-Driven Ansible gather_analytics command now runs on schedule as an internal task.(AAP-30063)
Event-Driven Ansible now writes analytics data collector that sends payloads to console.redhat.com.(AAP-30055)
Add x-request-id to each log message labelled as [rid:uuid-pattern].(AAP-42269)

10.8.4. Enhancements
Link kopieren

10.8.4.1. Ansible Automation Platform
Link kopieren

Updated platform gateway to adopt selected standard component for settings mechanism.(AAP-34939)
Refactored the authenticate() method inside the AuthenticatorPlugin class in legacy_password.py and legacy_sso.py to their common parent LegacyMixin. Added comments to classes and their methods for code clarity.(AAP-44460)

10.8.4.2. Ansible Automation Platform Operator
Link kopieren

Fixed an issue where the Lightspeed Operator would not use the ANSIBLE_AI_MODEL_MESH_CONFIG.(AAP-41335)
Extended CCSP and renewal guidance reports to include inventory scope and node/host details.(AAP-38802)

10.8.4.3. Automation controller
Link kopieren

Updated the pinned version of receptorctl in automation controller to 1.5.5.(AAP-44823)
Updated the pinned version for ansible-runner in automation controller.(AAP-43357)

10.8.4.4. Container-based Ansible Automation Platform
Link kopieren

Added new variable use_archive_compression with default value: true. Added new variable component Name_use_archive_compression for each component with the default value: true.(AAP-41242)

10.8.4.5. Event-Driven Ansible
Link kopieren

Event-Driven Ansible collection standardization enhancements.(AAP-41402)
Relevant settings and versions are emitted in logs when the ansible-rulebook starts in worker mode.(AAP-40781)
Added log entries with settings and version at startup.(AAP-40781)
Enhanced the Ansible Automation Platform injectors for eda-server to include common platform variables as extra_vars or environment variables if they are specified.(AAP-43029)
Event-Driven Ansible decision environment validation errors now display under the decision environment text box in the decision environment UI page.(AAP-42147)
Added a automation controller URL check for the CLI.(AAP-41575)
If a source plugin terminates you are now able to see the stack trace with the source file name, the function name, and line number.(AAP-41774)

10.8.4.6. RPM-based Ansible Automation Platform
Link kopieren

Added compression for archive and database artifacts used in backup/restore
- Updated database filename used for automation controller pg_dump from tower to automation controller while maintaining backward compatibility for backups using tower.db filename.(AAP-42055)

10.8.5. Bug fixes
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-26699 automation-controller: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-41139)

10.8.5.1. Ansible Automation Platform
Link kopieren

Fixed an issue where In AAP 2.5, the user needed to press Ctrl+Enter to start a new line.(AAP-43499)
Fixed an issue where the change anchor tag on API html view violated semantic rules. (AAP-43802)
LDAP Authenticator field USER_SEARCH field now properly supports LDAP Unions. Previously you could only define one search term in the field like:

[
  "ou=users,dc=example,dc=com",
  "SCOPE_SUBTREE",
  "uid=%(user)s"
]

[
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ],
   [
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ]
]

[
  "ou=users,dc=example,dc=com",
  "SCOPE_SUBTREE",
  "uid=%(user)s"
]

[
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ],
   [
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ]
]

Copy to Clipboard

Toggle word wrap

USER_DN_TEMPLATE will still take precedence over the USER_SEARCH field. If non-unique users are found when performing multiple searches, those users will be unable to login to Ansible Automation Platform.(AAP-42883)
Fixed an issue where there was a file not found error with Dynaconf.(AP-43144)
Fixed an issue where dynaconf mishandled the openapi schema.(AAP-43143)
Fixed an issue when editing an authenticator with a large number of Organization/Team mappings in platform-gateway would affect the loading time of the web page, potentially making the page unresponsive.(AAP-40963)
Fixed an issue where unreachable hosts were not being filtered out of CCSP reports usage.(AAP-38735)
Fixed an issue where the X-DAB-JW-TOKEN header message would flood logs.(AAP-38169)
Fixed an issue where after upgrading to Ansible Automation Platform 2.5 managed on Azure, the ability to see job output while the job was running was lost. (AAP-43894)
Fixed an issue where customers were not allowed to view output details for filtered job outputs.(AAP-38925)
Fixed an issue where unreachable hosts from CCSP usage reports were not excluded.(AAP-38735)
Fixed an issue where indirect hosts were being counted in the first tab as quantity.(AAP-44676)
Fixed an issue where the platform-gateway could not be installed with a different name for the admin user.(AAP-44180)
Fixed an issue where an Ansible Automation Platform UI session was being logged out even if the user is actively working.(AAP-43622)
Fixed an issue where exceptions handled on SSO login were not allowing for error messages to be properly captured.(AAP-43369)
Fixed an issue where the job output was slow and making it hard to read due to missing parts of the output.(AAP-41434)
Fixed an issue where the user was unable to edit an existing rulebook activation.(AAP-37299)

10.8.5.2. Ansible Automation Platform Operator
Link kopieren

Fixed an issue where the pod affinity/anti-affinity was not configurable for the aap-gateway-operator to allow for pod placement on unique nodes.(AAP-42983)
Fixed an issue where Red Hat Ansible Lightspeed was incorrectly passing DAB settings.(AAP-43542)
Fixed an issue where the Lightspeed Operator WCA configuration was not optional.(AAP-42370)
Fixed an issue where status.conditions validation would not allow auto-reporting errors on CR statuses.(AAP-44081)
Fixed an issue where the Ansible Automation Platform gateway had the incorrect Lightspeed deployment name.(AAP-43837)
Fixed an issue where Lightspeed devel CRD was incompatible with 2.5 CRD.(AAP-43657)
Fixed an issue where status.conditions validation was not allowing auto-reporting errors on the CR statuses.(AAP-44083)
If the user is migrating between OpenShift Container Platform Operator on AAP 2.5 fails because of a postgres permission issue. The automation controller operator now grants permission to the automation controller user to avoid permissions errors when migrating the data.(AAP-44846)
Fixed an issue where there was an Intermittent 502 Bad Gateway error on Ansible Automation Platform 2.5 operator deployment.(AAP-44176)

10.8.5.3. Automation controller
Link kopieren

Fixed usage of Django password validator UserAttributeSimilarityValidator.(AAP-43046)
Fixed an issue where there was no lookup credential without user Inputs, and where the credential defaults were not passing between awx-plugins and AWX.(AAP-38589)
Fixed an issue where there was an incorrect deprecation warning for awx.awx.schedule_rrule.(AAP-43474)
Fixed an issue where facts were unintentionally deleted when an inventory is modified during a job execution.(AAP-39365)

10.8.5.4. Container based Ansible Automation Platform
Link kopieren

Fixed an issue where the paths to expose isolated jobs' settings did not work.(AAP-37599)

The ansible.gateway_configuration collection was replaced by ansible.platform.(AAP-44230)

Fixed an issue where the automation hub would fail to upload collections due to a missing worker temporary directory.(AAP-44166)

10.8.5.5. Event-Driven Ansible
Link kopieren

Fixed an issue where the log messages were not using the correct log level.(AAP-43607)
Fixed an issue where the ansible-rulebook logs were not logged into the activation-worker log.(AAP-43549)
Fixed an issue where the container was not always deleted correctly, or it missed the last output entries in VM based installations.(AAP-42935)
Fixed an issue where Event-Driven Ansible logging did not allow searching.(AAP-43338)
Fixed an issue where the rulebook activations and event streams would not remain due to a cascading delete after the user who created them was deleted.(AAP-41769)
Fixed an issue where the decision environment was not using the image to authenticate and pull successfully when using an image registry with a custom port.(AAP-41281)
Fixed an issue where timestamps were not formatted to the local timezone of the user.(AAP-38396)
Fixed an issue where the activation failed with the message It will attempt to restart (1/5) in 60 seconds according to the restart policy always, but it does not restart.(AAP-43969)
Fixed an issue where a race condition would occur while cleaning up activation in OpenShift Container Platform, causing unexpected behavior.(AAP-44108)
Fixed an issue where the Event-Driven Ansible logs showed no information about an internal server error.(AAP-42271)
Fixed an issue where there was a duplicate error message in the CLI.(AAP-41745)
Fixed an issue where Envoy was stripping the Authorization header from client requests.(AAP-44700)
Fixed an issue where Event-Driven Ansible had not selected a standard component for settings mechanism.(AAP-41684)
Fixed an issue where documentation was missing for Event-Driven Ansible source plugins.(AAP-8630)
Fixed an issue where there was a memory leak in Event-Driven Ansible using the ansible-rulebook sqs plugin.(AAP-42623)
Fixed an issue where rulebook activations were not editable or copyable either through the UI or API.(AAP-37294)
Fixed an issue where the rule engine used in ansible-rulebook was keeping events that do not match in memory for the default_events_ttl of two hours causing a memory leak.(AAP-44899)
Fixed an issue where there was a memory leak in Event-Driven Ansible using ansible-rulebook sqs plugin.(AAP-44899)
Fixed an issue where the rulebook activation module in the Event-Driven Ansible collection lacked support for restarting the activation.(AAP-42542)
Fixed an issue where AAP aliases were unable to be used to specify Event-Driven Ansible collection variables.(AAP-42280)

10.8.5.6. Red Hat Ansible Lightspeed Operator
Link kopieren

Fixed an issue where the auth_config_secret_name configuration in Lightspeed Operator was not optional in the automation controller.(AAP-44203)

10.8.5.7. Receptor
Link kopieren

Fixed an issue where the kube API would lock up on every call by moving kubeAPIWapperInstance inside each kubeUnit and removing kubeAPIWapperlocks.(AAP-43111)

10.8.5.8. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where platform gateway services were not aligned after restore with the target environment.
- Fixed an issue where old instance nodes were still registered in automation controller post restore.
- Fixed an issue where nginx would attempt to reload before the configuration was finalized.(AAP-44231)

10.9. Ansible Automation Platform patch release April 9, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
April 9, 2025	Automation controller 4.6.11 Automation hub 4.10.3 Event-Driven Ansible 1.1.7 Container-based installer Ansible Automation Platform (bundle) 2.5-12 Container-based installer Ansible Automation Platform (online) 2.5-12 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-11 RPM-based installer Ansible Automation Platform (online) 2.5-11

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1743660124
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1743660958

10.9.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.11.(AAP-43126)
Fixed an issue where authentication configuration for AzureAD/EntraId groups could not be used in authentication mapping.(AAP-42890)

10.9.2. Enhancements
Link kopieren

10.9.2.1. Container-based Ansible Automation Platform
Link kopieren

Implemented variables for applying extra_settings for automation controller, Event-Driven Ansible, platform gateway, and automation hub during installation.(AAP-42932)

10.9.3. Bug fixes
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-2877 ansible-rulebook: exposure of inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in Event-Driven Ansible.(AAP-42817)

10.9.3.1. Ansible Automation Platform
Link kopieren

Fixed an issue where job workflow templates failed with limits.(AAP-33726)
Fixed an issue where there was non-viable information disclosure for pen testing.(AAP-39977)

10.9.3.2. Ansible Automation Platform Operator
Link kopieren

Fixed an issue on the OpenShift Container Platform Route TLS termination that was always configured with the edge value.(AAP-42051)

10.9.3.3. Container based Ansible Automation Platform
Link kopieren

Fixed an issue where the restore to a new node would fail. Implemented validation and cleanup for service nodes on a restore to a new cluster.(AAP-42781)
Fixed an issue where podman logs did not show any log messages if the user was not part of the local administrator or systemd-journal group.(AAP-42755)
Fixed an issue where the containerized installer was unable to apply extra settings for automation controller, Event-Driven Ansible, platform gateway, and automation hub.(AAP-40798)
Fixed an issue where a remote user was not part of the systemd-journal group and could not access container logs.(AAP-42755)

10.9.3.4. Automation execution environments
Link kopieren

Fixed an issue where there was a Python 3.11 incompatibility by updating pykerberos to 1.2.4 in ee-minimal and ee-supported container images.(AAP-42428)

10.9.3.5. Event-Driven Ansible
Link kopieren

Fixed an issue where activations attached with some event streams could not be created in deployments configured with Postgresql with mTLS.(AAP-42268)

10.9.3.6. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where the token refresh prevented Event-Driven Ansible worker nodes from re-authenticating tokens.(AAP-42981)
Fixed an issue where the bundle installer failed to update automation controller and aap-metrics-utility in the same run.(AAP-42632)
Fixed an issue where platform UI was not loading when the platform gateway was on a FIPS enabled Red Hat Enterprise Linux 9.(AAP-39146)

10.9.4. Known Issues
Link kopieren

This section provides information about known issues in Ansible Automation Platform 2.5. Upgrade issues with the RPM installer.
Upgrading from Red Hat Enterprise Linux 9.4 to Red Hat Enterprise Linux 9.5 or later fails when running platform gateway version 2.5.20250409 or later. To upgrade to Red Hat Enterprise Linux 9.5 or later, follow the steps in this KCS article.
When upgrading Ansible Automation Platform 2.5, you must use the RPM installer version 2.5-11 or later. If you use an older installer, the installation might fail. If you encounter a failed installation using an earlier version of the installer, rerun the installation with version 2.5-11 or later.

10.10. Ansible Automation Platform patch release March 26, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
March 26, 2025	Platform gateway 2.5.20250326 Automation controller 4.6.10 Automation hub 4.10.3 Event-Driven Ansible 1.1.6 Container-based installer Ansible Automation Platform (bundle) 2.5-11.1 Container-based installer Ansible Automation Platform (online) 2.5-11 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-10 RPM-based installer Ansible Automation Platform (online) 2.5-10

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1742434024
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1742434756

10.10.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.10.(AAP-42242)
Service account support has been integrated into Ansible Automation Platform Analytics; service account credentials have replaced basic auth credentials when linking to Analytics.(AAP-39472)
- For more information, see the KCS article Configure Ansible Automation Platform to use service account credentials for authentication.

10.10.1.1. Deprecated
Link kopieren

Deprecated and suppressed the warning about ANSIBLE_COLLECTIONS_PATHS in the job output.(AAP-41566)

10.10.2. Bug fixes
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-27516 python3.11-jinja2: Jinja sandbox breakout through attr filter selecting format method.(AAP-42104)
CVE-2025-26699 python3.11-django: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-42107)
CVE-2025-26699 ansible-lightspeed-container: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-41138)
CVE-2025-27516 automation-controller: Jinja sandbox breakout through attr filter selecting format method.(AAP-41692)
CVE-2025-27516 ansible-lightspeed-container: Jinja sandbox breakout through attr filter selecting format method.(AAP-41690)

10.10.2.1. Ansible Automation Platform
Link kopieren

Fixed an issue when migrating user accounts with invalid email addresses, the process would print a message showing the user name of the user whose email address has been removed.(AAP-41675)
Fixed an issue that occurred after enabling automigration of user accounts from the previous SSO authenticator to a new authenticator, the user accounts from other Ansible Automation Platform services such as automation controller or automation hub, were not properly merged into one account, and the account on those services deleted.(AAP-42146)

10.10.2.2. Ansible Automation Platform Operator
Link kopieren

Fixed an issue where the legacy automation controller API information link on the automation controller redirect page was broken.(AAP-41510)
Fixed an issue where Ansible Automation Platform backups would fail when writing yaml to the PVC on OpenShift Container Platform clusters with OpenShift Container Platform Virtualization installed.(AAP-28609)

10.10.2.3. Automation controller
Link kopieren

Fixed an issue where Insights projects were failing on OpenShift Container Platform on Ansible Automation Platform, due to incorrectly specifying the extra vars path.(AAP-41874)
Fixed an issue where the host metrics for dark, unreachable hosts were being collected.(AAP-41567)
Fixed an issue where the system auditor could download the execution node install bundle.(AAP-37922)
Fixed an issue where the host record was added to HostMetric when the host had failures or unreachable tasks completed.(AAP-32094)

10.10.2.4. Automation hub
Link kopieren

Fixed an issue where the user could not delete automation hub teams on the resource API.(AAP-42158)
Fixed an issue where the retain_repo_versions was null for the validated repos.(AAP-42005)

10.10.2.5. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where preflight was not accounting for automationgateway being a CA server node.(AAP-41817)
Fixed an issue where platform gateway installations resulted in failures in environments with IPv6 due to nginx configuration timing.(AAP-41816)

10.10.3. Known Issues
Link kopieren

In the platform gateway, the tooltip for Projects Create Project - Project Base Path is undefined.(AAP-27631)
Deploying platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.11. Ansible Automation Platform patch release March 12, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release Date	Component versions
March 12, 2025	Automation controller 4.6.9 Automation hub 4.10.2 Event-Driven Ansible 1.1.6 Container-based installer Ansible Automation Platform (bundle) 2.5-11 Container-based installer Ansible Automation Platform (online) 2.5-11 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-9 RPM-based installer Ansible Automation Platform (online) 2.5-9

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1740093573
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1740094176

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.11.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.9.(AAP-41400)
ansible-lint has been updated to 25.1.2.(AAP-38116)
Fixed an issue where the bundle installer/ee-supported did not contain the latest collection versions. The following collections have been updated in the ee-supported and the bundle installer:
- amazon.aws 9.2.0
- ansible.windows 2.7.0
- arista.eos 10.0.1
- cisco.ios 9.1.1
- cisco.iosxr 10.3.0
- cisco.nxos 9.3.0
- cloud.common 4.0.0
- cloud.terraform 3.0.0
- kubernetes.core 5.1.0
- microsoft.ad 1.8.0
- redhat.openshift 4.0.1
- vmware.vmware 1.10.1
- vmware.vmware_rest 4.6.0.(AAP-39960)
Fixed an issue where ansible-rulebook did not support by default third party python libraries.(AAP-41341)

10.11.2. Features
Link kopieren

10.11.2.1. Event-Driven Ansible
Link kopieren

Adopts the new credential copy endpoint from the API.(AAP-41384)

10.11.3. Enhancements
Link kopieren

10.11.3.1. Event-Driven Ansible
Link kopieren

Event-Driven Ansible activation logging is now provided via the journald driver.(AAP-39745)
Rulebook activations' log message field is now separated into timestamps and message fields.(AAP-39743)
Moved ansible.eda collection from de-supported to de-minimal as elements of the collection are required for all Event-Driven Ansible images.(AAP-39749)

10.11.3.2. RPM-based Ansible Automation Platform
Link kopieren

The setup.sh script now has an option to collect sosreport.(AAP-40085)

10.11.4. Deprecated
Link kopieren

Deprecated the variables eda_main_url and hub_main_url in favor of the platform gateway proxy URL. Automation hub will now use the platform gateway proxy URL.(AAP-41306)

10.11.5. Bug fixes
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2025-26791 automation-gateway: Mutation XSS in DOMPurify due to improper template literal handling.(AAP-40402)

10.11.5.1. Ansible Automation Platform
Link kopieren

Fixed an issue in the user collection module where running with state: present would cause a stack trace.(AAP-40887)
Fixed an issue that caused updates to SAML authenticators to ignore an updated public certificate provided via UI or API and then fail with the message The certificate and private key do not match.(AAP-40767)
Fixed an issue with the ServiceAuthToken destroy method to allow HTTP delete via ServiceAuth to work properly.(AAP-37630)

10.11.5.2. Platform gateway
Link kopieren

Fixed an issue that would prevent some types of resources from getting synced if there was a naming conflict.(AAP-41241)
Fixed an issue where the login failed for users who were members of a team or organization that had a naming conflict.(AAP-41240)
Fixed an issue where there would be 401 unauthorized errors thrown at random in the platform gateway UI.(AAP-41165)
Fixed an issue where services could not request cloud.redhat.com settings from the platform gateway using ServiceTokenAuth.(AAP-39649)

10.11.5.3. Automation controller
Link kopieren

Fixed an issue where upgrading was preventing automation controller administrator password to be set for the platform gateway administrator account.(AAP-40839)
Fixed an issue where the indirect host counting name recorded the hostname, instead of from the query result.(AAP-41033)
Fixed an issue where the OpaClient was not initializing properly after timeouts and retries.(AAP-40997)
Fixed an issue where automation controller was missing the service account credentials for analytics.(AAP-40769)
Fixed an issue where the ability to enable feature flags via the corresponding setting of the same name was not possible.(AAP-39783)
Fixed an issue where the DAB feature flags endpoints were not registered in the automation controller API.(AAP-39778)
Fixed an issue where the API was missing a helper method for fetching the service account token from sso.redhat.com.(AAP-39637)

10.11.5.4. Container-based Ansible Automation Platform
Link kopieren

Fixed an issue where the containerized installer was not creating receptor mesh connections between all automation controller nodes.(AAP-41102)
Fixed an issue where a default installation of the containerized Ansible Automation Platform was unable to use container groups.(AAP-40431)
Fixed an issue where errors would be hidden during Event-Driven Ansible status validation.(AAP-40021)
Fixed an issue where the polkit RPM package was not installed, therefore, not enabling user lingering.(AAP-39860)

10.11.5.5. Event-Driven Ansible
Link kopieren

Fixed an issue where the EDA_ACTIVATION_DB_HOST environment variable in the eda-initial-data container was missing.(AAP-41270)
Fixed an issue with the behavior of the ansible-rulebook and Event-Driven Ansible controller to help when an activation that was started correctly was considered unresponsive and was scheduled for a restart.(AAP-41070)
Fixed an issue where editing and copying of rulebook activations in the API were not allowed.(AAP-40254)
Fixed an issue where the activation was incorrectly restarted with the error message Missing container for running activation.(AAP-39545)
Fixed an issue where the Event-Driven Ansible server did not support PG Notify using certificates.(AAP-39294)
Fixed an issue where the user was not required to give a unique user defined name when copying a credential.(AAP-39079)
Fixed an issue where the image URL in the collection decision_environment testing was not OCI compliant.(AAP-39064)
Fixed an issue where when creating a new team with the same name should have propagated IntegrityError.(AAP-38941)
Fixed an issue where decision environment URLs were not validated against OCI specification to ensure successful authentication to the container registry when pulling the image.(AAP-38822)
Fixed an issue where the Activation module did not support the copy operation from other activations.(AAP-37306)

10.11.5.6. Receptor
Link kopieren

Fixed an issue where automation mesh receptor was creating too many inotify processes, and where the user would encounter a too many open files error.(AAP-22605)

10.11.5.7. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where the activation instance logs were missing in RPM deployments.(AAP-40886)
Fixed an issue where the managed CA would not correctly assign eligible groups during discovery, during installation, and backup and restore.(AAP-40277)
Fixed an issue where during an installation or upgrade, SELinux relabeling was not occurring even if new fcontext rules were added.(AAP-40489)
Fixed an issue where the credentials for execution environments and decision environments hosted in automation hub were incorrectly configured.(AAP-40419)
Fixed an issue where projects failed to sync due to incorrectly configured credentials for Ansible Automation Platform collections hosted in automation hub.(AAP-40418)

10.11.6. Known Issues
Link kopieren

In the platform gateway, the tooltip for Projects Create Project - Project Base Path is undefined.(AAP-27631)
Deploying platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.12. Ansible Automation Platform patch release March 01, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release date	Component versions
March 01, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10.2 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.3 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV versions in this release:

Namespace-scoped bundle: aap-operator.v2.5.0-0.1740773472
Cluster-scoped bundle: aap-operator.v2.5.0-0.1740774104

Important

An issue was found in affected versions of Ansible Automation Platform that enabled a lesser privileged user (even unauthenticated) promotion to a greater privileged user. All Ansible Automation Platform 2.5 customers should upgrade their environments to the latest version as soon as possible to resolve this issue. Ansible Automation Platform on Microsoft Azure and Ansible Automation Platform Service on AWS environments are already patched by Red Hat.

The following bug fixes have been implemented in this release of Ansible Automation Platform:

10.12.1. Bug fixes
Link kopieren

10.12.1.1. CVE
Link kopieren

With this update, the following CVE has been addressed:

CVE-2025-1801 automation-gateway: aap-gateway privilege escalation. (AAP-41180)

10.12.1.2. Platform gateway
Link kopieren

Fixed an issue that caused the API to randomly return 401 errors. (AAP-41054)

10.13. Ansible Automation Platform patch release February 25, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release Date	Component versions
February 25, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10.1 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.2 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1740093573
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1740094176

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.13.1. Enhancements
Link kopieren

10.13.1.1. Platform gateway
Link kopieren

Previously gateway_proxy_url was used for the proxy health check, but is no longer used in favor of the ENVOY_HOSTNAME setting.(AAP-39907)

10.13.1.2. Event-Driven Ansible
Link kopieren

In the credential type schema the format field can be set to binary_base64 to specify a file should be loaded as a binary file.(AAP-36581)
- Sample Credential Type Schema
- Inputs Configuration
- fields:
  - id: keytab
  - type: string
  - label: Kerberos Keytab file
  - format: binary_base64 secret: true
  - help_text: Please select a Kerberos Keytab file
  - multiline: true

10.13.2. Bug fixes
Link kopieren

10.13.2.1. Ansible Automation Platform
Link kopieren

Fixed an issue where the subscription entitlement expiration notification was visible, even when the subscription was active.(AAP-39982)
Fixed an issue where upon UI reload/refresh, logs of a running job before the refresh would not appear until new logs were generated from the playbook.(AAP-38924)
Fixed an issue when the customer was unable to scale down replicas to put Ansible Automation Platform into idle mode.(AAP-39492)
After launching the Workflow Job Template, the launched job for a job template node in the workflow should contain the job_tags and skip_tags that were specified in the launch prompt step.(AAP-40395)
Fixed an issue where the user was not able to create a members role in Ansible Automation Platform 2.5.(AAP-37626)
Fixed an issue where a custom image showed Base64 encoded data.(AAP-26984)
Fixed an issue where a custom logo showed Base64 encoded data.(AAP-26909)
Fixed an issue that restricted users from executing jobs for which they had the correct permissions.(AAP-40398)
Fixed an issue where the workflow job template node extra vars were not saved.(AAP-40396)
Fixed an issue where the Creating and using execution environments guide had the incorrect ansible-core version.(AAP-40390)
Fixed an issue where you were not able to create a members role in Ansible Automation Platform 2.5.(AAP-40698)
Fixed an issue where the initial login to any of the services from platform gateway could result in the user being given access to the wrong account.(AAP-40617)
Fixed an issue where the service owned resources were not kept in sync with the platform gateway allowing for duplicate name values on user login.(AAP-40616)
Fixed an issue where users, organizations, and teams, became permanently out of sync if any user, organization, or team, was deleted from the platform gateway.(AAP-40615)
Fixed an issue where automation hub would fail to run the sync task if any users were deleted from the system.(AAP-40613)

10.13.2.2. Platform gateway
Link kopieren

Fixed an issue where ping and status checks with resolvable, but nonresponding, URLs could cause all platform gateway uwsgi workers to hang until all were exhausted. The new settings are PING_PAGE_CHECK_TIMEOUT and PING_PAGE_CHECK_IGNORE_CERT.(AAP-39907)

10.13.2.3. Event-Driven Ansible
Link kopieren

Fixed an issue where credentials could be copied in AAP but could not be copied in Event-Driven Ansible.(AAP-35875)

10.13.2.4. Known Issues
Link kopieren

In the platform gateway, the tooltip for Projects Create Project - Project Base Path is undefined.(AAP-27631)
Deploying the platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.14. Ansible Automation Platform patch release February 13, 2025
Link kopieren

This release includes the following components and versions:

Expand

Release Date	Component versions
February 13, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.1 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1738808953
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1738809624

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.14.1. New Features
Link kopieren

10.14.1.1. Ansible Automation Platform
Link kopieren

Keycloak now allows for the configuration of the claim key/name for the field containing a user’s group membership returned in the ID token and/or user info data. This can be configured by setting the GROUPS_CLAIM configuration value on a per-authenticator plugin basis as was done for the OIDC plugin.(AAP-38720)

10.14.2. Enhancements
Link kopieren

10.14.2.1. General
Link kopieren

The ansible.controller collection has been updated to 4.6.8.(AAP-39848)
ansible.platform collection has been updated to 2.5.20250213.(AAP-39740)
ansible.eda collection has been updated to 2.4.0.(AAP-39577)

10.14.2.2. Ansible Automation Platform
Link kopieren

It is now possible to configure automation hub without Redis PVC.(AAP-39600)

10.14.2.3. Automation controller
Link kopieren

This release sees the addition of client_id and client_secret fields to the Insights credential to support service accounts via console.redhat.com.(AAP-36565)
You are now able to specify the input for the client_id and client_secret for the insights credential via the awx.awx.credential_type module.(AAP-37441)
Updated awxkit by adding service account support for Insights credential type, specifically adding the fields client_id and client_secret to credential_input_fields.(AAP-39352)

10.14.2.4. Automation execution environments
Link kopieren

The file command has been added to ee-minimal and ee-supported container images.(AAP-40009)

10.14.3. Bug fixes
Link kopieren

10.14.3.1. Migration
Link kopieren

Fixed an issue where after upgrading Ansible Automation Platform from 2.4 to 2.5, many of the surveys that had multiple choice options displayed a blank space in the drop down menu.(AAP-35093)

10.14.3.2. Ansible Automation Platform
Link kopieren

Fixed a bug in the collections token module where it was unable to find an application if multiple organizations had the same application name.(AAP-38625)
Fixed an issue where upgrading Ansible Automation Platform 2.5 caused an occasional internal server error for all users with Event-Driven Ansible and Automation hub post upgrade.(AAP-39293)
Fixed an issue where the administrator was not allowed to configure auto migration of legacy authenticators.(AAP-39949)
Fixed an issue where there were two launch/relaunch icons displayed from the jobs list for failed jobs.(AAP-38483)
Fixed an issue where the Schedules Add wizard returned a RequestError Not Found.(AAP-37909)
Fixed an issue where the EC2 Inventory Source type required credentials, which is not necessary when using IAM instance profiles.(AAP-37346)
Fixed an issue when attempting to assign the Automation Decisions - Organization Admin role to a user in an organization resulted in the error, Not managed locally, use the resource server instead. Administrators can now be added by using the Organization Administrators tab.(AAP-37106)
Fixed an issue where when updating a workflow node, the Job Tags were lost and Skip Tags were not saved.(AAP-35956)
Fixed an issue where new users who logged in with legacy authentication were not merged when switching to Gateway authentication.(AAP-40120)
Fixed an issue where the user was unable to link legacy SSO accounts to Gateway.(AAP-40050)
Fixed an issue where updating Ansible Automation Platform to 2.5 caused an Internal Service Error for all users with Event-Driven Ansible and Automation hub post upgrade. The migration process will now detect and fix users who were created in services via JWT auth and improperly linked to the service instead of the platform gateway.(AAP-39914)

10.14.3.3. Ansible Automation Platform Operator
Link kopieren

Fixed an issue where AnsibleWorkflow custom resources would not parse and utilize extra_vars if specified.(AAP-39005)

10.14.3.4. Automation controller
Link kopieren

Fixed an issue where when an Azure credential was created using awxkit, the creation failed because the parameter client_id was added to the input fields while the API was not expecting it.(AAP-39846)
Fixed an issue where the job schedules were running at incorrect times when that schedule’s start time fell within a Daylight Saving Time period.(AAP-39826)

10.14.3.5. Automation hub
Link kopieren

Fixed an issue where the use of empty usernames and passwords when creating a remote registry was not allowed.(AAP-26462)

10.14.3.6. Container-based Ansible Automation Platform
Link kopieren

Fixed an issue where the containerized installer had no preflight check for the Postgres version of an external database.(AAP-39727)
Fixed an issue where the containerized installer could not register other peers in the database.(AAP-39470)
Fixed an issue where there was a missing installation user UID check.(AAP-39393)
Fixed an issue where Postgresql connection errors would be hidden during its configuration.(AAP-39389)
Fixed an issue in the preflight check regression when the TLS private key provided is not an RSA type.(AAP-39816)

10.14.3.7. Event-Driven Ansible
Link kopieren

Fixed an issue where the Generate extra vars button did not handle file/env injected credentials.(AAP-36003)

10.14.3.8. Known Issues
Link kopieren

In the platform gateway, the tooltip for Projects Create Project - Project Base Path is undefined.(AAP-27631)
Deploying the platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.15. Ansible Automation Platform patch release January 29, 2025
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.15.1. Enhancements
Link kopieren

10.15.1.1. Ansible Automation Platform
Link kopieren

Using PostgreSQL TLS certificate authentication with an external database is now available.(AAP-38400)

10.15.1.2. Event-Driven Ansible
Link kopieren

The ansible.eda collection has been updated to 2.3.1.(AAP-39057)
Users are now able to create a new Event-Driven Ansible credential by copying an existing one.(AAP-39249)
Added support for file and env injectors for credentials.(AAP-39091)

10.15.1.3. RPM-based Ansible Automation Platform
Link kopieren

Implemented certificate authentication support (mTLS) for external databases.
- Postgresql TLS certificate authentication is available for external databases.
- Postgresql TLS certificate authentication can be turned on/off (off by default for backward compatibility).
- Each component, automation controller, Event-Driven Ansible, platform gateway, and automation hub, now provides off the shelf (OTS) TLS certificate and key files (mandatory).(AAP-38400)

10.15.2. Bug fixes
Link kopieren

10.15.2.1. CVE
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2024-56326 python3.11-jinja2: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38852)
CVE-2024-56374 ansible-lightspeed-container: Potential denial-of-service vulnerability in IPv6 validation.(AAP-38647)
CVE-2024-56374 python3.11-django: potential denial-of-service vulnerability in IPv6 validation.(AAP-38630)
CVE-2024-53907 python3.11-django: Potential denial-of-service in django.utils.html.strip_tags().(AAP-38486)
CVE-2024-56201 python3.11-jinja2: Jinja has a sandbox breakout through malicious filenames.(AAP-38331)
CVE-2024-56374 automation-controller: Potential denial-of-service vulnerability in IPv6 validation.(AAP-38648)
CVE-2024-56201 automation-controller: Jinja has a sandbox breakout through malicious filenames.(AAP-38081)
CVE-2024-56326 automation-controller: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38058)

10.15.2.2. Automation controller
Link kopieren

Fixed an issue where the order of source inventories was not respected by the collection ansible.controller.(AAP-38524)
Fixed an issue where an actively running job on an execution node may have had its folder deleted by a system task. This fix addresses some Failed to JSON parse a line from worker stream type errors.(AAP-38137)

10.15.2.3. Container-based Ansible Automation Platform
Link kopieren

The inventory file variable postgresql_admin_username is no longer required when using an external database. If you do not have database administrator credentials, you can supply the database credentials for each component in the inventory file instead.(AAP-39077)

10.15.2.4. Event-Driven Ansible
Link kopieren

Fixed an issue where the application version in the openapi spec was incorrectly set.(AAP-38392)
Fixed an issue where activations were not properly updated in some scenarios with a high load of the system. (AAP-38374)
Fixed an issue where users were unable to filter Rule Audits by rulebook activation name.(AAP-39253)
Fixed an issue where the input field of the injector configuration could not be empty.(AAP-39086)

10.15.2.5. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where setting automationedacontroller_max_running_activations could cause the installer to fail. (AAP-38708)
Fixed an issue where the platform gateway services are not restarted when a dependency changes.(AAP-38918)
Fixed an issue where the platform gateway could not be setup with custom SSL certificates.(AAP-38985)

10.16. Ansible Automation Platform patch release January 22, 2025
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.16.1. Enhancements
Link kopieren

10.16.1.1. Ansible Automation Platform
Link kopieren

Legacy Auth SSO URL settings are now customizable if needed for gateway, controller, and hub overrides passed on the Ansible Automation Platform CR if provided. This is mainly useful if you are using a custom ingress controller.(AAP-37364)

10.16.2. Bug fixes
Link kopieren

10.16.2.1. Ansible Automation Platform
Link kopieren

Fixed an issue where there was a service_id mismatch between gateway and Event-Driven Ansible which was causing activation rulebooks to fail.(AAP-38172)

Note

This fix applies to OpenShift Container Platform only.

10.17. Ansible Automation Platform patch release January 15, 2025
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.17.1. Enhancements
Link kopieren

10.17.1.1. Ansible Automation Platform
Link kopieren

With this update, the ansible.controller collection has been updated to 4.6.6.(AAP-38443)
Enhanced the status API, /api/gateway/v1/status/, from the services property within the JSON to an array. Consumers of this API can still request the previous format with a URL query parameter service_keys=true.(AAP-37903)

10.17.1.2. Ansible Automation Platform Operator
Link kopieren

Added the ability to configure topology_spread_constraints, `node_selector, and `tolerations for gateway deployments. (AAP-37193)

10.17.1.3. Container-based Ansible Automation Platform
Link kopieren

TLS certificate and key files are now validated during the preflight role execution.
- If the TLS certificate file is provided then the TLS key file must be provided.
- If the TLS key file is provided then the TLS certificate file must be provided.
- Both TLS certificate and key modulus should match.(AAP-37845)

10.17.2. Bug fixes
Link kopieren

10.17.2.1. CVE
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2024-52304 python3.11-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions.(AAP-36192)
CVE-2024-55565 automation-gateway: nanoid mishandles non-integer values.(AAP-37168)
CVE-2024-53908 automation-controller: Potential SQL injection in HasKey(lhs, rhs) on Oracle.(AAP-36769)
CVE-2024-53907 automation-controller: Potential denial-of-service in django.utils.html.strip_tags().(AAP-36756)
CVE-2024-11407 automation-controller: Denial-of-Service through data corruption in gRPC-C++.(AAP-36745)
CVE-2024-52304 ansible-lightspeed-container: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions.(AAP-36185)
CVE-2024-56201 ansible-lightspeed-container: Jinja has a sandbox breakout through malicious filenames.(AAP-38079)
CVE-2024-56326 ansible-lightspeed-container: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38056)
CVE-2024-11407 ansible-lightspeed-container: Denial-of-Service through data corruption in gRPC-C++.(AAP-36744)

10.17.2.2. Red Hat Ansible Automation Platform
Link kopieren

Fixed not found error that occurred occasionally when navigating through the form wizards.(AAP-37495)
Fixed an issue where installing ansible-core no longer installs python3-jmespath on Red Hat Enterprise Linux 8.(AAP-18251)
Fixed an issue where ID_KEY attribute was improperly used to determine the username field in social auth pipelines.(AAP-38300)
Fixed an issue where authenticator could create a userid and return a non-viable authenticator_uid.(AAP-38021)
Fixed an issue where a private key was displayed in plain text when downloading the OpenAPI schema file. This was not the private key used by gateway, but a random default key.(AAP-37843)

10.17.2.3. Automation controller
Link kopieren

Fixed an issue that did not allow sending job_lifecycle logs to external aggregators.(AAP-37537)
Fixed an issue where there was a date comparison mismatch for traceback from host_metric_summary_monthly task.(AAP-37487)
Fixed an issue where the scheduled jobs with count set to a non-zero value would run unexpectedly. (AAP-37290)
Fixed an issue where a project’s requirements.yml could revert to a prior state in a cluster. (AAP-37228)
Fixed an issue where there would be an occasional error creating the event partition table before starting a job, when a large number of jobs were launched quickly. (AAP-37227)
Fixed an issue where temporary receptor files were not cleaned up after a job completed on nodes. (AAP-36904)
Fixed an issue where POST to /api/controller/login/ via the gateway resulted in a fatal response.(AAP-33911)
Fixed an issue when a job template was launched, the named URL returned a 404 error code.(AAP-37025)

10.17.2.3.1. Container-based Ansible Automation Platform
Link kopieren

Fixed an issue where the receptor TLS certificate content was not validated during the preflight role execution ensuring that the x509 Subject Alt Name (SAN) field contains the required ISO Object Identifier (OID) 1.3.6.1.4.1.2312.19.1. (AAP-37880)
Fixed an issue where the Postgresql SSL mode variables for controller, Event-Driven Ansible, gateway and automation hub were not validated during the preflight role execution. (AAP-37352)
Fixed an issue where the Ansible Automation Platform containerized setup installation would upload collections when inventory growth in the AIO installation was used.(AAP-38372)
Fixed an issue where the throttle capacity of controller in an AIO installation would allow for performance degradation.(AAP-38207)

10.17.2.4. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where adding a new automation hub host to an upgraded environment has caused the installation to fail. (AAP-38204)
Fixed an issue where the link to the documents in the installer README.md was broken. (AAP-37627)
Fixed an issue where the Gateway API status on Event-Driven Ansible proxy component returned 404 errors. (AAP-32816)

10.18. Ansible Automation Platform patch release December 18, 2024
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.18.1. Enhancements
Link kopieren

10.18.1.1. Ansible Automation Platform
Link kopieren

Added help text to all missing fields in Ansible Automation Platform gateway and django-ansible-base. (AAP-37068)
Consistently formatted sentence structure for help_text, and provided more context in the help text where it was vague.(AAP-37016)
Added dynamic preferences for usage by Automation Analytics.(AAP-36710)
- INSIGHTS_TRACKING_STATE: Enables the service to gather data on automation and send it to Automation Analytics.
- RED_HAT_CONSOLE_URL: This setting is used to to configure the upload URL for data collection for Automation Analytics.
- REDHAT_USERNAME: Username used to send data to Automation Analytics.
- REDHAT_PASSWORD: Password for the account used to send data to Automation Analytics.
- SUBSCRIPTIONS_USERNAME: Username is used to retrieve subscription and content information.
- SUBSCRIPTIONS_PASSWORD: Password is used to retrieve subscription and content information.
- AUTOMATION_ANALYTICS_GATHER_INTERVAL: interval in seconds at which Automation Analytics gathers data.
Added an enabled flag for turning authenticator maps on or off. (AAP-36709)
aap-metrics-utility has been updated to 0.4.1. (AAP-36393)
Added the setting trusted_header_timeout_in_ns to timegate X_TRUSTED_PROXY_HEADER validation in the django-ansible-base libraries used by Ansible Automation Platform components. (AAP-36712)

10.18.1.2. Documentation updates
Link kopieren

With this update, the Ansible Automation Platform Operator growth topology and Ansible Automation Platform Operator enterprise topology have been updated to include s390x (IBM Z) architecture test support.

10.18.1.3. Event-Driven Ansible
Link kopieren

Extended the scope of the log_level and debug settings. (AAP-33669)
A project can now be synced with the Event-Driven Ansible collection modules. (AAP-32264)
In the Rulebook activation create form, selecting a project is now required before selecting a rulebook.(AAP-28082)
The Create credentials button is now visible irrespective of whether there are any existing credentials or not.(AAP-23707)

10.18.2. Bug fixes
Link kopieren

10.18.2.1. General
Link kopieren

Fixed an issue where django-ansible-base fallback cache kept creating a tmp file even if the LOCATION was set to another path.(AAP-36869)
Fixed an issue where the OIDC authenticator was not allowed to use the JSON key to extract user groups, or for a user to be modified via the new GROUPS_CLAIM configuration setting.(AAP-36716)

With this update, the following CVEs have been addressed:

CVE-2024-11079 ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core.(AAP-35563)
CVE-2024-53908 ansible-lightspeed-container: Potential SQL injection in HasKey(lhs, rhs) on Oracle.(AAP-36767)
CVE-2024-53907 ansible-lightspeed-container: Potential denial-of-service in django.utils.html.strip_tags().(AAP-36755)
CVE-2024-11483 which allowed users to escape the scope of their personal access OAuth2 tokens, from read-scoped to read-write-scoped, in the gateway.(AAP-36261)

10.18.2.2. Red Hat Ansible Automation Platform
Link kopieren

Fixed an issue where when role user assignments were queried in the platform UI, the query is successful about 75% of the time.(AAP-36872)
Fixed an issue where the user was unable to filter job templates by label in Ansible Automation Platform 2.5.(AAP-36540)
Fixed an issue where it was not possible to open a job template after removing the user that created the template.(AAP-35820)
Fixed an issue where the inventory source update failed, and did not allow selection of the inventory file.(AAP-35246)
Fixed an issue where the Login Redirect Override setting was missing and not functioning as expected in Ansible Automation Platform 2.5.(AAP-33295)
Fixed an issue where users were able to select a credential that required a password when defining a schedule.(AAP-32821)
Fixed an issue where the job output did not show unless you switched tabs. This also fixed other display issues.(AAP-31125)
Fixed an issue where adding a new Automation Decision role to a team did not work from the Access Management Teams navigation path.(AAP-31873)
Fixed an issue where migration was missing from Ansible Automation Platform.(AAP-37015)
Fixed an issue where the gateway OAuth token was not encrypted at rest.(AAP-36715)
Fixed an issue where the API forces the user to save a service with an API port even if one does not exist.(AAP-36714)
Fixed an issue where the Gateway did not properly interpret SAML attributes for mappings.(AAP-36713)
Fixed an issue where non-self-signed certificate+key pairs were allowed to be used in SAML authenticator configurations.(AAP-36707)
Fixed an issue where the login page was not redirecting to /api/gateway/v1 if a user was already logged in.(AAP-36638)

10.18.2.3. Ansible automation hub
Link kopieren

When configuring an Ansible Remote to sync collections from other servers, a requirements file is only required for syncs from Galaxy, and optional otherwise. Without a requirements file, all collections are synced.(AAP-31238)

10.18.2.3.1. Container-based Ansible Automation Platform
Link kopieren

Fixed an issue that allowed automation controller nodes to override the receptor_peers variable. (AAP-37085)
Fixed an issue where the containerized installer ignored receptor_type for automation controller hosts and always installed them as hybrid.(AAP-37012)
Fixed an issue where Podman was not present in the task container, and the cleanup image task failed.(AAP-37011)
Fixed an issue where only one automation controller node was configured with Execution/Hop node peers rather than all automation controller nodes.(AAP-36851)
Fixed an issue where the automation controller services lost connection to the database, where the containers are stopped and the systemd unit does not try to restart.(AAP-36850)
Fixed an issue where receptor_type and receptor_protocol variables validation checks were skipped during the preflight role execution.(AAP-36857)

10.18.2.4. Event-Driven Ansible
Link kopieren

Fixed an issue where the url field of the event stream was not updated if EDA_EVENT_STREAM_BASE_URL setting changed. (AAP-33819)
Fixed an issue where Event-Driven Ansible and automation controller fields were pre-populated with gateway credentials when secret: true is set on custom credentials.(AAP-33188)
Fixed an issue where the bulk removal of selected role permissions disappeared when more than 4 permissions were selected.(AAP-28030)
Fixed an issue where Enabled options had its own scrollbar on the Rulebook Activation Details page.(AAP-31130)
Fixed an issue where the status of an activation was occasionally inconsistent with the status of the latest instance after a restart.(AAP-29755)
Fixed an issue where importing a project from a non-existing branch resulted in the completed state instead of a Failed status.(AAP-29144)
Fixed an issue with respect to the custom credential types where if the user clicked The generate extra vars before the fields: key in the input configuration it would create an empty line that is uneditable.(AAP-28084)
Fixed an issue where the project sync would not fail on an empty or unstructured git repository.(AAP-35777)
Fixed an issue where rulebook validation import/sync fails when a rulebook has a duplicated rule name.(AAP-35164)
Fixed an issue where the Event Driven Ansible API allowed a credential’s type to be changed.(AAP-34968)
Fixed an issue where a previously failed project could be accidentally changed to completed after a resync.(AAP-34744)
Fixed an issue where no message was recorded when a project did not contain any rulebooks.(AAP-34555)
Fixed an issue where the name for credentials in the rulebook activation form field was not updated.(AAP-34123)
Updated the message for the rulebook activation/event streams for better clarity.(AAP-33485)
Fixed an issue where the source plugin was not able to use the env vars to establish a successful connection to the remote source.(AAP-35597)
Fixed an issue in the collection where the activation module failed with a misleading error message if the rulebook, project, decision environment, or organization, could not be found.(AAP-35360)
Fixed an issue where the validation a host specified as part of a container registry credential did not conform to container registry standards. The specified host was previously able to use a non-syntactically valid host (name or net address) and optional port value (<valid-host>[:<port>]). The validation is now applied when creating a credential as well as when modifying an existing credential regardless of fields being modified.(AAP-34969)
Fixed an issue whereby multiple Red Hat Ansible Automation Platform credentials were being attached to activations.(AAP-34025)
Fixed an issue where there was an erroneous dependency on the existence of an organization named Default.(AAP-33551)
Fixed an issue where occasionally an activation is reported as running, before it is ready to receive events.(AAP-31225)
Fixed an issue where the user could not edit auto-generated injector vars while creating Event-Driven Ansible custom credentials.(AAP-29752)
Fixed an issue where in some cases the file_watch source plugin in an Event-Driven Ansible collection raised the QueueFull exception.(AAP-29139)
Fixed an issue where the Event-Driven Ansible database increased in size continuously, even if the database was unused. Addend the purge_record script to clean up outdated database records.(AAP-30684)

10.19. Ansible Automation Platform patch release December 3, 2024
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.19.1. Enhancements
Link kopieren

10.19.1.1. Ansible Automation Platform
Link kopieren

Red Hat Ansible Lightspeed has been updated to 2.5.241127.(AAP-35307)
redhat.insights Ansible collection has been updated to 1.3.0.(AAP-35161)
ansible.eda collection has been updated to 2.2.0 in execution environment and decision environment images.(AAP-3398)

10.19.1.2. Ansible Automation Platform Operator
Link kopieren

With this update, you can set PostgreSQL SSL/TLS mode to verify-full or verify-ca with the proper sslrootcert configuration in the automation hub Operator.(AAP-35368)

10.19.1.3. Container-based Ansible Automation Platform
Link kopieren

With this update, ID and Image fields from a container image are used instead of Digest and ImageDigest to trigger a container update.(AAP-36575)
With this update, you can now update the registry URL value in Event-Driven Ansible credentials.(AAP-35085)
With this update, the kernel.keys.maxkeys and kernel.keys.maxbytes settings are increased on systems with large memory configuration.(AAP-34019)
Added ansible_connection=local to the inventory-growth file and clarified its usage.(AAP-34016)

10.19.1.4. Documentation updates
Link kopieren

With this update, the Container growth topology and Container enterprise topology have been updated to include s390x (IBM Z) architecture test support.(AAP-35969)

10.19.1.5. RPM-based Ansible Automation Platform
Link kopieren

With this update, you can now update the registry URL value in Event-Driven Ansible credentials.(AAP-35162)

10.19.2. Bug fixes
Link kopieren

10.19.2.1. General
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2024-52304 automation-controller: aiohttp vulnerable to request smuggling due to wrong parsing of chunk extensions.

10.19.2.2. Ansible Automation Platform Operator
Link kopieren

With this update, missing Ansible Automation Platform Operator custom resource definitions (CRDs) are added to the aap-must-gather container image.(AAP-35226)
Disabled platform gateway authentication in the proxy configuration to prevent HTTP 502 errors when the control plane is down.(AAP-36527)
The Red Hat favicon is now correctly displayed on automation controller and Event-Driven Ansible API tabs.(AAP-30810)
With this update, the automation controller admin password is now reused during upgrade from Ansible Automation Platform 2.4 to 2.5.(AAP-35159)
Fixed undefined variable (_controller_enabled) when reconciling an AnsibleAutomationPlatformRestore. Fixed automation hub Operator pg_restore error on restores due to a wrong database secret being set.(AAP-35815)

10.19.2.3. Automation controller
Link kopieren

Updated the minor version of uWSGI to obtain updated log verbiage.(AAP-33169)
Fixed job schedules running at the wrong time when the rrule interval was set to HOURLY or MINUTELY.(AAP-36572)
Fixed an issue where sensitive data was displayed in the job output.(AAP-35584)
Fixed an issue where unrelated jobs could be marked as a dependency of other jobs.(AAP-35309)
Included pod anti-affinity configuration on default container group pod specification to optimally spread workload.(AAP-35055)

10.19.2.4. Container-based Ansible Automation Platform
Link kopieren

With this update, you cannot change the postgresql_admin_username value when using a managed database node.(AAP-36577)
Added update support for PCP monitoring role.
Disabled platform gateway authentication in the proxy configuration to prevent HTTP 502 errors when the control plane is down.
With this update, you can use dedicated nodes for the Redis group.
Fixed an issue where disabling TLS on platform gateway would cause installation to fail.
Fixed an issue where disabling TLS on platform gateway proxy would cause installation to fail.
Fixed an issue where platform gateway uninstall would leave container systemd unit files on disk.
Fixed an issue where the automation hub container signing service creation failed when hub_collection_signing=false but hub_container_signing=true.
Fixed an issue with the HOME environment variable for receptor containers which would cause a “Permission denied” error on the containerized execution node.
Fixed an issue where not setting up the GPG agent socket properly when many hub nodes are configured, resulted in not creating a GPG socket file in /var/tmp/pulp.
With this update, you can now change the platform gateway port value after the initial deployment.

10.19.2.5. Receptor
Link kopieren

Fixed an issue that caused a Receptor runtime panic error.

10.19.2.6. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where the metrics-utility command failed to run after updating automation controller.
Fixed the owner and group permissions on the /etc/tower/uwsgi.ini file.
Fixed an issue where not having eda_node_type defined in the inventory file would result in backup failure.
Fixed an issue where not having routable_hostname defined in the inventory file would result in a restore failure.
With this update, the inventory-growth file is now included in the RPM installer.
Fixed an issue where the dispatcher service went into FATAL status and failed to process new jobs after a database outage of a few minutes.
Disabled platform gateway authentication in the proxy configuration to allow access to the UI when the control plane is down.
With this update, the Receptor data directory can now be configured using the receptor_datadir variable.

10.20. Ansible Automation Platform patch release November 18, 2024
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.20.1. Enhancements
Link kopieren

With this release, a redirect page has now been implemented that will be exhibited when you navigate to the root / for each component’s stand-alone URL. The API endpoint remains functional. This affects Event-Driven Ansible, automation controller, Ansible Automation Platform Operator, and OpenShift Container Platform.

10.20.2. Bug fixes
Link kopieren

10.20.2.1. General
Link kopieren

With this update, the following CVEs have been addressed:

CVE-2024-9902 ansible-core: Ansible-core user may read/write unauthorized content.

CVE-2024-8775 ansible-core: Exposure of sensitive information in Ansible vault files due to improper logging.

10.20.2.2. Ansible Automation Platform
Link kopieren

Fixed an issue where the user was unable to filter out hosts on inventory groups where it returned a Failed to load options on Ansible Automation Platform UI.(AAP-34752)

10.20.2.3. Execution Environment
Link kopieren

Update pywinrm to 0.4.3 in ee-minimal and ee-supported container images to fix Python 3.11 compatibility.(AAP-34077)

10.20.2.4. Ansible Automation Platform Operator
Link kopieren

Fixed a syntax error when bundle_cacert_secret was defined due to incorrect indentation.(AAP-35358)
Fixed an issue where the default operator catalog for Ansible Automation Platform aligned to cluster-scoped versus namespace-scoped.(AAP-35313)
Added the ability to set tolerations and node_selector for the Redis statefulset and the gateway deployment.(AAP-33192)
Ensure the platform URL status is set when Ingress is used to resolve an issue with Microsoft Azure on Cloud managed deployments. This is due to the Ansible Automation Platform operator failing to finish because it is looking for OpenShift Container Platform routes that are not available on Azure Kubernetes Service.(AAP-34036)
Fixed an issue where the Ansible Automation Platform Operator description did not render code block correctly.(AAP-34589)
It is necessary to specify the CONTROLLER_SSO_URL and AUTOMATION_HUB_SSO_URL settings in Gateway to fix the OIDC auth redirect flow.(AAP-34080)
It is necessary to set the SERVICE_BACKED_SSO_AUTH_CODE_REDIRECT_URL setting to fix the OIDC auth redirect flow.(AAP-34079)

10.20.2.5. Container-based Ansible Automation Platform
Link kopieren

Fixed an issue when the port value was not defined in the gateway_main_url variable, the containerized installer failed with incorrect execution environment image reference error.(AAP-34716)
Fixed an issue where the containerized installer used port number when specifying the image_url for a decision environment. The user should not add a port to image URLs when using the default value.(AAP-34070)

10.20.2.6. RPM-based Ansible Automation Platform
Link kopieren

Fixed an issue where not setting up the gpg agent socket properly when multiple hub nodes are configured resulted in not creating a gpg socket file in /var/run/pulp.(AAP-34067)

10.20.2.7. Ansible development tools
Link kopieren

Fixed an issue where missing data files were not included in the molecule RPM package.(AAP-35758)

10.21. Ansible Automation Platform patch release October 28, 2024
Link kopieren

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.21.1. Enhancements
Link kopieren

10.21.1.1. Ansible Automation Platform
Link kopieren

With this update, upgrades from Ansible Automation Platform 2.4 to 2.5 are supported for RPM and Operator-based deployments. For more information on how to upgrade, see RPM upgrade and migration. (ANSTRAT-809)
- Upgrades from 2.4 Containerized Ansible Automation Platform Tech Preview to 2.5 Containerized Ansible Automation Platform are unsupported.
- Upgrades for Event-Driven Ansible are unsupported from Ansible Automation Platform 2.4 to Ansible Automation Platform 2.5.

10.21.1.2. Ansible Automation Platform Operator
Link kopieren

An informative redirect page is now shown when you go to the automation hub URL root. (AAP-30915)

10.21.1.3. Container-based Ansible Automation Platform
Link kopieren

The TLS Certificate Authority private key can now use a passphrase. (AAP-33594)
Automation hub is populated with container images (decision and execution environments) and Ansible collections. (AAP-33759)
The automation controller, Event-Driven Ansible, and automation hub legacy UIs now display a redirect page to the Platform UI rather than a blank page. (AAP-33794)

10.21.1.4. RPM-based Ansible Automation Platform
Link kopieren

Added platform Redis to RPM-based Ansible Automation Platform. This allows a 6 node cluster for a Redis high availability (HA) deployment. Removed the variable aap_caching_mtls and replaced it with redis_disable_tls and redis_disable_mtls which are boolean flags that disable Redis server TLS and Redis client certificate authentication. (AAP-33773)
An informative redirect page is now shown when going to automation controller, Event-Driven Ansible, or automation hub URL. (AAP-33827)

10.21.2. Bug fixes
Link kopieren

10.21.2.1. Ansible Automation Platform
Link kopieren

Removed the Legacy external password option from the Authentication Type list. (AAP-31506)
Ansible Galaxy’s sessionauth class is now always the first in the list of authentication classes so that the platform UI can successfully authenticate. (AAP-32146)
CVE-2024-10033 - automation-gateway: Fixed a Cross-site Scripting (XSS) vulnerability on the automation-gateway component that allowed a malicious user to perform actions that impact users.
CVE-2024-22189 - receptor: Resolved an issue in quic-go that would allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs.

10.21.2.2. Automation controller
Link kopieren

CVE-2024-41989 - automation-controller: Before this update, in Django, if floatformat received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. With this update, decimals with more than 200 digits are now returned as is.
CVE-2024-45230 - automation-controller: Resolved an issue in Python’s Django urlize() and urlizetrunc() functions where excessive input with a specific sequence of characters would lead to denial of service.

10.21.2.3. Automation hub
Link kopieren

Refactored the dynaconf hooks to preserve the necessary authentication classes for Ansible Automation Platform 2.5 deployments. (AAP-31680)
During role migrations, model permissions are now re-added to roles to preserve ownership. (AAP-31417)

10.21.2.4. Ansible Automation Platform Operator
Link kopieren

The port is now correctly set when configuring the platform gateway cache redis_host setting when using an external Redis cache. (AAP-33279)
Added checksums to the automation hub deployments so that pods are cycled to pick up changes to the PostgreSQL configuration and galaxy server settings Kubernetes secrets. (AAP-33518)

10.21.2.5. Container-based Ansible Automation Platform
Link kopieren

Fixed the uninstall playbook execution when the environment was already uninstalled. (AAP-32981)

10.22. Ansible Automation Platform patch release October 14, 2024
Link kopieren

The following fixes have been implemented in this release of Red Hat Ansible Automation Platform.

10.22.1. Fixed issues
Link kopieren

10.22.1.1. Ansible Automation Platform
Link kopieren

Fixed an issue in platform gateway where examining output logs for UWSGI shows a message that can be viewed as insensitive. (AAP-33213)
Fixed external Redis port configuration issue, which resulted in a cluster_host error when trying to connect to Redis. (AAP-32691)
Fixed a faulty conditional which was causing managed Redis to be deployed even if an external Redis was being configured. (AAP-31607)
After the initial deployment of Ansible Automation Platform, if you make changes to the automation controller, automation hub, or Event-Driven Ansible sections of the Ansible Automation Platform CR specification, those changes are now propagated to the component custom resources. (AAP-32350)
Fixed addressing issues when the filter keep_keys is used, all keys are removed from the dictionary. The keepkey fix is available in the updated ansible.utils collection. (AAP-32960)
Fixed an issue in cisco.ios.ios_static_routes where the metric distance is to be populated in the forward_router_address attribute. (AAP-32960)
Fixed an issue where Ansible Automation Platform Operator is not transferring metric settings to the controller. (AAP-32073)
Fixed an issue where you have a schedule on a resource, such as a job template, that prompts for credentials, and you update the credential to be different from what is on the resource by default, the new credential is not submitted to the API and it does not get updated. (AAP-31957)
Fixed an issue where setting *pg_host= without any other context no longer results in an empty HOST section of settings.py in controller. (AAP-32440)

10.22.2. Advisories
Link kopieren

The following errata advisories are included in this release:

10.23. Ansible Automation Platform patch release October 7, 2024
Link kopieren

The following enhancements and fixes have been implemented in this release of Red Hat Ansible Automation Platform.

10.23.1. Enhancements
Link kopieren

Event-Driven Ansible workers and scheduler add timeout and retry resilience when communicating with a Redis cluster. (AAP-32139)
Removed the MTLS credential type that was incorrectly added. (AAP-31848)

10.23.2. Fixed issues
Link kopieren

10.23.2.1. Ansible Automation Platform
Link kopieren

Fixed conditional that was skipping necessary tasks in the restore role, which was causing restores to not finish reconciling. (AAP-30437)
Systemd services in the containerized installer are now set with restart policy set to always by default. (AAP-31824)
FLUSHDB is now modified to account for shared usage of a Redis database. It now respects access limitations by removing only those keys that the client has permissions to. (AAP-32138)
Added a fix to ensure default extra_vars values are rendered in the Prompt on launch wizard. (AAP-30585)
Filtered out the unused ANSIBLE_BASE_ settings from the environment variable in job execution. (AAP-32208)

10.23.2.2. Event-Driven Ansible
Link kopieren

Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the RPM installer. (AAP-32027)
Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the containerized installer. (AAP-31851)
Fixed a bug where the Event-Driven Ansible workers and scheduler are unable to reconnect to the Redis cluster if a primary Redis node enters a failed state and a new primary node is promoted. See the KCS article Redis failover causes Event-Driven Ansible activation failures that include the steps that were necessary before this bug was fixed. (AAP-30722)

10.23.3. Advisories
Link kopieren

The following errata advisories are included in this release:

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

10.1. Ansible Automation Platform patch release September 23, 2025Link kopierenLink in die Zwischenablage kopiert!

10.1.1. GeneralLink kopierenLink in die Zwischenablage kopiert!

10.1.2. CVELink kopierenLink in die Zwischenablage kopiert!

10.1.3. Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.1.3.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.1.3.2. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.1.4. Ansible Automation Platform OperatorLink kopierenLink in die Zwischenablage kopiert!

10.1.5. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.1.6. Automation controllerLink kopierenLink in die Zwischenablage kopiert!

10.1.6.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.1.7. Automation hubLink kopierenLink in die Zwischenablage kopiert!

10.1.7.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.1.8. Container-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.1.8.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.1.9. Event-Driven AnsibleLink kopierenLink in die Zwischenablage kopiert!

10.1.9.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.1.10. RPM-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.1.10.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.2. Ansible Automation Platform patch release August 27, 2025Link kopierenLink in die Zwischenablage kopiert!

10.2.1. GeneralLink kopierenLink in die Zwischenablage kopiert!

10.2.2. CVELink kopierenLink in die Zwischenablage kopiert!

10.2.3. Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.2.3.1. FeaturesLink kopierenLink in die Zwischenablage kopiert!

10.2.3.2. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.2.3.3. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.2.4. Ansible Automation Platform OperatorLink kopierenLink in die Zwischenablage kopiert!

10.2.5. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.2.6. Automation controllerLink kopierenLink in die Zwischenablage kopiert!

10.2.6.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.2.7. Container-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.2.7.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.2.7.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.2.8. Event-Driven AnsibleLink kopierenLink in die Zwischenablage kopiert!

10.2.8.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.2.9. RPM-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.2.9.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.2.9.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.3. Ansible Automation Platform patch release July 30, 2025Link kopierenLink in die Zwischenablage kopiert!

10.3.1. GeneralLink kopierenLink in die Zwischenablage kopiert!

10.3.2. CVELink kopierenLink in die Zwischenablage kopiert!

10.3.3. Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.3.3.1. FeaturesLink kopierenLink in die Zwischenablage kopiert!

10.3.3.2. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.3.3.3. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.3.4. Automation controllerLink kopierenLink in die Zwischenablage kopiert!

10.3.4.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.3.4.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.3.5. Container-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.3.5.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.3.5.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.3.6. RPM-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.3.6.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.4. Ansible Automation Platform patch release July 2, 2025Link kopierenLink in die Zwischenablage kopiert!

10.4.1. GeneralLink kopierenLink in die Zwischenablage kopiert!

10.4.2. CVELink kopierenLink in die Zwischenablage kopiert!

10.4.3. Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.4.3.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.4.3.2. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.4.4. Red Hat Ansible LightspeedLink kopierenLink in die Zwischenablage kopiert!

10.4.4.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.4.5. Ansible Automation Platform OperatorLink kopierenLink in die Zwischenablage kopiert!

10.4.5.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.4.5.2. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

10.4.6. Automation controllerLink kopierenLink in die Zwischenablage kopiert!

10.4.6.1. FeaturesLink kopierenLink in die Zwischenablage kopiert!

10.4.6.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.4.7. Automation hubLink kopierenLink in die Zwischenablage kopiert!

10.4.7.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.4.7.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.4.8. Container-based Ansible Automation PlatformLink kopierenLink in die Zwischenablage kopiert!

10.4.8.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.4.8.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.4.9. Event-Driven AnsibleLink kopierenLink in die Zwischenablage kopiert!

10.4.9.1. FeaturesLink kopierenLink in die Zwischenablage kopiert!

10.4.9.2. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

10.4.9.3. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.4.10. ReceptorLink kopierenLink in die Zwischenablage kopiert!

10.4.10.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

10.1. Ansible Automation Platform patch release September 23, 2025
Link kopieren

10.1.1. General
Link kopieren

10.1.2. CVE
Link kopieren

10.1.3. Ansible Automation Platform
Link kopieren

10.1.3.1. Enhancements
Link kopieren

10.1.3.2. Bug fixes
Link kopieren

10.1.4. Ansible Automation Platform Operator
Link kopieren

10.1.5. Bug fixes
Link kopieren

10.1.6. Automation controller
Link kopieren

10.1.6.1. Bug Fixes
Link kopieren

10.1.7. Automation hub
Link kopieren

10.1.7.1. Enhancements
Link kopieren

10.1.8. Container-based Ansible Automation Platform
Link kopieren

10.1.8.1. Bug Fixes
Link kopieren

10.1.9. Event-Driven Ansible
Link kopieren

10.1.9.1. Bug Fixes
Link kopieren

10.1.10. RPM-based Ansible Automation Platform
Link kopieren

10.1.10.1. Bug Fixes
Link kopieren

10.2. Ansible Automation Platform patch release August 27, 2025
Link kopieren

10.2.1. General
Link kopieren

10.2.2. CVE
Link kopieren

10.2.3. Ansible Automation Platform
Link kopieren

10.2.3.1. Features
Link kopieren

10.2.3.2. Enhancements
Link kopieren

10.2.3.3. Bug fixes
Link kopieren

10.2.4. Ansible Automation Platform Operator
Link kopieren

10.2.5. Bug fixes
Link kopieren

10.2.6. Automation controller
Link kopieren

10.2.6.1. Bug Fixes
Link kopieren

10.2.7. Container-based Ansible Automation Platform
Link kopieren

10.2.7.1. Enhancements
Link kopieren

10.2.7.2. Bug Fixes
Link kopieren

10.2.8. Event-Driven Ansible
Link kopieren

10.2.8.1. Bug Fixes
Link kopieren

10.2.9. RPM-based Ansible Automation Platform
Link kopieren

10.2.9.1. Enhancements
Link kopieren

10.2.9.2. Bug Fixes
Link kopieren

10.3. Ansible Automation Platform patch release July 30, 2025
Link kopieren

10.3.1. General
Link kopieren

10.3.2. CVE
Link kopieren

10.3.3. Ansible Automation Platform
Link kopieren

10.3.3.1. Features
Link kopieren

10.3.3.2. Enhancements
Link kopieren

10.3.3.3. Bug fixes
Link kopieren

10.3.4. Automation controller
Link kopieren

10.3.4.1. Enhancements
Link kopieren

10.3.4.2. Bug Fixes
Link kopieren

10.3.5. Container-based Ansible Automation Platform
Link kopieren

10.3.5.1. Enhancements
Link kopieren

10.3.5.2. Bug Fixes
Link kopieren

10.3.6. RPM-based Ansible Automation Platform
Link kopieren

10.3.6.1. Bug Fixes
Link kopieren

10.4. Ansible Automation Platform patch release July 2, 2025
Link kopieren

10.4.1. General
Link kopieren

10.4.2. CVE
Link kopieren

10.4.3. Ansible Automation Platform
Link kopieren

10.4.3.1. Enhancements
Link kopieren

10.4.3.2. Bug fixes
Link kopieren

10.4.4. Red Hat Ansible Lightspeed
Link kopieren

10.4.4.1. Enhancements
Link kopieren

10.4.5. Ansible Automation Platform Operator
Link kopieren

10.4.5.1. Enhancements
Link kopieren

10.4.5.2. Bug fixes
Link kopieren

10.4.6. Automation controller
Link kopieren

10.4.6.1. Features
Link kopieren

10.4.6.2. Bug Fixes
Link kopieren

10.4.7. Automation hub
Link kopieren

10.4.7.1. Enhancements
Link kopieren

10.4.7.2. Bug Fixes
Link kopieren

10.4.8. Container-based Ansible Automation Platform
Link kopieren

10.4.8.1. Enhancements
Link kopieren

10.4.8.2. Bug Fixes
Link kopieren

10.4.9. Event-Driven Ansible
Link kopieren

10.4.9.1. Features
Link kopieren

10.4.9.2. Enhancements
Link kopieren

10.4.9.3. Bug Fixes
Link kopieren

10.4.10. Receptor
Link kopieren

10.4.10.1. Bug Fixes
Link kopieren

10.4.11. RPM-based Ansible Automation Platform
Link kopieren

10.4.11.1. Bug Fixes
Link kopieren