Release notes

Red Hat Ansible Automation Platform 2.5

New features, enhancements, and bug fix information

Red Hat Customer Content Services

Abstract

The release notes for Red Hat Ansible Automation Platform summarize all new features and enhancements, notable technical changes, major corrections from the previous version, and any known bugs upon general availability.

Providing feedback on Red Hat documentation
Copy link

If you have a suggestion to improve this documentation, or find an error, you can contact technical support at https://access.redhat.com to open a request.

Chapter 1. Overview of Red Hat Ansible Automation Platform
Copy link

Red Hat Ansible Automation Platform simplifies the development and operation of automation workloads for managing enterprise application infrastructure lifecycles. Ansible Automation Platform works across multiple IT domains, including operations, networking, security, and development, as well as across diverse hybrid environments. Simple to adopt, use, and understand, Ansible Automation Platform provides the tools needed to rapidly implement enterprise-wide automation, no matter where you are in your automation journey.

1.1. What is included in the Ansible Automation Platform
Copy link

Expand

Ansible Automation Platform	Automation controller	Automation hub	Event-Driven Ansible controller	Insights for Ansible Automation Platform	Platform gateway (Unified UI)
2.5	4.6.0	4.10.0 hosted service	1.1.0	hosted service	1.1

1.2. Red Hat Ansible Automation Platform life cycle
Copy link

Red Hat provides different levels of maintenance for each Ansible Automation Platform release. For more information, see Red Hat Ansible Automation Platform Life Cycle.

Chapter 2. New features and enhancements
Copy link

2.1. Installation changes
Copy link

Starting with Ansible Automation Platform 2.5, three different on-premise deployment models are fully tested. In addition to the existing RPM-based installer and operator, support for the containerized installer is being added.

As the platform moves toward a container-first model, the RPM-based installer will be removed in a future release, and a deprecation warning is being issued with the release of Ansible Automation Platform 2.5. While the RPM installer will still be supported for Ansible Automation Platform 2.5 until it is removed, the investment will focus on the container-based installation for RHEL deployments and the operator-based installation for OpenShift deployments. Upgrades from 2.4 containerized Ansible Automation Platform Technology Preview to 2.5 containerized Ansible Automation Platform are unsupported.

2.2. Deployment topologies
Copy link

Red Hat tests Ansible Automation Platform 2.5 with a defined set of topologies to give you opinionated deployment options. Deploy all components of Ansible Automation Platform so that all features and capabilities are available for use without the need to take further action.

It is possible to install Ansible Automation Platform on different infrastructure topologies and with different environment configurations. Red Hat does not fully test topologies outside of published reference architectures. Red Hat recommends using a tested topology for all new deployments and provides commercially reasonable support for deployments that meet minimum requirements.

At the time of the Ansible Automation Platform 2.5 GA release, a limited set of topologies are fully tested. Red Hat will regularly add new topologies to iteratively expand the scope of fully tested deployment options. As new topologies roll out, we will include them in the release notes.

The following table shows the tested topologies for Ansible Automation Platform 2.5:

Expand

Mode	Infrastructure	Description	Tested topologies
RPM	Virtual Machines/Bare Metal	The RPM installer deploys the Ansible Automation Platform on Red Hat Enterprise Linux using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle.	RPM growth topology RPM enterprise topology
Containers	Virtual Machines/Bare Metal	The containerized installer deploys the Ansible Automation Platform on Red Hat Enterprise Linux by using Podman that runs the platform in containers on host machines. Customers manage the product and infrastructure lifecycle.	Container growth topology Container enterprise topology
Operator	Red Hat OpenShift	The operator uses Red Hat OpenShift operators to deploy the Ansible Automation Platform within Red Hat OpenShift. Customers manage the product and infrastructure lifecycle.	Operator growth topology Operator enterprise topology

For more information, see Tested deployment models.

2.3. Unified UI
Copy link

In versions before 2.5, the Ansible Automation Platform was split into three primary services: automation controller, automation hub, and Event-Driven Ansible controller. Each service included standalone user interfaces, separate deployment configurations, and separate authentication schemas.

In Ansible Automation Platform 2.5, the platform gateway is provided as a service that handles authentication and authorization for the Ansible Automation Platform. With the platform gateway, all services that make up the Ansible Automation Platform are consolidated into a single unified UI. The unified UI provides a single entry into the Ansible Automation Platform and serves the platform user interface to authenticate and access all of the Ansible Automation Platform services from a single location.

2.3.1. Terminology changes
Copy link

The Unified UI highlights the functional benefits provided by each underlying service. New UI terminology aligns to earlier names as follows:

Automation execution provides functionality from the automation controller service
Automation decisions provides functionality from the Event-Driven Ansible service
Automation content provides functionality from the automation hub service

2.4. Event-Driven Ansible functionality (Automation decisions)
Copy link

With Ansible Automation Platform 2.5, Event-Driven Ansible functionality has been enhanced with the following features:

Enterprise single-sign on and role-based access control are available through a new Ansible Automation Platform UI, which enables a single point of authentication and access to all functional components as follows:
- Automation Execution (automation controller)
- Automation Decision (Event-Driven Ansible)
- Automation Content (automation hub)
- Automation Analytics
- Access Management
- Red Hat Ansible Lightspeed
Simplified event routing capabilities introduce event streams. Event streams are an easy way to connect your sources to your rulebooks. This new capability lets you create a single endpoint to receive alerts from an event source and then use the events in multiple rulebooks. This simplifies rulebook activation setup, reduces maintenance demands, and helps lower risk by eliminating the need for additional ports to be open to external traffic.
Event-Driven Ansible in the Ansible Automation Platform 2.5 now supports horizontal scaling, allowing you to install multiple Event-Driven Ansible nodes to handle increased event volume.
Migration to the new platform-wide Red Hat Ansible Automation Platform credential type replaces the legacy controller token for enabling rulebook activations to call jobs in the automation controller.
Event-Driven Ansible now has the ability to manage credentials that can be added to rulebook activations. These credentials can be used in rulebooks to authenticate to event sources. In addition, you can now attach vault credentials to rulebook activations so that you can use vaulted variables in rulebooks. Encrypted credentials and vaulted variables enable enterprises to secure the use of Event-Driven Ansible within their environment.
New modules are added to the ansible.eda collection to enable users to automate the configuration of the Event-Driven Ansible controller using Ansible playbooks.

2.5. Event-Driven Ansible 2.5 with automation controller 2.4
Copy link

You can use a newly installed version of Event-Driven Ansible from Ansible Automation Platform 2.5 with some existing versions of the automation controller. A hybrid configuration is supported with the following versions:

2.4 Ansible Automation Platform version of automation controller (4.4 or 4.5)
2.5 Ansible Automation Platform version of Event-Driven Ansible (1.1)

You can only use new installations of Event-Driven Ansible in this configuration. RPM-based hybrid deployments are fully supported by Red Hat. For details on setting up this configuration, see the chapter Installing Event-Driven Ansible controller 1.1 and configuring automation controller 4.4 or 4.5 in the Using Event-Driven Ansible 2.5 with Ansible Automation Platform 2.4 guide.

A hybrid configuration means you can install a new Event-Driven Ansible service and configure rulebook activations to execute job templates on a 2.4 version of the automation controller.

2.6. Red Hat Ansible Lightspeed on-premise deployment
Copy link

Red Hat Ansible Lightspeed with IBM watsonx Code Assistant is a generative AI service that helps automation teams create, adopt, and maintain Ansible content more efficiently; it is now available as an on-premise deployment on the Ansible Automation Platform 2.5.

The on-premise deployment provides the Ansible Automation Platform customers more control over their data and supports compliance with enterprise security policies. For example, organizations in sensitive industries with data privacy or air-gapped requirements can use on-premise deployments of both Red Hat Ansible Lightspeed and IBM watsonx Code Assistant for Red Hat Ansible Lightspeed on Cloud Pak for Data. Red Hat Ansible Lightspeed on-premise deployments are supported on Ansible Automation Platform 2.5. For more information, see the chapter Setting up Red Hat Ansible Lightspeed on-premise deployment in the Red Hat Ansible Lightspeed with IBM watsonx Code Assistant User Guide.

2.7. Ansible plug-ins for Red Hat Developer Hub
Copy link

The Ansible plug-ins for Red Hat Developer Hub deliver an Ansible-first Red Hat Developer Hub user experience that simplifies creating Ansible content, such as playbooks and collections, for Ansible users of all skill levels. The Ansible plug-ins provide curated content and features to accelerate Ansible learner onboarding and streamline Ansible use case adoption across your organization.

The Ansible plug-ins provide the following capabilities:

A customized home page and navigation tailored to Ansible users
Curated Ansible learning paths to help users new to Ansible
Software templates for creating Ansible playbooks and collection projects that follow best practices
Links to supported development environments and tools with opinionated configurations

For more information, see Installing Ansible plug-ins for Red Hat Developer Hub.

2.8. Self-service automation portal
Copy link

Self-service automation portal aims to provide a self-service experience, making automation simpler and easily accessible to users of any skill level and role. It also offers accelerated deployment of common automation use cases.

Seamless Integration: Uses your existing Ansible Automation Platform configuration—same logins, same security controls, same automation logic.
Simplified Interface: A distinct, user-friendly web interface designed for business users, not automation experts.
Guided Workflows: Step-by-step forms that walk users through automation requests without technical complexity - automatically generated from your existing job templates.
Smart Forms: Real-time field validation, conditional and dynamic forms, and dropdown fields for Ansible Automation Platform artifacts, such as Ansible Automation Platform inventories.
For more information, see Installing self-service automation portal.

2.9. Ansible development tools
Copy link

Ansible development tools is a suite of tools provided with the Ansible Automation Platform to help automation creators create, test, and deploy playbook projects, execution environments, and collections on Linux, MacOS, and Windows platforms. Consolidating core Ansible tools into a single package simplifies tool management and promotes recommended practices in the automation content creation experience.

Ansible development tools are distributed in an RPM package for RHEL systems, and in a supported container distribution that can be used on Linux, Mac, and Windows OS.

Ansible development tools comprise the following tools:

ansible-builder
ansible-core
ansible-lint
ansible-navigator
ansible-sign
Molecule
ansible-creator
ansible-dev-environment
pytest-ansible
tox-ansible

For more information, see Developing Ansible automation content.

2.10. Red Hat Ansible Automation Platform Service on AWS
Copy link

Red Hat Ansible Automation Platform Service on AWS is a deployment of the Ansible Automation Platform control plane purchased through AWS Marketplace. Red Hat manages the service so that customer teams can focus on automation.

For more information, see Red Hat Ansible Automation Platform Service on AWS.

2.11. Enhancements
Copy link

Added the ability to provide mounts.conf or copy from a local or remote source when installing Podman. (AAP-16214)
Updated the inventory file to include the SSL key and certificate parameters for provided SSL web certificates. (AAP-13728)
Added an Ansible Automation Platform operator-version label on Kubernetes resources created by the operator. (AAP-31058)
Added installation variables to support PostgreSQL certificate authentication for user-provided databases. (AAP-1095)
Updated NGINX to version 1.22. (AAP-15128)
Added a new configuration endpoint for the REST API. (AAP-13639)
Allowed adjustment of RuntimeDirectorySize for Podman environments at the time of installation. (AAP-11597)
Added support for the SAFE_PLUGINS_FOR_PORT_FORWARD setting for eda-server to the installation program. (AAP-21503)
Aligned inventory content to tested topologies and added comments for easier access to groups and variables when custom configurations are required. (AAP-30242)
The variable automationedacontroller_allowed_hostnames is no longer needed and is no longer supported for Event-Driven Ansible installations. (AAP-24421)
The eda-server now opens the ports for a rulebook with a source plugin that requires inbound connections only if that plugin is allowed in the settings. (AAP-17416)
The Event-Driven Ansible settings are now moved to a dedicated YAML file. (AAP-13276)
Starting with Ansible Automation Platform 2.5, customers using the controller collection (ansible.controller) have the platform collection (ansible.platform) as a single point of entry, and must use the platform collection to seed organizations, users, and teams. (AAP-31517)
Users are opted in for Automation Analytics by default when activating automation controller on first time log in. (ANSTRAT-875)

Chapter 3. Technology preview
Copy link

3.1. Technology Preview
Copy link

Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

3.1.1. Ansible-core 2.19
Copy link

This technical preview includes an overhaul of the templating system and a new feature labeled Data Tagging. These changes enable reporting of numerous problematic behaviors that went undetected in previous releases, with wide-ranging positive effects on security, performance, and user experience.

Backward compatibility has been preserved where practical, but some breaking changes were necessary. This guide describes some common problem scenarios with example content, error messages, and suggested solutions.

We recommend you test your playbooks and roles in a staging environment with this release to determine where you may need to make changes.

For further information see the Ansible Porting Guide.

3.1.2. Ansible development workspaces
Copy link

A supported Ansible development workspace container image is now available as a Technology Preview release. The container image is used with Red Hat OpenShift Dev Spaces to create an in-browser instance of VS Code with the Ansible extension installed, so that you can use Ansible development tools to develop automation content.

For information about installing and using Ansible dev spaces, see Using Ansible development workspaces for automation content development.

3.1.3. Availability of Ansible Lightspeed intelligent assistant
Copy link

The Ansible Lightspeed intelligent assistant is now available on Ansible Automation Platform 2.5 on Red Hat OpenShift Container Platform as a Technology Preview release. It is an intuitive chat interface embedded within the Ansible Automation Platform, utilizing generative artificial intelligence (AI) to answer questions about the Ansible Automation Platform.

The chat experience in the Ansible Lightspeed intelligent assistant interacts with users in their natural language prompts in English, and utilizes large language models (LLMs) to generate quick, accurate, and personalized responses. These responses empower Ansible Automation Platform users to work more efficiently, thereby improving productivity and the overall quality of their work.

To access and use the Ansible Lightspeed intelligent assistant, you need:

Installation of Ansible Automation Platform 2.5 on Red Hat OpenShift Container Platform.
Deployment of an LLM served by Red Hat AI platforms.

For more information, see Deploying the Ansible Lightspeed intelligent assistant on OpenShift Container Platform in Installing on OpenShift Container Platform guide.

3.1.4. Managing AI infrastructure using Red Hat Ansible Automation Platform
Copy link

It is now possible to access a practical approach to managing and automating AI infrastructure using Red Hat Ansible Automation Platform. Please refer to the AI + Ansible Solution Guides.

Chapter 4. Deprecated features
Copy link

Deprecated functionality is still included in Ansible Automation Platform and continues to be supported during this version’s support cycle. However, the functionality will be removed in a future release of Ansible Automation Platform and is not recommended for new deployments.

The following table provides information about features that were deprecated in Ansible Automation Platform 2.5:

Expand

Component	Feature
Automation controller, automation hub, and Event-Driven Ansible controller	Tokens for the automation controller and the automation hub are deprecated. If you want to generate tokens, use the platform gateway to create them. The platform gateway is the service that handles authentication and authorization for the Ansible Automation Platform. It provides a single entry into the Ansible Automation Platform and serves the platform user interface, so you can authenticate and access all of the Ansible Automation Platform services from a single location.
Automation controller and automation hub	All non-local authentications into the automation controller and automation hub are deprecated. Use the platform gateway to configure external authentications, such as SAML, LDAP, and RADIUS.
Ansible-core	The `INI` configuration option in the COLLECTIONS_PATHS is deprecated. Use the singular form COLLECTIONS_PATH instead.
Ansible-core	The environment variable ANSIBLE_COLLECTIONS_PATHS is deprecated. Use the singular form ANSIBLE_COLLECTIONS_PATH instead.
Ansible-core	Old-style Ansible vars plug-ins that use the entry points `get_host_vars` or `get_group_vars` were deprecated in ansible-core 2.16, and will be removed in ansible-core 2.18. Update the Ansible plug-in to inherit from BaseVarsPlugin and define a `get_vars` method as the entry point.
Ansible-core	The STRING_CONVERSION_ACTION configuration option is deprecated as it is no longer used in the ansible-core code base.
Ansible-core	The smart option for setting a connection plug-in is being removed as its main purpose of choosing between SSH and Paramiko protocols is now irrelevant. Select an explicit connection plug-in instead.
Ansible-core	The undocumented `vaultid` parameter in the `vault` and `unvault` filters is deprecated and will be removed in ansible-core version 2.20. Use `vault_id` instead.
Ansible-core	The string parameter `keepcache` in the `yum_repository` is deprecated.
Ansible-core	The `required` parameter in the API `ansible.module_utils.common.process.get_bin_path` is deprecated.
Ansible-core	`module_utils` - Importing the following convenience helpers from `ansible.module_utils.basic` has been deprecated: `get_exception`, `literal_eval`, `_literal_eval`, `datetime`, `signal`, `types`, `chain`, `repeat`, `PY2`, `PY3`, `b`, `binary_type`, `integer_types`, `iteritems`, `string_types`, `test_type`, `map`, and `shlex_quote`. Import the helpers from the source definition.
Ansible-core	`ansible-doc` - Role `entrypoint` attributes are deprecated and eventually will no longer be shown in `ansible-doc` from ansible-core.
Automation execution environment	Execution environment-29 will be deprecated in the next major release after Ansible Automation Platform 2.5.
Installer	The Ansible team is exploring ways to improve the installation of the Ansible Automation Platform on Red Hat Enterprise Linux, which may include changes to how components are deployed using RPM directly on the host OS. RPMs will be replaced by packages deployed into containers that are run via Podman; this is similar to how automation currently executes on Podman in containers (execution environments) on the host OS. Changes will be communicated through release notes, but removal will occur in future revisions of the Ansible Automation Platform lifecycle events.
Automation mesh	The Work Python option has been deprecated and will be removed from automation mesh in a future release.

4.1. Deprecated API endpoints
Copy link

API endpoints that will be removed in a future release either because their functionality is being removed or superseded with other capabilities. For example, with the platform moving to a centralized authentication system in the platform gateway, the existing authorization APIs in the automation controller and automation hub are being deprecated for future releases as all authentication operations should occur in the platform gateway.

Expand

Component	Endpoint	Capability
Automation controller	`/api/o`	Token authentication is moving to the platform gateway.
Automation hub	`/api/login/keycloak`	Moving to the platform gateway.
Automation hub	`/api/v3/auth/token`	Token authentication used for pulling collections will migrate to the platform gateway tokens.
Automation controller	`/api/v2/organizations`	Moving to the platform gateway.
Automation controller	`/api/v2/teams`	Moving to the platform gateway.
Automation controller	`/api/v2/users`	Moving to the platform gateway.
Automation controller	`/api/v2/roles`	Controller-specific role definitions are moving to `/api/controller/v2/role_definitions`.
Automation controller	The following roles lists: `/api/v2/teams/{id}/roles/` `/api/v2/users/{id}/roles/`	Controller-specific resource permissions are moving to `/api/controller/v2/role_user_assignments` and `/api/controller/v2/role_team_assignments`.
Automation controller	The following object roles lists: `/api/v2/credentials/{id}/object_roles/` `/api/v2/instance_groups/{id}/object_roles/` `/api/v2/inventories/{id}/object_roles/` `/api/v2/job_templates/{id}/object_roles/` `/api/v2/organizations/{id}/object_roles/` `/api/v2/projects/{id}/object_roles/` `/api/v2/teams/{id}/object_roles/` `/api/v2/workflow_job_templates/{id}/object_roles/`	Controller-specific resource permissions are moving to `/api/controller/v2/role_user_assignments` and `/api/controller/v2/role_team_assignments`.
Automation controller	The following resource access lists: `/api/v2/credentials/{id}/access_list/` `/api/v2/instance_groups/{id}/access_list/` `/api/v2/inventories/{id}/access_list/` `/api/v2/job_templates/{id}/access_list/` `/api/v2/organizations/{id}/access_list/` `/api/v2/projects/{id}/access_list/` `/api/v2/teams/{id}/access_list/` `/api/v2/users/{id}/access_list/` `/api/v2/workflow_job_templates/{id}/access_list/`	No replacements yet.

Chapter 5. Removed features
Copy link

Removed features are those that were deprecated in earlier releases. They are now removed from the Ansible Automation Platform, and will no longer be supported.

The following table provides information about features that are removed in Ansible Automation Platform 2.5:

Expand

Component	Feature
Automation controller	Proxy support for the automation controller has been removed. Load balancers must now point to the platform gateway instead of the controller.
ansible-lint	Support for old Ansible `include` tasks syntax is removed in version 2.16 and moved to `include_tasks` or `import_tasks`. Update content to use the currently-supported Ansible syntax, like include_tasks or import_tasks.
Event-Driven Ansible controller	Tokens for the Event-Driven Ansible controller are deprecated. Their configuration has been removed from rulebook activations, and they have been replaced with the Ansible Automation Platform credential type.
Ansible-core	Support for Windows Server versions 2012 and 2012 R2 is removed, as Microsoft’s supported end-of-life date is 10 October 2023. These versions of Windows Server are not tested in the Ansible Automation Platform 2.5 release. Red Hat does not guarantee that these features will continue to work as expected in this and future releases.
Ansible-core	In the Action plugin with an ActionBase class, the deprecated `_remote_checksum` method is now removed. Use `_execute_remote_stat` instead.
Ansible-core	The deprecated FileLock class is now removed. Add your own implementation or rely on third-party support.
Ansible-core	Python 3.9 is now removed as a supported version of the automation controller. Use Python 3.10 or later.
Ansible-core	The `include` module that was deprecated in ansible-core 2.12 is now removed. Use `include_tasks` or `import_tasks` instead.
Ansible-core	`Templar` - The deprecated `shared_loader_obj` parameter of `init` is now removed.
Ansible-core	`fetch_url` - Removed auto disabling `decompress` when gzip is not available.
Ansible-core	`inventory_cache` - Removed deprecated `default.fact_caching_prefix ini` configuration option. Use `defaults.fact_caching_prefix` instead.
Ansible-core	`module_utils/basic.py` - Removed Python 3.5 as a supported remote version. Python version 2.7 or Python version 3.6 or later is now required. Removed Python versions 2.7 and 3.6 as supported remote versions. Use Python 3.7 or later for target execution. NOTE: This applies to Ansible version 2.17 only. With the removal of Python 2 support, the `yum` module and `yum action` plug-in are removed and redirected to `dnf`.
Ansible-core	`stat` - Removed the unused `get_md5` parameter.
Ansible-core	Removed the deprecated `JINJA2_NATIVE_WARNING` environment variable.
Ansible-core	Removed the deprecated `scp_if_ssh` from the ssh connection plugin.
Ansible-core	Removed the deprecated `crypt` support from `ansible.utils.encrypt`.
Execution environment	The Python link is no longer available in the ubi9-based execution environments; only python3 is. Replace scripts that use `python` or `/bin/python` with `python3` or `/bin/python3`.

Chapter 6. Changed features
Copy link

Changed features are not deprecated and will continue to be supported until further notice.

The following table provides information about features that are changed in Ansible Automation Platform 2.5:

Expand

Component	Feature
Automation hub	Error codes are now changed from 403 to 401. Any API client usage relying on specific status code 403 versus 401 will have to update their logic. Standard UI usage will work as expected.
Event-Driven Ansible	The endpoints `/extra_vars` are now moved to a property within `/activations`.
Event-Driven Ansible	The endpoint `/credentials` was replaced with `/eda-credentials`. This is part of an expanded credentials capability for Event-Driven Ansible. For more information, see the chapter Setting up credentials for Event-Driven Ansible controller in the Event-Driven Ansible controller user guide.
Event-Driven Ansible	Event-Driven Ansible can no longer add, edit, or delete the platform gateway-managed resources. Creating, editing, or deleting organizations, teams, or users is available through platform gateway endpoints only. The platform gateway endpoints also enable you to edit organization or team memberships and configure external authentication.
API	Auditing of users has now changed. Users are now audited through the platform API, not through the controller API. This change applies to the Ansible Automation Platform in both cloud service and on-premise deployments.
Automation controller, automation hub, platform gateway, and Event-Driven Ansible	User permission audits the sources of truth for the platform gateway. When an IdP (SSO) is used, then the IdP should be the source of truth for user permission audits. When the Ansible Automation Platform platform gateway is used without SSO, then the platform gateway should be the source of truth for user permissions, not the app-specific UIs or APIs.

Chapter 7. Known issues
Copy link

This section provides information about known issues in Ansible Automation Platform 2.5.

7.1. Ansible Automation Platform
Copy link

Added the podman_containers_conf_logs_max_size variable for containers.conf to control the max log size for Podman installations. The default value is 10 MiB. (AAP-12295)
Setting the pg_host= value without any other context no longer results in an empty HOST section of the settings.py in the automation controller. As a workaround, delete the pg_host= value or set it to pg_host=''. (AAP-31915)
Using Prompt on launch for variables for job templates, workflow job templates, workflow visualizer nodes, and schedules will not show the default variables when launching the job, or when configuring the workflows and schedules. (AAP-30585)
The unused ANSIBLE_BASE_ settings are included as environment variables in the job execution. These variables suffixed with SECRET are no longer used in the Ansible Automation Platform and might be ignored until they are removed in a future patch. (AAP-32208)

7.2. Event-Driven Ansible
Copy link

mTLS event stream creation should be disallowed on all installation methods by default. It is currently disallowed on OpenShift Container Platform installation, but not disallowed in the containerized installations or on RPM installations. (AAP-31337)
If a primary Redis node enters a failed state and a new primary node is promoted, Event-Driven Ansible workers and scheduler are unable to reconnect to the cluster. This causes activations to fail until the containers or pods are recycled. (AAP-30722)
For more information, see the KCS article Redis failover causes Event-Driven Ansible activation failures.

7.3. Ansible plug-ins for Red Hat Developer Hub
Copy link

Python VS Code extension v2024.14.1 does not work in OpenShift Dev Spaces version 1.9.3, prohibiting the Ansible VS Code extension from loading. As a workaround, downgrade the Python VS Code extension version to 2024.12.3.
The Ansible Content Creator Get Started page links do not work in OpenShift Dev Spaces version 1.9.3. As a workaround, use the Ansible VS Code Command Palette to access the features.

Chapter 8. Fixed issues
Copy link

This section provides information about fixed issues in Ansible Automation Platform 2.5.

8.1. Ansible Automation Platform
Copy link

The installer now ensures semanage command is available when SELinux is enabled. (AAP-24396)
The installer can now update certificates without attempting to start the nginx service for previously installed environments. (AAP-19948)
Event-Driven Ansible installation now fails when the pre-existing automation controller is older than version 4.4.0. (AAP-18572)
Event-Driven Ansible can now successfully install on its own with a controller URL when the controller is not in the inventory. (AAP-16483)
Postgres tasks that create users in FIPS environments now use scram-sha-256. (AAP-16456)
The installer now successfully generates a new SECRET_KEY for controller. (AAP-15513)
Ensure all backup and restore staged files and directories are cleaned up before running a backup or restore. You must also mark the files for deletion after a backup or restore. (AAP-14986)
Postgres certificates are now temporarily copied when checking the Postgres version for SSL mode verify-full. (AAP-14732)
The setup script now warns if the provided log path does not have write permissions, and fails if default path does not have write permissions. (AAP-14135)
The linger configuration is now correctly set by the root user for the Event-Driven Ansible user. (AAP-13744)
Subject alternative names for component hosts will now only be checked for signing certificates when HTTPS is enabled. (AAP-7737)
The UI for creating and editing an organization now validates the Max hosts value. This value must be an integer and have a value between 0 and 214748364. (AAP-23270)
Installations that do not include the automation controller but have an external database will no longer install an unused internal Postgres server. (AAP-29798)
Added default port values for all pg_port variables in the installer. (AAP-18484)
XDG_RUNTIME_DIR is now defined when applying Event-Driven Ansible linger settings for Podman. (AAP-18341)*
Fixed an issue where the restore process failed to stop pulpcore-worker services on RHEL 9. (AAP-12829)
Fixed Postgres sslmode for verify-full that affected external Postgres and Postgres signed for 127.0.0.1 for internally managed Postgres. (AAP-7107)
Fixed support for automation hub content signing. (AAP-9739)
Fixed conditional code statements to align with changes from ansible-core issue #82295. (AAP-19053)
Resolved an issue where providing the database installation with a custom port broke the installation of Postgres. (AAP-30636)

8.2. Automation hub
Copy link

Automation hub now uses system crypto-policies in nginx. (AAP-17775)

8.3. Event-Driven Ansible
Copy link

Fixed a bug where the Swagger API docs URL returned 404 error with trailing slash. (AAP-27417)
Fixed a bug where logs contained stack trace errors inappropriately. (AAP-23605)
Fixed a bug where the API returned error 500 instead of error 400 when a foreign key ID did not exist. (AAP-23105)
Fix a bug where the Git hash of a project could be empty. (AAP-21641)
Fixed a bug where an activation could fail at the start time due to authentication errors with Podman. (AAP-21067)
Fixed a bug where a project could not get imported if it contained a malformed rulebook. (AAP-20868)
Added EDA_CSRF_TRUSTED_ORIGINS, which can be set by user input or defined based on the allowed hostnames provided or determined by the installer as a default. (AAP-19319)
Redirected all Event-Driven Ansible traffic to /eda/ following UI changes that require the redirect. (AAP-18989)
Fixed target database for Event-Driven automation restore from backup. (AAP-17918)
Fixed the automation controller URL check when installing Event-Driven Ansible without a controller. (AAP-17249)
Fixed a bug when the membership operator failed in a condition applied to a previously saved event. (AAP-16663)
Fixed Event-Driven Ansible nginx configuration for custom HTTPS port. (AAP-16000)
Instead of the target service only, all Event-Driven Ansible services are enabled after installation is completed. The Event-Driven Ansible services will always start after the setup is complete. (AAP-15889)

8.4. Ansible Automation Platform Operator
Copy link

Fixed Django REST Framework (DRF) browsable views. (AAP-25508)

8.5. Ansible plug-ins for Red Hat Developer Hub
Copy link

The following updates were introduced in Ansible plug-ins for Red Hat Developer Hub 1.2:

Improvements in error handling and logging for collection and playbook project scaffolder.
Updates to the backstage-rhaap-backend plugin for compatibility with RHDH 1.4.

Chapter 9. Ansible Automation Platform documentation
Copy link

Red Hat Ansible Automation Platform 2.5 documentation includes significant feature updates as well as documentation enhancements and offers an improved user experience.

The following are documentation enhancements in Ansible Automation Platform 2.5:

The Setting up an automation controller token chapter that previously existed has been deprecated and replaced with the Setting up a Red Hat Ansible Automation Platform credential topic. As the Event-Driven Ansible controller is now integrated with centralized authentication and the Platform UI, this method simplifies the authentication process required for rulebook activations moving forward.
Documentation changes for 2.5 reflect terminology and product changes. Additionally, we have consolidated content into fewer documents.
The following table summarizes title changes for the 2.5 release.

Expand

Version 2.4 document title	Version 2.5 document title
Red Hat Ansible Automation Platform release notes	Release notes
NA	New: Using automation analytics
Red Hat Ansible Automation Platform planning guide	Planning your installation
Containerized Ansible Automation Platform installation guide (Technology Preview release)	Containerized installation (First Generally Available release)
Deploying the Ansible Automation Platform operator on OpenShift Container Platform	Installing on OpenShift Container Platform
Getting started with automation controller Getting started with automation hub Getting started with Event-Driven Ansible	New: Getting started with Ansible Automation Platform
Installing and configuring central authentication for the Ansible Automation Platform	Access management and authentication
Getting started with Ansible playbooks	Getting started with Ansible playbooks
Ansible Automation Platform operations guide	Operating Ansible Automation Platform
Ansible Automation Platform automation mesh for operator-based installation	Automation mesh for managed cloud or operator environments
Ansible Automation Platform automation mesh for VM-based installation	Automation mesh for VM environments
Performance considerations for operator-based installation	Performance considerations for operator environments
Ansible Automation Platform operator backup and recovery guide	Backup and recovery for operator environments
Troubleshooting Ansible Automation Platform	Troubleshooting Ansible Automation Platform
Ansible Automation Platform hardening guide	Not available for 2.5 release; to be published at a later date
automation controller user guide	Using automation execution
automation controller administration guide	Configuring automation execution
automation controller API overview	Automation execution API overview
automation controller API reference	Automation execution API reference
automation controller CLI reference	Automation execution CLI reference
Event-Driven Ansible user guide	Using automation decisions
Managing content in automation hub	- Managing automation content - Automation content API reference
Ansible security automation guide	Ansible security automation guide
Using the automation calculator Viewing reports about your Ansible automation environment Evaluating your automation controller job runs using the job explorer Planning your automation jobs using the automation savings planner	Using automation analytics
Ansible Automation Platform creator guide	Developing automation content
Automation content navigator creator guide	Using content navigator
Creating and consuming execution environments	Creating and using execution environments
Installing Ansible plug-ins for Red Hat Developer Hub	Installing Ansible plug-ins for Red Hat Developer Hub
Using Ansible plug-ins for Red Hat Developer Hub	Using Ansible plug-ins for Red Hat Developer Hub

Chapter 10. Patch releases
Copy link

Security, bug fixes, and enhancements for Ansible Automation Platform 2.5 are released as asynchronous erratas. All Ansible Automation Platform erratas are available on the Download Red Hat Ansible Automation Platform page.

As a Red Hat Customer Portal user, you can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, you receive notifications through email whenever new erratas relevant to your registered systems are released.

Note

Red Hat Customer Portal user accounts must have systems registered and consuming Ansible Automation Platform entitlements for Ansible Automation Platform errata notification emails to generate.

The patch releases section of the release notes will be updated over time to give notes on enhancements and bug fixes for patch releases of Ansible Automation Platform 2.5.

10.1. Ansible Automation Platform patch release September 23, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
September 23, 2025	Automation controller 4.6.20 Automation hub 4.10.8 Event-Driven Ansible 1.1.13 Container-based installer Ansible Automation Platform (bundle) 2.5-19 Container-based installer Ansible Automation Platform (online) 2.5-19 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-18 RPM-based installer Ansible Automation Platform (online) 2.5-18

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1758147230
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1758147817

10.1.1. General
Copy link

The ansible.controller collection has been updated to 4.6.20. (AAP-53797)
The ansible.eda collection has been updated to 2.10.0. (AAP-53550)

10.1.2. CVE
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-5302 ansible-automation-platform-25/lightspeed-chatbot-rhel8: Denial of Service (DOS) in JSONReader in run-llama and llama_index. (AAP-52177)
CVE-2025-6984 ansible-automation-platform-25/lightspeed-chatbot-rhel8: Langchain-community insecure XML parsing. (AAP-52808)
CVE-2025-48432 automation-controller: Django Path Injection Vulnerability. (AAP-51443)
CVE-2025-57833 ansible-automation-platform-25/lightspeed-rhel8: Django SQL injection in FilteredRelation column aliases. (AAP-52622)
CVE-2025-57833 automation-controller: Django SQL injection in FilteredRelation column aliases. (AAP-53036)
CVE-2025-57833 python3.11-django: Django SQL injection in FilteredRelation column aliases. (AAP-53034)

10.1.3. Ansible Automation Platform
Copy link

10.1.3.1. Enhancements
Copy link

X-Forwarded-For and Real-Ip headers are now included in the NGINX logs. (AAP-52562)

10.1.3.2. Bug fixes
Copy link

Fixed an issue where if the gRPC server could not connect to the database it would return a 403 HTTP status to envoy. This has been changed to return an error message of 503. (AAP-51931)
Fixed an issue with the help text for the setting ALLOW_OAUTH2_FOR_EXTERNAL_USERS. (AAP-51886)
Fixed an incorrectly formatted error message in the SAML authenticator when passing invalid security settings. The error will now properly show the invalid fields and will also indicate what valid field values are. (AAP-51705)
Fixed an issue where authentication mapping for teams did not work if join_condition: and was used with attributes. (AAP-51639)
Fixed an issue with authenticator maps not properly evaluating the attribute in conditions. (AAP-51638)
Fixed an issue where platform gateway did not generate the necessary metadata for the UI to render Settings > Platform Gateway when the accessing user is an auditor rather than an administrator. (AAP-53279)
Fixed an issue where multi-select dialogs only showed a subset of users, and users were unable to scroll or advance to the next page. (AAP-52209)
Fixed an issue where the SAML based authenticators did not collect the group data even if the field had the attribute specified. (AAP-51503)
The View Logs link now matches the automation controller API being used. (AAP-52674)
PostgreSQL directory creation now works when TLS is disabled. (AAP-52569)
Fixed a path issue for custom_ca_cert when checking PostgreSQL connection and version during preflight. (AAP-53213)
Fixed the restore and implemented migration functionality for the automation controller resource secret key value. (AAP-53535)
Improved platform gateway control plane authorization performance to reduce sporadic request errors. (AAP-53468)
Disabled IPv6 binding on PostgreSQL and Redis services when IPv6 is disabled on the host. (AAP-53546)

10.1.4. Ansible Automation Platform Operator
Copy link

10.1.5. Bug fixes
Copy link

Fixed an issue where the deployment was failing with "dict object has no attribute version". (AAP-46528)
Fixed an issue where the Redis timeout configuration was overwritten by the Ansible Automation Platform Operator on reconciliation. The timeout for Redis connections has been added to the configuration and hard-coded to 300 seconds. (AAP-53309)
The automation hub web init container now uses resource limits when enabled. (AAP-52934)
Fixed a pulp_ansible compatibility issue that was preventing the hub-api pod from running migrations in the new container when upgrading to the latest 2.5 operator version. (AAP-49016)

10.1.6. Automation controller
Copy link

10.1.6.1. Bug Fixes
Copy link

Fixed an issue where the galaxy credentials could not be created and edited without the need to specify an organization. (AAP-52197)
Fixed an issue where the job template creation failed using ansible.controller.job_template when multiple inventories shared the same name across different organizations. (AAP-51311)
Fixed an issue that did not allow a user to save Schedule for Workflow job template when Limit has Prompt on Launch was enabled. (AAP-49794)
The export command now works through the automation controller collection or with awxkit when the correct environment variable is provided. (AAP-49452)
Fixed an issue where there were double escaped quotes in api/v2/jobs/{id}/stdout/?format=txt. (AAP-49077)
Fixed an issue where the fact storage was not working when automation controller’s time zone was not UTC. (AAP-45933)
Fixed a bug where exports did not work on deployments using the platform gateway. The export module in the collection now honors the CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX environment variable. (AAP-39265)

10.1.7. Automation hub
Copy link

10.1.7.1. Enhancements
Copy link

Added the GALAXY_API_SPEC_REQUIRE_AUTHENTICATION setting to automation hub (defaults to false). This setting restricts access to the OpenAPI specification to authenticated users only. This prevents exposing the OpenAPI spec and any unnecessary information. (AAP-53578)

10.1.8. Container-based Ansible Automation Platform
Copy link

10.1.8.1. Bug Fixes
Copy link

Fixed an issue where the create_initial_data command did not work during backup and restore onto different clusters for Event-Driven Ansible. (AAP-53382)
Fixed an issue where scheduled tasks failed in private automation hub when using quotes in the task name. (AAP-53307)
Uploading Ansible collections to private automation hub is no longer limited by the API pagination. (AAP-53526)

10.1.9. Event-Driven Ansible
Copy link

10.1.9.1. Bug Fixes
Copy link

Fixed an issue with Event-Driven Ansible restores where database credentials were not updated for the event stream. (AAP-53529)

10.1.10. RPM-based Ansible Automation Platform
Copy link

10.1.10.1. Bug Fixes
Copy link

Fixed an issue where backup was failing when the deployment had more than one Event-Driven Ansible node without eda_node_type defined. (AAP-52892)
Fixed a typographical error in the automation controller group name that led to restore failures. (AAP-52078) Fixed an issue where platform gateway uwsgi processes were not configurable in the Ansible Automation Platform 2.5 RPM installer. (AAP-50390)
Fixed an issue where redis_mode=standalone and the Redis group were defined at the same time. (AAP-53560)
Fixed an issue where the Redis node list could not be created on Event-Driven Ansible or platform gateway nodes which were not part of the Redis group. (AAP-53528)
Removed the pulpcore-manager sudo requirement. (AAP-52288)

10.2. Ansible Automation Platform patch release August 27, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
August 27, 2025	Automation controller 4.6.19 Automation hub 4.10.7 Event-Driven Ansible 1.1.13 Container-based installer Ansible Automation Platform (bundle) 2.5-18 Container-based installer Ansible Automation Platform (online) 2.5-18 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-17 RPM-based installer Ansible Automation Platform (online) 2.5-17

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1755835086
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1755835623

10.2.1. General
Copy link

The ansible.controller collection has been updated to 4.6.19.(AAP-51863)
The ansible.eda collection has been updated to 2.9.0.(AAP-51859)

10.2.2. CVE
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-48432 python3.11-django: Django Path Injection Vulnerability.(AAP-50994)
CVE-2025-47273 automation-controller: Path Traversal Vulnerability in setuptools PackageIndex.(AAP-47384)

10.2.3. Ansible Automation Platform
Copy link

10.2.3.1. Features
Copy link

Added a new field on Azure AD authenticator called Field to use as username which allows you to use an arbitrary field from the assertion as the username in Ansible Automation Platform.(AAP-49481)

10.2.3.2. Enhancements
Copy link

Enhanced Support for Streaming Chat Responses in Ansible Automation Platform. New settings added:
- stream_idle_timeout: Controls timeout for idle streaming connections.
- max_stream_duration: Sets maximum duration for streaming connections.
  (AAP-51756)
Allow for HTTP headers to be passed through envoy when https is offloaded by another device in front of envoy. This introduces two new settings:
- SECURE_PROXY_SSL_HEADER indicating which headers should be allowed through. The defaults are HTTP_X_FORWARDED_PROTO, https.
- XDS_XFF_NUM_TRUSTED_HOPS which says how many entries in the headers should be trusted. The default is 0 if there is only one device in front of envoy. Set to 1 if there are more, or increase as needed. These settings can only be changed in the /etc/ansible-automation-platform/gateway/settings.py file.
  (AAP-51347)

10.2.3.3. Bug fixes
Copy link

Fixed an issue where the OpenAPI spec did not reflect all query parameters available.(AAP-49824)
Fixed an issue where the LOGIN_REDIRECT_OVERRIDE was not being respected.(AAP-49726)
Fixed an issue where the breadcrumb in a launch template sent users to the wrong URL.(AAP-44194)
Fixed an issue where legacy users were not properly migrated to platform gateway in some scenarios that were previously leaving the users in a partly migrated state.(AAP-43251)
Fixed an issue where the LDAP filter splitter/validator did not handle some valid filters.(AAP-51591)
Fixed an issue that removes the required label from the organization field for galaxy credentials in automation controller credential create and edit forms.(AAP-51587)
Fixed an issue where subscription entitlement window displayed again after Ansible Automation Platform had been entitled when running in a load-balanced environment with multiple controller web pods.(AAP-43883)
Fixed an issue that did not allow all users to see the notifiers tab.(AAP-41342)
Fixed an issue where there was no limit field on the job details page.(AAP-36118)

10.2.4. Ansible Automation Platform Operator
Copy link

10.2.5. Bug fixes
Copy link

Fixed an issue in the PostgreSQL password encryption when upgrading from PG13 to PG15 on FIPS.(AAP-50443)
Fixed an issue where requests time out at client or proxy, but work continues long past the timeout.(AAP-50311)
Fixed an issue to align NGINX and web server timeouts to avoid issues where requests time out but work continues on already timed out requests.(AAP-50310)
Fixed an issue to align envoy, NGINX, web server, and jwt token timeouts to avoid issues where requests time out but work continues or tokens expire before they are used.(AAP-50309)
Fixed an issue to align web server timeouts to avoid issues where requests time out at client or proxy, but work continues long past the timeout.(AAP-50308)
Fixed backup and restores for deployments with external databases and refactored the tasks for managed database restores to be a separate code path.(AAP-50299)
Fixed an issue where the platform gateway operator client_request_timeout was not the same as haproxy timeout in OpenShift Container Platform.(AAP-51749)

10.2.6. Automation controller
Copy link

10.2.6.1. Bug Fixes
Copy link

Fixed regression in ansible.controller collection where the argument controller_oauthtoken was wrongfully removed.
- Fixed newly added aap_token to function the same as controller_oauthtoken.
- Fixed the ansible.controller.controller_api lookup plugin.
  (AAP-51289)
Fixed an issue where the Ansible Galaxy credentials could not be created and edited without specifying an organization.(AAP-51614)
Fixed an issue where the subscription is attached before subscription credentials have been set, returned a 400 Bad Request.(AAP-50322)

10.2.7. Container-based Ansible Automation Platform
Copy link

10.2.7.1. Enhancements
Copy link

Implemented PostgreSQL extra settings parameter on the installer.(AAP-51533)

10.2.7.2. Bug Fixes
Copy link

Fixed an issue where the PostgreSQL version failed during preflight with a customer provided CA certificate.(AAP-50884)
Fixed pcp data permissions by migrating the data to a Podman volume instead of a bind mount.(AAP-50807)
Fixed an issue where the backup script incorrectly Included .snapshot directories in the automation hub backup.(AAP-50784)
Fixed a bug where the Redis hostname fails to be set in a disconnected environment.(AAP-51532)
Fixed an issue where there was no exclusion parameter for containerized backup, that allowed users to specify snapshot paths to be excluded from the backup process.(AAP-46767)

10.2.8. Event-Driven Ansible
Copy link

10.2.8.1. Bug Fixes
Copy link

Fixed an issue where MQ_TLS did not accept a boolean value.(AAP-51012)
Fixed an issue where project import state may become stuck at pending or running.(AAP-51643)
Fixed an issue where %20 is not permitted in project git URL.(AAP-51642)
Fix an issue where a user who belongs to a team with an Event-Driven Ansible organization project admin role could not see the organization.(AAP-50921)

10.2.9. RPM-based Ansible Automation Platform
Copy link

10.2.9.1. Enhancements
Copy link

Added postgres_extra_settings for postgresql.conf customization for managed database installations.(AAP-51462)

10.2.9.2. Bug Fixes
Copy link

Fixed an issue where automation controller nodes set to a deprovision state were not removed from the platform gateway registry.(AAP-51461)
Fixed an issue where the missing RPM dependency for PostgreSQL client which resulted in container images missing psql binary.(AAP-50941)
Fixed an issue where disabling https for platform gateway and/or platform gateway proxy (envoy) caused installation failures.(AAP-48606)

10.3. Ansible Automation Platform patch release July 30, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
July 30, 2025	Automation controller 4.6.18 Automation hub 4.10.6 Event-Driven Ansible 1.1.11 Container-based installer Ansible Automation Platform (bundle) 2.5-17 Container-based installer Ansible Automation Platform (online) 2.5-17 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-16 RPM-based installer Ansible Automation Platform (online) 2.5-16

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1753402603
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1753403065

10.3.1. General
Copy link

The redhat.rhel_system_roles collection has been updated to 1.95.7.(AAP-49916)
The ansible.windows collection has been updated to 2.8.0.(AAP-49923)
The ansible.eda collection has been updated to 2.8.2.(AAP-49997)

10.3.2. CVE
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-7738 python3.11-django-ansible-base: Hide plain text OAuth2 secrets on GitHub Enterprise and GitHub Enterprise organization authenticator configuration views in platform-gateway.(AAP-49561)
CVE-2025-2099 ansible-automation-platform-25/lightspeed-chatbot-rhel8: Regular Expression Denial of Service (ReDoS) in uggingface/transformers.(AAP-48621)
CVE-2025-5988 automation-gateway: CSRF origin checking is enabled.(AAP-50374)

10.3.3. Ansible Automation Platform
Copy link

10.3.3.1. Features
Copy link

PosixUIDGroupType can be selected for LDAP Group Type.(AAP-49347)

10.3.3.2. Enhancements
Copy link

Optimized the handling of web socket messages from the Workflow Visualizer.(AAP-46800)

10.3.3.3. Bug fixes
Copy link

Fixed the fields content_type for role user assignments to indicate that null values are valid responses from the API.(AAP-49494)
Fixed the fields team_ansible_id for role team assignments to indicate that null values can be POSTed to the API.(AAP-49812)
Fixed an issue where auto-complete was not disabled on all forms for sensitive information such as usernames, passwords, secret keys, etc.(AAP-49079)
Fixed an issue related to workflow job template limits overriding workflow job template node limits upon save.(AAP-48946)
Fixed the Min and Max Limit values displayed on the Edit Survey form.(AAP-39933)
Fixed an issue where the case insensitivity for authentication map user attribute names and values and for group names was not available. Feature flag FEATURE_CASE_INSENSITIVE_AUTH_MAPS must be set to true to enable case insensitive comparisons.(AAP-49327)
Fixed an issue that adds an OIDC Callback URL field that, after creation of authenticator, displays the URL to use in setting up the IdP. The URL field is displayed on the creation page and this field is to be left blank.(AAP-49874)

10.3.4. Automation controller
Copy link

10.3.4.1. Enhancements
Copy link

Update the injectors for the Ansible Automation Platform credential type to work across collection.(AAP-47877)

10.3.4.2. Bug Fixes
Copy link

Removed API version from hard-coded URL in inventory plugin.(AAP-48443)
Fixed a 404 error for workflow nodes.(AAP-47362)
Fixed an issue where the automation controller pod was not working after an upgrade to aap-operator.v2.5.0-0.1750901870.(AAP-48771)

10.3.5. Container-based Ansible Automation Platform
Copy link

10.3.5.1. Enhancements
Copy link

Added an exclusion parameter for Container-based Ansible Automation Platform Backup, allowing users to specify snapshot paths to be excluded from the backup process.(AAP-50114)

10.3.5.2. Bug Fixes
Copy link

Fixed the issue where execution instances removed from the inventory would still be visible on the Topology View.(AAP-48615)
Fixed a bug when restoring automation hub to a new cluster when using NFS for the hub data filesystem.(AAP-48568)
Fixed permission issues when restoring automation hub when using NFS storage.(AAP-50118)

10.3.6. RPM-based Ansible Automation Platform
Copy link

10.3.6.1. Bug Fixes
Copy link

Event-Driven Ansible node type is now properly checked during restore.(AAP-49004)
Fixed an issue where gRPC server port was not configured properly when non-default value was used.(AAP-48543)
Fixed an issue where the firewall role logic improperly restricted Event-Driven Ansible event stream ports. Firewall ports are now restricted to event hosts, enhancing network security for Event-Driven Ansible users.(AAP-49792)
Fixed an issue where the gunicorn timeout to Event-Driven Ansible API service unit was not passed.(AAP-49858)
Fixed an issue where envoy, nginx, web server, and jwt token timeouts were not aligned, and caused issues where requests time out but work continues, or tokens expire before they are used.(AAP-49153)

10.4. Ansible Automation Platform patch release July 2, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
July 2, 2025	Automation controller 4.6.16 Automation hub 4.10.5 Event-Driven Ansible 1.1.11 Container-based installer Ansible Automation Platform (bundle) 2.5-16 Container-based installer Ansible Automation Platform (online) 2.5-16 Receptor 1.5.7 RPM-based installer Ansible Automation Platform (bundle) 2.5-15 RPM-based installer Ansible Automation Platform (online) 2.5-15

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1750901111
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1750901870

10.4.1. General
Copy link

Allows running ansible.platform collection modules in check_mode.(AAP-45246)
The ansible.eda collection has been updated to 2.8.1.(AAP-48324)
The ansible.platform collection has been updated to 2.5.20250702.(AAP-48344)
The ansible.controller collection has been updated to 4.6.16.(AAP-48347)

10.4.2. CVE
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-22871 receptor: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45132)
CVE-2025-22871 automation-gateway-proxy-openssl32: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45130)
CVE-2025-22871 automation-gateway-proxy-openssl30: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45129)
CVE-2025-22871 automation-gateway-proxy: Request smuggling due to acceptance of invalid chunked data in net/http.(AAP-45128)

10.4.3. Ansible Automation Platform
Copy link

10.4.3.1. Enhancements
Copy link

Refactored V1RootView.get() and improve reverse lookup logic.(AAP-47366)
Refactored process_statuses() method to reduce its cognitive complexity.(AAP-47341)
All UI elements related to policy enforcement are visible to all users. See the policy enforcement documentation for more information. (AAP-47006)
On the inventory source form, for a source type of VMware ESXi the user will be able to select credentials of type VMware vCenter.(AAP-46784)
Reduced the cognitive complexity of method migrate_resource() in migrate_service_data.py from 56 to < =15.(AAP-45822)
Reduce the cognitive complexity of the process_fields() method in serializers/preference.py file.(AAP-45820)
Reduced the cognitive complexity of unique_fields_for_model() method to below 15.(AAP-45819)

10.4.3.2. Bug fixes
Copy link

Fixed an issue that did not allow role assignments using object_ansible_id in the role_user_assignment module.(AAP-48042)
Fixed an issue that did not allow the object_id field in the role_user_assignment module to accept a list of items.(AAP-47979)
Fixed an example task in the ansible.platform.token module.(AAP-47976)
Fixed an issue to aap_* parameters in ansible.platform.token module that resulted in user reminders not being sent out.(AAP-47975)
Fixed an API error messaging in the event a user logs in as the admin user via legacy auth on one component, then tries to do so via the other component.(AAP-47541)
Fixed an issue where API records could be missing or duplicated across pages.(AAP-47504)
Fixed a bug that was causing the UI to throw an error when launching a workflow job template with both Prompt on Launch and Survey enabled.(AAP-46813)
Fixed an issue where the platform gateway OpenAPI schema file was not being generated correctly.(AAP-46639)
Fixed an issue where modules in the ansible.platform collection did not accept AAP_* variable for authentication.(AAP-45363)
Fixed an issue where there was a missing option in the ansible.platform.user module to allow setting the is_platform_auditor flag on a user.(AAP-45244)
Fixed an issue where an extra validation to handle incorrect user input in the variables field was needed, as the API did not return an error for it.(AAP-42563)
Fixed an issue with the Hosts links in the Resource Counts section of the overview page to redirect to the Hosts page, filtered by either Show only ready hosts or Show only failed hosts depending on which count was clicked on.(AAP-42288)
Fixed an issue where API records could be missing or duplicated across pages.(AAP-41842)

10.4.4. Red Hat Ansible Lightspeed
Copy link

10.4.4.1. Enhancements
Copy link

Ansible Lightspeed intelligent assistant now supports third-party LLM providers such as Microsoft Azure OpenAI, OpenAI, and IBM watsonx.ai. For more information, see Deploying the Ansible Lightspeed intelligent assistant on OpenShift Container Platform.(AAP-44011)

10.4.5. Ansible Automation Platform Operator
Copy link

10.4.5.1. Enhancements
Copy link

Annotation can now be added to the route by specifying spec.route_annotations on the Ansible Automation Platform and automation controller custom resources.(AAP-45952)
New installations of Red Hat Ansible Lightspeed using the Ansible Automation Platform Custom Resource will automatically integrate with Ansible Automation Platform’s OAuth mechanism. The auth_config_secret_name setting is optional.(AAP-45686)

10.4.5.2. Bug fixes
Copy link

Fixed an issue where the jquery version included in the redirect page did not match the version from the rest framework directory.(AAP-47160)
Fixed an issue where the ingress class name could not be configured on the automation hub CR.(AAP-47054)
Fixed an issue where there was a missing resources limit on automation hub API init containers.(AAP-47053)
Fixed an issue where the resources limit on worker pods could not be configured.(AAP-47045)
Fixed an issue where there was no readinessProbe configuration in the PostgreSQL statefulset definition.(AAP-47043)

10.4.6. Automation controller
Copy link

10.4.6.1. Features
Copy link

Added AWX dispatcherd integration.(AAP-45800)

10.4.6.2. Bug Fixes
Copy link

Fixed a race condition where job templates with duplicate names in the same organization could be created.(AAP-45968)
Fixed an issue where ole_user_assignments failed to query for object_ansible_id. Enabled query filtering for fields user_ansible_id, team_ansible_id, and object_ansible_id on the role assignment API endpoints.(AAP-45443)
Fixed an issue where some credential types were not populated after upgrading. This adds a new migration to accomplish this.(AAP-44233)
Fixed an issue where there were large numbers of jobs queued that were stuck in waiting status.(AAP-44143)

10.4.7. Automation hub
Copy link

10.4.7.1. Enhancements
Copy link

Any user can search and filter using AI keywords to find AI related collections in automation hub.(AAP-43138)

10.4.7.2. Bug Fixes
Copy link

Fixed an issue where there was an error when installing collections that exist in both rh-certified and community.(AAP-24271)

10.4.8. Container-based Ansible Automation Platform
Copy link

10.4.8.1. Enhancements
Copy link

Validate that nodes are configured with at least 16G of RAM.(AAP-47542)
Containerized Ansible Automation Platform now supports RHEL 10.(AAP-47083)

10.4.8.2. Bug Fixes
Copy link

Fixed an issue where the TLS Certificate Authority (CA) certificate for Receptor mesh configuration when providing TLS certificates were not signed by the internal CA.(AAP-48065)
Fixed a missing user parameter for the sos report command on the log_gathering playbook.(AAP-47718)
Fixed an issue where the jquery version included in the redirect page did not match the version from the rest framework directory.(AAP-47074)

10.4.9. Event-Driven Ansible
Copy link

10.4.9.1. Features
Copy link

API REST supports the editing of the URL of the project.(AAP-47459)
Prior to this release, we suggested utilizing ansible.builtin.set_fact within playbooks. We now advise using ansible.builtin.set_stats as it enables seamless integration with job templates. We encourage migrating from ansible.builtin.set_fact to ansible.builtin.set_stats for optimal results, although ansible.builtin.set_fact will continue to be supported.(AAP-46841)

10.4.9.2. Enhancements
Copy link

Previously, when a project url/branch/scm_refspec was edited, users had to manually trigger a project resync through either the UI or API. Now, Event-Driven Ansible automatically does a resync in case one of url/branch/scm_refspec is modified.(AAP-46254)
Relevant settings and versions are emitted in logs when the worker starts.(AAP-40984)

10.4.9.3. Bug Fixes
Copy link

Fixed an issue when using gather_facts in a rulebook a user had to provide an inventory. This is only available when running ansible-rulebook as a CLI. When the rulebook with gather_facts is run as part of Activation the gather_facts is ignored, since Activations does not include inventory.(AAP-47846)
Fixed an issue where DE images that use an SHA digest in the URI would fail to pull. This is now addressed, enabling user reminders to be sent actively.(AAP-47725)
Fixed an issue introduced in #1296 where we were running under the advisory lock and not the actual import/sync task, but the proxy that schedules the job for rq and dispatcherd.(AAP-47554)
Fixed an issue where there were no validations to URL, branch/tag/commit, and refspec fields when creating or updating a project.(AAP-47227)
Fixed an issue on k8s-based deployments where activations would hang while being deleted or disabled.(AAP-46559)
Fixed an issue where the activation could get stuck in the disabling or deleting state under OpenShift Container Platform.(AAP-45298)

10.4.10. Receptor
Copy link

10.4.10.1. Bug Fixes
Copy link

Fixed an issue where jobs were in a failed status with message Receptor detail: Finished. EOF is now handled correctly when the pod is ready.(AAP-46484)

10.4.11. RPM-based Ansible Automation Platform
Copy link

10.4.11.1. Bug Fixes
Copy link

Fixed an issue where redis-platform would not restart on restore.(AAP-47689)
Fixed an issue where old service nodes were not removed from platform gateway when the installer ran with a new host or new host names.(AAP-47651)
Fixed an issue where restore was failing when a non-default port was used for Ansible Automation Platform managed database.(AAP-47639)
Fixed an issue where some pages didn’t render properly when non-default umask was being used.(AAP-47377)
Fixed an issue where the Event-Driven Ansible script was not starting nginx on restart.(AAP-46511)
Fixed an issue where the credentials associated to decision environments would not be updated with the site information defined in the source inventory during restore.(AAP-46271)
Fixed an issue where the receptor certificate tasks would require switching to a receptor user.(AAP-46189)
Fixed an issue where the firewall was not opening event stream ports.(AAP-45684)

10.5. Ansible Automation Platform patch release June 11, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
June 11, 2025	Automation controller 4.6.15 Automation hub 4.10.4 Event-Driven Ansible 1.1.9 Container-based installer Ansible Automation Platform (bundle) 2.5-15.1 Container-based installer Ansible Automation Platform (online) 2.5-15 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-14.1 RPM-based installer Ansible Automation Platform (online) 2.5-14

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1749604727
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1749607543

10.5.1. Automation controller
Copy link

10.5.1.1. Bug Fixes
Copy link

Fixed an issue where using or creating Azure keyvault credentials was failing with TypeError.(AAP-47413)

10.6. Ansible Automation Platform patch release June 9, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
June 9, 2025	Automation controller 4.6.14 Automation hub 4.10.4 Event-Driven Ansible 1.1.9 Container-based installer Ansible Automation Platform (bundle) 2.5-15 Container-based installer Ansible Automation Platform (online) 2.5-15 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-14 RPM-based installer Ansible Automation Platform (online) 2.5-14

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1749074128
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1749074612

10.6.1. General
Copy link

The ansible.controller collection has been updated to 4.6.14 (AAP-46562)
The ansible.platform collection has been updated to 2.5.20250604 (AAP-46552)

10.6.2. Ansible Automation Platform
Copy link

10.6.2.1. Features
Copy link

Adds ansible_base.lib.utils.address.classify_address providing common recognition and parsing of machine addressing hostname, IPv4 and IPv6 with and without an appended :<port>.(AAP-45910)

10.6.2.2. Enhancements
Copy link

LDAP filter validation improved such that all filters that meet LDAP standards including and/or should be properly validated.(AAP-46249)
Completely updated interface for managing authentication methods and mappings.(AAP-45750)
Default validity period for Oauth tokens reduced from 1000 years to 1 year. Existing tokens will NOT be updated. If you wish to reduce the validity period of existing tokens, please remove and re-issue them. The default validity period for Oauth tokens can be modified via the django setting ACCESS_TOKEN_EXPIRE_SECONDS in OAUTH2_PROVIDER.(AAP-46187)

10.6.2.3. Bug fixes
Copy link

Fixed an issue where there was a degraded logging performance notice removed on the job output page. Polling fallback functionality still exists.(AAP-46120)
Fixed an issue where the gateway proxy was not properly ejecting nodes failing health checks.(AAP-43931)
Fixed an issue where installations with Red Hat Ansible Lightspeed enabled were not handled properly during upgrade.(AAP-46154)

10.6.3. Automation controller
Copy link

10.6.3.1. Enhancements
Copy link

Updated license mechanism to allow users to provide username and password when fetching subscriptions via the API and Ansible Automation Platform user interface.(AAP-46797)

10.6.3.2. Bug Fixes
Copy link

Fixed an issue where the idle dispatch workers were not recycled based upon age, or after completing the last task. Default maximum age is 4 hours, controlled by WORKER_MAX_LIFETIME_SECONDS setting. Set to None to disable worker recycling.(AAP-45947)
Fixed an analytics collector failure to clean up temporary files after failed upload to Hybrid Cloud console.(AAP-45574)
Fixed an issue where inventory variables pulled in by update from a source with the option Overwrite Variables checked, were not deleted on subsequent updates from the same source when the source no longer contained the variable.(AAP-45571)

10.6.4. Container-based Ansible Automation Platform
Copy link

10.6.4.1. Enhancements
Copy link

Allow users to skip automation controller demo data creation.(AAP-46482)
Validating the Automation hub NFS share path format during the preflight role execution.(AAP-46306)

10.6.4.2. Bug Fixes
Copy link

Fixed an issue where the custom Certificate Authority (CA) TLS certificate was not passed to the external database validation during the preflight role execution.(AAP-46480)
Fixed a log redirection error for the Ansible automation hub, Event-Driven Ansible, and Unified UI containers.(AAP-46478)
Fixed an issue where ~/.local/bin path was not added to the user $PATH environment variable during PostgreSQL database dump and restore.(AAP-46209)
Fixed the order of operations for handling service nodes to ensure only valid nodes are configured.(AAP-45551)

10.6.5. Event-Driven Ansible
Copy link

10.6.5.1. Enhancements
Copy link

Rename env EDA_OIDC_TOKEN_URL to DA_AUTOMATION_ANALYTICS_OIDC_TOKEN_URL.(AAP-44862)

10.6.5.2. Bug Fixes
Copy link

Fixed an issue where the activation containers were not removed after a node goes offline.(AAP-45831)
Fixed an issue where the error reminding user to remap source with event stream should be under key source_mapping in the API return.(AAP-45105)
Fixed an issue where special characters such as [] were not allowed in the activation name on OCP deployment.(AAP-44691)

10.6.6. RPM-based Ansible Automation Platform
Copy link

10.6.6.1. Enhancements
Copy link

Setup will now retry automation gateway data migration attempts in case services take longer than expected to start.(AAP-46208)

10.6.6.2. Bug Fixes
Copy link

Fixed an issue Event stream worker would not restart like other workers when running setup.sh.(AAP-46205)
Fixed an issue where setup would not restart the podman socket whenever podman was reset.(AAP-46191)

10.7. Ansible Automation Platform patch release May 28, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
May 28, 2025	Automation controller 4.6.13 Automation hub 4.10.4 Event-Driven Ansible 1.1.8 Container-based installer Ansible Automation Platform (bundle) 2.5-14 Container-based installer Ansible Automation Platform (online) 2.5-14 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-13 RPM-based installer Ansible Automation Platform (online) 2.5-13

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1747343762
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1747345055

10.7.1. General
Copy link

The ansible.platform collection has been updated to 2.5.20250528.(AAP-45823)
The ansible.controller collection has been updated to 4.6.13.(AAP-45885)

10.7.2. Features
Copy link

10.7.2.1. Ansible Automation Platform
Copy link

Ansible Automation Platform now supports service account-based authentication for integration with services available through the Hybrid Cloud Console, including automation analytics, Insights for Ansible Automation Platform, and subscription management. See this Knowledgebase article for more information on the required changes.
Replaced basic authenticate with service account authentication for Ansible Automation Platform subscription management.(AAP-44643)
Updated the subscription wizard to accommodate fetching subscription information using service account credentials.(AAP-37077)
Adds ansible_base.lib.utils.address.classify_address providing common recognition and parsing of machine addressing (hostname, IPv4 and IPv6) with and without an appended :<port>.(AAP-45287)

10.7.3. Enhancements
Copy link

10.7.3.1. Ansible Automation Platform
Copy link

Reduced the cognitive complexity level of validate_password() method and reorganized the validate_authenticate_uid() method to increase code readability.(AAP-45346)
For clarity and to prevent misconfiguration, the SAML authenticator now requires both a permanent user ID and a username.(AAP-45333)
Updated field names and help text in the System Settings UI to indicate client ID and client secret for service accounts, as well as client ID and client secret for analytics.(AAP-43119)
Validation/enforcement of expected service types removed because service types are now dynamic.(AAP-40130)
Enables configuration of control plane authentication for custom services. You should not modify it for pre-defined services.(AAP-40131)
Custom service type support added. Arbitrary service types and services can be created rather than a fixed list.(AAP-39812)

10.7.3.2. Red Hat Ansible Lightspeed
Copy link

It is now possible to disable SSL verification for Red Hat Ansible Lightspeed <→ Model Server communication.(AAP-45337)

10.7.3.3. Automation controller
Copy link

Updated Azure Key Vault plugin to use managed identity when creating credentials.(AAP-43461)

10.7.4. Bug fixes
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-43859 ee-supported-container: h11 accepts some malformed Chunked-Encoding bodies.(AAP-44783)
CVE-2025-43859 ee-cloud-services-container: h11 accepts some malformed Chunked-Encoding bodies.(AAP-44781)
CVE-2025-43859 ansible-lightspeed-container: h11 accepts some malformed Chunked-Encoding bodies.(AAP-44779)

10.7.4.1. Ansible Automation Platform
Copy link

Fixed an issue found in SaaS deployments where the authentication proxy would use old, invalid database connections after an RDS database reboot.(AAP-44178)
Fixed an issue where administrators were not allowed to configure auto migration of legacy authenticators.(AAP-36841)
Fixed an issue where the usernames from LDAP were not case-insensitive. LDAP is case-insensitive so logging in as <Bob> and <bob> would result in two different users in platform gateway even though they are the same user in LDAP. With this change, both users will be authenticated as the lowercase username.(AAP-44177)

10.7.4.2. Ansible Automation Platform Operator
Copy link

Fixed a broken document link to Ansible Automation Platform Operator installation documents in the OpenShift Container Platform UI.(AAP-45199)
Fixed an issue where the user was unable configure kind: AnsibleInstanceGroup, and it failed with an error policy_spec_override is undefined.(AAP-45351)

10.7.4.3. Red Hat Ansible Lightspeed
Copy link

Fixed an issue where it was not possible to disable SSL verification between Model Server and Red Hat Ansible Lightspeed.(AAP-45269)
Fixed an issue where the provider type and context window size were not configurable in Red Hat Ansible Lightspeed Operator.(AAP-45166)

10.7.4.4. Automation controller
Copy link

Fixed an issue where the VMware credential was not applying to the source correctly.(AAP-45169)
Fixed an issue where the workflow job template did not have job access parity with UnifiedJobAccess.(AAP-45057)
Fixed an issue where error handling did not allow event processing to continue even if one event contained invalid data that cannot be parsed by jq.(AAP-44876)

10.7.4.5. Platform gateway
Copy link

Fixed AttributeError errors around the legacy_base authenticator which were harmless, but were showing in logs leading to customer and engineer confusion.(AAP-40159)
Fixed an issue where customized proxy authentication on a per service cluster basis was not allowed.(AAP-35601)
Fixed and issue where there was a server error on migrating an LDAP user in a freshly upgraded 2.4 → 2.5 instance. The fix prevents the 500 error during LDAP user legacy authentication and migration following an upgrade.(AAP-44958)

10.7.4.6. RPM-based Ansible Automation Platform
Copy link

Fixed an issue the max keyrings sysctl would produce common failures when running more than 200 containers on a node.(AAP-45260)
Fixed an issue where automation platform gateway proxy (envoy) ports were not included in the firewall.(AAP-45489)

10.7.5. Known Issues
Copy link

Red Hat Ansible Lightspeed enabled deployments must apply a workaround to avoid problems during upgrade from release 2.5.20250507. The service cluster and related objects must be removed before upgrade and re-created after upgrade. For more information please see this KCS article.(AAP-46154)

10.8. Ansible Automation Platform patch release May 7, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
May 7, 2025	Automation controller 4.6.12 Automation hub 4.10.4 Event-Driven Ansible 1.1.8 Container-based installer Ansible Automation Platform (bundle) 2.5-13 Container-based installer Ansible Automation Platform (online) 2.5-13 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-12 RPM-based installer Ansible Automation Platform (online) 2.5-12

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1746137767
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1746138413

10.8.1. General
Copy link

Implemented GitHub application credential type.(AAP-38589)
The ansible.platform collection has been updated to 2.5.20250507.(AAP-44992)
The ansible.controller collection has been updated to 4.6.12.
The ansible.eda collection has been updated to 2.7.0.

10.8.2. Technology Preview
Copy link

10.8.2.1. Policy as Code
Copy link

Policy enforcement is available in tech preview, behind a feature flag. See the product documentation and the Knowledgebase article How to set feature flags for Red Hat Ansible Automation Platform for information on working with feature flags.

10.8.3. Features
Copy link

10.8.3.1. Ansible Automation Platform
Copy link

Added an enhanced log viewer for rulebook activation instances similar to the job output logger.(AAP-43337)

10.8.3.2. Container-based Ansible Automation Platform
Copy link

Implemented a playbook to collect sos reports using the inventory file.(AAP-42606)

10.8.3.3. Event-Driven Ansible
Copy link

Event-Driven Ansible now submits analytics data.(AAP-40881)
Enabled Event-Driven Ansible analytics data to be uploaded to the cloud. This feature is guarded by a feature flag.(AAP-42468)
Added a log tracking id to each log message labelled as [tid: uuid-pattern].(AAP-42270)
Improved the user experience of managing rulebook activations in Event-Driven Ansible by introducing an edit capability.(AAP-33067)
The following datapoints Event-Driven Ansible now collects for analytics for MVP:
- Eventsources used in Event-Driven Ansible.
- Eventstreams used in Event-Driven Ansible.
- Version of Event-Driven Ansible installed.
- Installation type (container/OCP/VM).
- Platform organizations in Event-Driven Ansible.
- Which automation controller job template was launched from a rulebook activation.(AAP-31458)
Event-Driven Ansible gather_analytics command now runs on schedule as an internal task.(AAP-30063)
Event-Driven Ansible now writes analytics data collector that sends payloads to console.redhat.com.(AAP-30055)
Add x-request-id to each log message labelled as [rid:uuid-pattern].(AAP-42269)

10.8.4. Enhancements
Copy link

10.8.4.1. Ansible Automation Platform
Copy link

Updated platform gateway to adopt selected standard component for settings mechanism.(AAP-34939)
Refactored the authenticate() method inside the AuthenticatorPlugin class in legacy_password.py and legacy_sso.py to their common parent LegacyMixin. Added comments to classes and their methods for code clarity.(AAP-44460)

10.8.4.2. Ansible Automation Platform Operator
Copy link

Fixed an issue where the Lightspeed Operator would not use the ANSIBLE_AI_MODEL_MESH_CONFIG.(AAP-41335)
Extended CCSP and renewal guidance reports to include inventory scope and node/host details.(AAP-38802)

10.8.4.3. Automation controller
Copy link

Updated the pinned version of receptorctl in automation controller to 1.5.5.(AAP-44823)
Updated the pinned version for ansible-runner in automation controller.(AAP-43357)

10.8.4.4. Container-based Ansible Automation Platform
Copy link

Added new variable use_archive_compression with default value: true. Added new variable component Name_use_archive_compression for each component with the default value: true.(AAP-41242)

10.8.4.5. Event-Driven Ansible
Copy link

Event-Driven Ansible collection standardization enhancements.(AAP-41402)
Relevant settings and versions are emitted in logs when the ansible-rulebook starts in worker mode.(AAP-40781)
Added log entries with settings and version at startup.(AAP-40781)
Enhanced the Ansible Automation Platform injectors for eda-server to include common platform variables as extra_vars or environment variables if they are specified.(AAP-43029)
Event-Driven Ansible decision environment validation errors now display under the decision environment text box in the decision environment UI page.(AAP-42147)
Added a automation controller URL check for the CLI.(AAP-41575)
If a source plugin terminates you are now able to see the stack trace with the source file name, the function name, and line number.(AAP-41774)

10.8.4.6. RPM-based Ansible Automation Platform
Copy link

Added compression for archive and database artifacts used in backup/restore
- Updated database filename used for automation controller pg_dump from tower to automation controller while maintaining backward compatibility for backups using tower.db filename.(AAP-42055)

10.8.5. Bug fixes
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-26699 automation-controller: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-41139)

10.8.5.1. Ansible Automation Platform
Copy link

Fixed an issue where In AAP 2.5, the user needed to press Ctrl+Enter to start a new line.(AAP-43499)
Fixed an issue where the change anchor tag on API html view violated semantic rules. (AAP-43802)
LDAP Authenticator field USER_SEARCH field now properly supports LDAP Unions. Previously you could only define one search term in the field like:

[
  "ou=users,dc=example,dc=com",
  "SCOPE_SUBTREE",
  "uid=%(user)s"
]

[
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ],
   [
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ]
]

[
  "ou=users,dc=example,dc=com",
  "SCOPE_SUBTREE",
  "uid=%(user)s"
]

[
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ],
   [
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ]
]

Copy to Clipboard

Toggle word wrap

USER_DN_TEMPLATE will still take precedence over the USER_SEARCH field. If non-unique users are found when performing multiple searches, those users will be unable to login to Ansible Automation Platform.(AAP-42883)
Fixed an issue where there was a file not found error with Dynaconf.(AP-43144)
Fixed an issue where dynaconf mishandled the openapi schema.(AAP-43143)
Fixed an issue when editing an authenticator with a large number of Organization/Team mappings in platform-gateway would affect the loading time of the web page, potentially making the page unresponsive.(AAP-40963)
Fixed an issue where unreachable hosts were not being filtered out of CCSP reports usage.(AAP-38735)
Fixed an issue where the X-DAB-JW-TOKEN header message would flood logs.(AAP-38169)
Fixed an issue where after upgrading to Ansible Automation Platform 2.5 managed on Azure, the ability to see job output while the job was running was lost. (AAP-43894)
Fixed an issue where customers were not allowed to view output details for filtered job outputs.(AAP-38925)
Fixed an issue where unreachable hosts from CCSP usage reports were not excluded.(AAP-38735)
Fixed an issue where indirect hosts were being counted in the first tab as quantity.(AAP-44676)
Fixed an issue where the platform-gateway could not be installed with a different name for the admin user.(AAP-44180)
Fixed an issue where an Ansible Automation Platform UI session was being logged out even if the user is actively working.(AAP-43622)
Fixed an issue where exceptions handled on SSO login were not allowing for error messages to be properly captured.(AAP-43369)
Fixed an issue where the job output was slow and making it hard to read due to missing parts of the output.(AAP-41434)
Fixed an issue where the user was unable to edit an existing rulebook activation.(AAP-37299)

10.8.5.2. Ansible Automation Platform Operator
Copy link

Fixed an issue where the pod affinity/anti-affinity was not configurable for the aap-gateway-operator to allow for pod placement on unique nodes.(AAP-42983)
Fixed an issue where Red Hat Ansible Lightspeed was incorrectly passing DAB settings.(AAP-43542)
Fixed an issue where the Lightspeed Operator WCA configuration was not optional.(AAP-42370)
Fixed an issue where status.conditions validation would not allow auto-reporting errors on CR statuses.(AAP-44081)
Fixed an issue where the Ansible Automation Platform gateway had the incorrect Lightspeed deployment name.(AAP-43837)
Fixed an issue where Lightspeed devel CRD was incompatible with 2.5 CRD.(AAP-43657)
Fixed an issue where status.conditions validation was not allowing auto-reporting errors on the CR statuses.(AAP-44083)
If the user is migrating between OpenShift Container Platform Operator on AAP 2.5 fails because of a postgres permission issue. The automation controller operator now grants permission to the automation controller user to avoid permissions errors when migrating the data.(AAP-44846)
Fixed an issue where there was an Intermittent 502 Bad Gateway error on Ansible Automation Platform 2.5 operator deployment.(AAP-44176)

10.8.5.3. Automation controller
Copy link

Fixed usage of Django password validator UserAttributeSimilarityValidator.(AAP-43046)
Fixed an issue where there was no lookup credential without user Inputs, and where the credential defaults were not passing between awx-plugins and AWX.(AAP-38589)
Fixed an issue where there was an incorrect deprecation warning for awx.awx.schedule_rrule.(AAP-43474)
Fixed an issue where facts were unintentionally deleted when an inventory is modified during a job execution.(AAP-39365)

10.8.5.4. Container based Ansible Automation Platform
Copy link

Fixed an issue where the paths to expose isolated jobs' settings did not work.(AAP-37599)

The ansible.gateway_configuration collection was replaced by ansible.platform.(AAP-44230)

Fixed an issue where the automation hub would fail to upload collections due to a missing worker temporary directory.(AAP-44166)

10.8.5.5. Event-Driven Ansible
Copy link

Fixed an issue where the log messages were not using the correct log level.(AAP-43607)
Fixed an issue where the ansible-rulebook logs were not logged into the activation-worker log.(AAP-43549)
Fixed an issue where the container was not always deleted correctly, or it missed the last output entries in VM based installations.(AAP-42935)
Fixed an issue where Event-Driven Ansible logging did not allow searching.(AAP-43338)
Fixed an issue where the rulebook activations and event streams would not remain due to a cascading delete after the user who created them was deleted.(AAP-41769)
Fixed an issue where the decision environment was not using the image to authenticate and pull successfully when using an image registry with a custom port.(AAP-41281)
Fixed an issue where timestamps were not formatted to the local timezone of the user.(AAP-38396)
Fixed an issue where the activation failed with the message It will attempt to restart (1/5) in 60 seconds according to the restart policy always, but it does not restart.(AAP-43969)
Fixed an issue where a race condition would occur while cleaning up activation in OpenShift Container Platform, causing unexpected behavior.(AAP-44108)
Fixed an issue where the Event-Driven Ansible logs showed no information about an internal server error.(AAP-42271)
Fixed an issue where there was a duplicate error message in the CLI.(AAP-41745)
Fixed an issue where Envoy was stripping the Authorization header from client requests.(AAP-44700)
Fixed an issue where Event-Driven Ansible had not selected a standard component for settings mechanism.(AAP-41684)
Fixed an issue where documentation was missing for Event-Driven Ansible source plugins.(AAP-8630)
Fixed an issue where there was a memory leak in Event-Driven Ansible using the ansible-rulebook sqs plugin.(AAP-42623)
Fixed an issue where rulebook activations were not editable or copyable either through the UI or API.(AAP-37294)
Fixed an issue where the rule engine used in ansible-rulebook was keeping events that do not match in memory for the default_events_ttl of two hours causing a memory leak.(AAP-44899)
Fixed an issue where there was a memory leak in Event-Driven Ansible using ansible-rulebook sqs plugin.(AAP-44899)
Fixed an issue where the rulebook activation module in the Event-Driven Ansible collection lacked support for restarting the activation.(AAP-42542)
Fixed an issue where AAP aliases were unable to be used to specify Event-Driven Ansible collection variables.(AAP-42280)

10.8.5.6. Red Hat Ansible Lightspeed Operator
Copy link

Fixed an issue where the auth_config_secret_name configuration in Lightspeed Operator was not optional in the automation controller.(AAP-44203)

10.8.5.7. Receptor
Copy link

Fixed an issue where the kube API would lock up on every call by moving kubeAPIWapperInstance inside each kubeUnit and removing kubeAPIWapperlocks.(AAP-43111)

10.8.5.8. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where platform gateway services were not aligned after restore with the target environment.
- Fixed an issue where old instance nodes were still registered in automation controller post restore.
- Fixed an issue where nginx would attempt to reload before the configuration was finalized.(AAP-44231)

10.9. Ansible Automation Platform patch release April 9, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
April 9, 2025	Automation controller 4.6.11 Automation hub 4.10.3 Event-Driven Ansible 1.1.7 Container-based installer Ansible Automation Platform (bundle) 2.5-12 Container-based installer Ansible Automation Platform (online) 2.5-12 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-11 RPM-based installer Ansible Automation Platform (online) 2.5-11

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1743660124
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1743660958

10.9.1. General
Copy link

The ansible.controller collection has been updated to 4.6.11.(AAP-43126)
Fixed an issue where authentication configuration for AzureAD/EntraId groups could not be used in authentication mapping.(AAP-42890)

10.9.2. Enhancements
Copy link

10.9.2.1. Container-based Ansible Automation Platform
Copy link

Implemented variables for applying extra_settings for automation controller, Event-Driven Ansible, platform gateway, and automation hub during installation.(AAP-42932)

10.9.3. Bug fixes
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-2877 ansible-rulebook: exposure of inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in Event-Driven Ansible.(AAP-42817)

10.9.3.1. Ansible Automation Platform
Copy link

Fixed an issue where job workflow templates failed with limits.(AAP-33726)
Fixed an issue where there was non-viable information disclosure for pen testing.(AAP-39977)

10.9.3.2. Ansible Automation Platform Operator
Copy link

Fixed an issue on the OpenShift Container Platform Route TLS termination that was always configured with the edge value.(AAP-42051)

10.9.3.3. Container based Ansible Automation Platform
Copy link

Fixed an issue where the restore to a new node would fail. Implemented validation and cleanup for service nodes on a restore to a new cluster.(AAP-42781)
Fixed an issue where podman logs did not show any log messages if the user was not part of the local administrator or systemd-journal group.(AAP-42755)
Fixed an issue where the containerized installer was unable to apply extra settings for automation controller, Event-Driven Ansible, platform gateway, and automation hub.(AAP-40798)
Fixed an issue where a remote user was not part of the systemd-journal group and could not access container logs.(AAP-42755)

10.9.3.4. Automation execution environments
Copy link

Fixed an issue where there was a Python 3.11 incompatibility by updating pykerberos to 1.2.4 in ee-minimal and ee-supported container images.(AAP-42428)

10.9.3.5. Event-Driven Ansible
Copy link

Fixed an issue where activations attached with some event streams could not be created in deployments configured with Postgresql with mTLS.(AAP-42268)

10.9.3.6. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where the token refresh prevented Event-Driven Ansible worker nodes from re-authenticating tokens.(AAP-42981)
Fixed an issue where the bundle installer failed to update automation controller and aap-metrics-utility in the same run.(AAP-42632)
Fixed an issue where platform UI was not loading when the platform gateway was on a FIPS enabled Red Hat Enterprise Linux 9.(AAP-39146)

10.9.4. Known Issues
Copy link

This section provides information about known issues in Ansible Automation Platform 2.5. Upgrade issues with the RPM installer.
Upgrading from Red Hat Enterprise Linux 9.4 to Red Hat Enterprise Linux 9.5 or later fails when running platform gateway version 2.5.20250409 or later. To upgrade to Red Hat Enterprise Linux 9.5 or later, follow the steps in this KCS article.
When upgrading Ansible Automation Platform 2.5, you must use the RPM installer version 2.5-11 or later. If you use an older installer, the installation might fail. If you encounter a failed installation using an earlier version of the installer, rerun the installation with version 2.5-11 or later.

10.10. Ansible Automation Platform patch release March 26, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
March 26, 2025	Platform gateway 2.5.20250326 Automation controller 4.6.10 Automation hub 4.10.3 Event-Driven Ansible 1.1.6 Container-based installer Ansible Automation Platform (bundle) 2.5-11.1 Container-based installer Ansible Automation Platform (online) 2.5-11 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-10 RPM-based installer Ansible Automation Platform (online) 2.5-10

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1742434024
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1742434756

10.10.1. General
Copy link

The ansible.controller collection has been updated to 4.6.10.(AAP-42242)
Service account support has been integrated into Ansible Automation Platform Analytics; service account credentials have replaced basic auth credentials when linking to Analytics.(AAP-39472)
- For more information, see the KCS article Configure Ansible Automation Platform to use service account credentials for authentication.

10.10.1.1. Deprecated
Copy link

Deprecated and suppressed the warning about ANSIBLE_COLLECTIONS_PATHS in the job output.(AAP-41566)

10.10.2. Bug fixes
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-27516 python3.11-jinja2: Jinja sandbox breakout through attr filter selecting format method.(AAP-42104)
CVE-2025-26699 python3.11-django: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-42107)
CVE-2025-26699 ansible-lightspeed-container: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-41138)
CVE-2025-27516 automation-controller: Jinja sandbox breakout through attr filter selecting format method.(AAP-41692)
CVE-2025-27516 ansible-lightspeed-container: Jinja sandbox breakout through attr filter selecting format method.(AAP-41690)

10.10.2.1. Ansible Automation Platform
Copy link

Fixed an issue when migrating user accounts with invalid email addresses, the process would print a message showing the user name of the user whose email address has been removed.(AAP-41675)
Fixed an issue that occurred after enabling automigration of user accounts from the previous SSO authenticator to a new authenticator, the user accounts from other Ansible Automation Platform services such as automation controller or automation hub, were not properly merged into one account, and the account on those services deleted.(AAP-42146)

10.10.2.2. Ansible Automation Platform Operator
Copy link

Fixed an issue where the legacy automation controller API information link on the automation controller redirect page was broken.(AAP-41510)
Fixed an issue where Ansible Automation Platform backups would fail when writing yaml to the PVC on OpenShift Container Platform clusters with OpenShift Container Platform Virtualization installed.(AAP-28609)

10.10.2.3. Automation controller
Copy link

Fixed an issue where Insights projects were failing on OpenShift Container Platform on Ansible Automation Platform, due to incorrectly specifying the extra vars path.(AAP-41874)
Fixed an issue where the host metrics for dark, unreachable hosts were being collected.(AAP-41567)
Fixed an issue where the system auditor could download the execution node install bundle.(AAP-37922)
Fixed an issue where the host record was added to HostMetric when the host had failures or unreachable tasks completed.(AAP-32094)

10.10.2.4. Automation hub
Copy link

Fixed an issue where the user could not delete automation hub teams on the resource API.(AAP-42158)
Fixed an issue where the retain_repo_versions was null for the validated repos.(AAP-42005)

10.10.2.5. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where preflight was not accounting for automationgateway being a CA server node.(AAP-41817)
Fixed an issue where platform gateway installations resulted in failures in environments with IPv6 due to nginx configuration timing.(AAP-41816)

10.10.3. Known Issues
Copy link

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.11. Ansible Automation Platform patch release March 12, 2025
Copy link

This release includes the following components and versions:

Expand

Release Date	Component versions
March 12, 2025	Automation controller 4.6.9 Automation hub 4.10.2 Event-Driven Ansible 1.1.6 Container-based installer Ansible Automation Platform (bundle) 2.5-11 Container-based installer Ansible Automation Platform (online) 2.5-11 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-9 RPM-based installer Ansible Automation Platform (online) 2.5-9

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1740093573
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1740094176

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.11.1. General
Copy link

The ansible.controller collection has been updated to 4.6.9.(AAP-41400)
ansible-lint has been updated to 25.1.2.(AAP-38116)
Fixed an issue where the bundle installer/ee-supported did not contain the latest collection versions. The following collections have been updated in the ee-supported and the bundle installer:
- amazon.aws 9.2.0
- ansible.windows 2.7.0
- arista.eos 10.0.1
- cisco.ios 9.1.1
- cisco.iosxr 10.3.0
- cisco.nxos 9.3.0
- cloud.common 4.0.0
- cloud.terraform 3.0.0
- kubernetes.core 5.1.0
- microsoft.ad 1.8.0
- redhat.openshift 4.0.1
- vmware.vmware 1.10.1
- vmware.vmware_rest 4.6.0.(AAP-39960)
Fixed an issue where ansible-rulebook did not support by default third party python libraries.(AAP-41341)

10.11.2. Features
Copy link

10.11.2.1. Event-Driven Ansible
Copy link

Adopts the new credential copy endpoint from the API.(AAP-41384)

10.11.3. Enhancements
Copy link

10.11.3.1. Event-Driven Ansible
Copy link

Event-Driven Ansible activation logging is now provided via the journald driver.(AAP-39745)
Rulebook activations' log message field is now separated into timestamps and message fields.(AAP-39743)
Moved ansible.eda collection from de-supported to de-minimal as elements of the collection are required for all Event-Driven Ansible images.(AAP-39749)

10.11.3.2. RPM-based Ansible Automation Platform
Copy link

The setup.sh script now has an option to collect sosreport.(AAP-40085)

10.11.4. Deprecated
Copy link

Deprecated the variables eda_main_url and hub_main_url in favor of the platform gateway proxy URL. Automation hub will now use the platform gateway proxy URL.(AAP-41306)

10.11.5. Bug fixes
Copy link

With this update, the following CVEs have been addressed:

CVE-2025-26791 automation-gateway: Mutation XSS in DOMPurify due to improper template literal handling.(AAP-40402)

10.11.5.1. Ansible Automation Platform
Copy link

Fixed an issue in the user collection module where running with state: present would cause a stack trace.(AAP-40887)
Fixed an issue that caused updates to SAML authenticators to ignore an updated public certificate provided via UI or API and then fail with the message The certificate and private key do not match.(AAP-40767)
Fixed an issue with the ServiceAuthToken destroy method to allow HTTP delete via ServiceAuth to work properly.(AAP-37630)

10.11.5.2. Platform gateway
Copy link

Fixed an issue that would prevent some types of resources from getting synced if there was a naming conflict.(AAP-41241)
Fixed an issue where the login failed for users who were members of a team or organization that had a naming conflict.(AAP-41240)
Fixed an issue where there would be 401 unauthorized errors thrown at random in the platform gateway UI.(AAP-41165)
Fixed an issue where services could not request cloud.redhat.com settings from the platform gateway using ServiceTokenAuth.(AAP-39649)

10.11.5.3. Automation controller
Copy link

Fixed an issue where upgrading was preventing automation controller administrator password to be set for the platform gateway administrator account.(AAP-40839)
Fixed an issue where the indirect host counting name recorded the hostname, instead of from the query result.(AAP-41033)
Fixed an issue where the OpaClient was not initializing properly after timeouts and retries.(AAP-40997)
Fixed an issue where automation controller was missing the service account credentials for analytics.(AAP-40769)
Fixed an issue where the ability to enable feature flags via the corresponding setting of the same name was not possible.(AAP-39783)
Fixed an issue where the DAB feature flags endpoints were not registered in the automation controller API.(AAP-39778)
Fixed an issue where the API was missing a helper method for fetching the service account token from sso.redhat.com.(AAP-39637)

10.11.5.4. Container-based Ansible Automation Platform
Copy link

Fixed an issue where the containerized installer was not creating receptor mesh connections between all automation controller nodes.(AAP-41102)
Fixed an issue where a default installation of the containerized Ansible Automation Platform was unable to use container groups.(AAP-40431)
Fixed an issue where errors would be hidden during Event-Driven Ansible status validation.(AAP-40021)
Fixed an issue where the polkit RPM package was not installed, therefore, not enabling user lingering.(AAP-39860)

10.11.5.5. Event-Driven Ansible
Copy link

Fixed an issue where the EDA_ACTIVATION_DB_HOST environment variable in the eda-initial-data container was missing.(AAP-41270)
Fixed an issue with the behavior of the ansible-rulebook and Event-Driven Ansible controller to help when an activation that was started correctly was considered unresponsive and was scheduled for a restart.(AAP-41070)
Fixed an issue where editing and copying of rulebook activations in the API were not allowed.(AAP-40254)
Fixed an issue where the activation was incorrectly restarted with the error message Missing container for running activation.(AAP-39545)
Fixed an issue where the Event-Driven Ansible server did not support PG Notify using certificates.(AAP-39294)
Fixed an issue where the user was not required to give a unique user defined name when copying a credential.(AAP-39079)
Fixed an issue where the image URL in the collection decision_environment testing was not OCI compliant.(AAP-39064)
Fixed an issue where when creating a new team with the same name should have propagated IntegrityError.(AAP-38941)
Fixed an issue where decision environment URLs were not validated against OCI specification to ensure successful authentication to the container registry when pulling the image.(AAP-38822)
Fixed an issue where the Activation module did not support the copy operation from other activations.(AAP-37306)

10.11.5.6. Receptor
Copy link

Fixed an issue where automation mesh receptor was creating too many inotify processes, and where the user would encounter a too many open files error.(AAP-22605)

10.11.5.7. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where the activation instance logs were missing in RPM deployments.(AAP-40886)
Fixed an issue where the managed CA would not correctly assign eligible groups during discovery, during installation, and backup and restore.(AAP-40277)
Fixed an issue where during an installation or upgrade, SELinux relabeling was not occurring even if new fcontext rules were added.(AAP-40489)
Fixed an issue where the credentials for execution environments and decision environments hosted in automation hub were incorrectly configured.(AAP-40419)
Fixed an issue where projects failed to sync due to incorrectly configured credentials for Ansible Automation Platform collections hosted in automation hub.(AAP-40418)

10.11.6. Known Issues
Copy link

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.12. Ansible Automation Platform patch release March 01, 2025
Copy link

This release includes the following components and versions:

Expand

Release date	Component versions
March 01, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10.2 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.3 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV versions in this release:

Namespace-scoped bundle: aap-operator.v2.5.0-0.1740773472
Cluster-scoped bundle: aap-operator.v2.5.0-0.1740774104

Important

An issue was found in affected versions of Ansible Automation Platform that enabled a lesser privileged user (even unauthenticated) promotion to a greater privileged user. All Ansible Automation Platform 2.5 customers should upgrade their environments to the latest version as soon as possible to resolve this issue. Ansible Automation Platform on Microsoft Azure and Ansible Automation Platform Service on AWS environments are already patched by Red Hat.

The following bug fixes have been implemented in this release of Ansible Automation Platform:

10.12.1. Bug fixes
Copy link

10.12.1.1. CVE
Copy link

With this update, the following CVE has been addressed:

CVE-2025-1801 automation-gateway: aap-gateway privilege escalation. (AAP-41180)

10.12.1.2. Platform gateway
Copy link

Fixed an issue that caused the API to randomly return 401 errors. (AAP-41054)

10.13. Ansible Automation Platform patch release February 25, 2025
Copy link

This release includes the following components and versions:

Expand

Release Date	Component versions
February 25, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10.1 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.2 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1740093573
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1740094176

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.13.1. Enhancements
Copy link

10.13.1.1. Platform gateway
Copy link

Previously gateway_proxy_url was used for the proxy health check, but is no longer used in favor of the ENVOY_HOSTNAME setting.(AAP-39907)

10.13.1.2. Event-Driven Ansible
Copy link

In the credential type schema the format field can be set to binary_base64 to specify a file should be loaded as a binary file.(AAP-36581)
- Sample Credential Type Schema
- Inputs Configuration
- fields:
  - id: keytab
  - type: string
  - label: Kerberos Keytab file
  - format: binary_base64 secret: true
  - help_text: Please select a Kerberos Keytab file
  - multiline: true

10.13.2. Bug fixes
Copy link

10.13.2.1. Ansible Automation Platform
Copy link

Fixed an issue where the subscription entitlement expiration notification was visible, even when the subscription was active.(AAP-39982)
Fixed an issue where upon UI reload/refresh, logs of a running job before the refresh would not appear until new logs were generated from the playbook.(AAP-38924)
Fixed an issue when the customer was unable to scale down replicas to put Ansible Automation Platform into idle mode.(AAP-39492)
After launching the Workflow Job Template, the launched job for a job template node in the workflow should contain the job_tags and skip_tags that were specified in the launch prompt step.(AAP-40395)
Fixed an issue where the user was not able to create a members role in Ansible Automation Platform 2.5.(AAP-37626)
Fixed an issue where a custom image showed Base64 encoded data.(AAP-26984)
Fixed an issue where a custom logo showed Base64 encoded data.(AAP-26909)
Fixed an issue that restricted users from executing jobs for which they had the correct permissions.(AAP-40398)
Fixed an issue where the workflow job template node extra vars were not saved.(AAP-40396)
Fixed an issue where the Creating and using execution environments guide had the incorrect ansible-core version.(AAP-40390)
Fixed an issue where you were not able to create a members role in Ansible Automation Platform 2.5.(AAP-40698)
Fixed an issue where the initial login to any of the services from platform gateway could result in the user being given access to the wrong account.(AAP-40617)
Fixed an issue where the service owned resources were not kept in sync with the platform gateway allowing for duplicate name values on user login.(AAP-40616)
Fixed an issue where users, organizations, and teams, became permanently out of sync if any user, organization, or team, was deleted from the platform gateway.(AAP-40615)
Fixed an issue where automation hub would fail to run the sync task if any users were deleted from the system.(AAP-40613)

10.13.2.2. Platform gateway
Copy link

Fixed an issue where ping and status checks with resolvable, but nonresponding, URLs could cause all platform gateway uwsgi workers to hang until all were exhausted. The new settings are PING_PAGE_CHECK_TIMEOUT and PING_PAGE_CHECK_IGNORE_CERT.(AAP-39907)

10.13.2.3. Event-Driven Ansible
Copy link

Fixed an issue where credentials could be copied in AAP but could not be copied in Event-Driven Ansible.(AAP-35875)

10.13.2.4. Known Issues
Copy link

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying the platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.14. Ansible Automation Platform patch release February 13, 2025
Copy link

This release includes the following components and versions:

Expand

Release Date	Component versions
February 13, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.1 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1738808953
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1738809624

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.14.1. New Features
Copy link

10.14.1.1. Ansible Automation Platform
Copy link

Keycloak now allows for the configuration of the claim key/name for the field containing a user’s group membership returned in the ID token and/or user info data. This can be configured by setting the GROUPS_CLAIM configuration value on a per-authenticator plugin basis as was done for the OIDC plugin.(AAP-38720)

10.14.2. Enhancements
Copy link

10.14.2.1. General
Copy link

The ansible.controller collection has been updated to 4.6.8.(AAP-39848)
ansible.platform collection has been updated to 2.5.20250213.(AAP-39740)
ansible.eda collection has been updated to 2.4.0.(AAP-39577)

10.14.2.2. Ansible Automation Platform
Copy link

It is now possible to configure automation hub without Redis PVC.(AAP-39600)

10.14.2.3. Automation controller
Copy link

This release sees the addition of client_id and client_secret fields to the Insights credential to support service accounts via console.redhat.com.(AAP-36565)
You are now able to specify the input for the client_id and client_secret for the insights credential via the awx.awx.credential_type module.(AAP-37441)
Updated awxkit by adding service account support for Insights credential type, specifically adding the fields client_id and client_secret to credential_input_fields.(AAP-39352)

10.14.2.4. Automation execution environments
Copy link

The file command has been added to ee-minimal and ee-supported container images.(AAP-40009)

10.14.3. Bug fixes
Copy link

10.14.3.1. Migration
Copy link

Fixed an issue where after upgrading Ansible Automation Platform from 2.4 to 2.5, many of the surveys that had multiple choice options displayed a blank space in the drop down menu.(AAP-35093)

10.14.3.2. Ansible Automation Platform
Copy link

Fixed a bug in the collections token module where it was unable to find an application if multiple organizations had the same application name.(AAP-38625)
Fixed an issue where upgrading Ansible Automation Platform 2.5 caused an occasional internal server error for all users with Event-Driven Ansible and Automation hub post upgrade.(AAP-39293)
Fixed an issue where the administrator was not allowed to configure auto migration of legacy authenticators.(AAP-39949)
Fixed an issue where there were two launch/relaunch icons displayed from the jobs list for failed jobs.(AAP-38483)
Fixed an issue where the Schedules Add wizard returned a RequestError Not Found.(AAP-37909)
Fixed an issue where the EC2 Inventory Source type required credentials, which is not necessary when using IAM instance profiles.(AAP-37346)
Fixed an issue when attempting to assign the Automation Decisions - Organization Admin role to a user in an organization resulted in the error, Not managed locally, use the resource server instead. Administrators can now be added by using the Organization → Administrators tab.(AAP-37106)
Fixed an issue where when updating a workflow node, the Job Tags were lost and Skip Tags were not saved.(AAP-35956)
Fixed an issue where new users who logged in with legacy authentication were not merged when switching to Gateway authentication.(AAP-40120)
Fixed an issue where the user was unable to link legacy SSO accounts to Gateway.(AAP-40050)
Fixed an issue where updating Ansible Automation Platform to 2.5 caused an Internal Service Error for all users with Event-Driven Ansible and Automation hub post upgrade. The migration process will now detect and fix users who were created in services via JWT auth and improperly linked to the service instead of the platform gateway.(AAP-39914)

10.14.3.3. Ansible Automation Platform Operator
Copy link

Fixed an issue where AnsibleWorkflow custom resources would not parse and utilize extra_vars if specified.(AAP-39005)

10.14.3.4. Automation controller
Copy link

Fixed an issue where when an Azure credential was created using awxkit, the creation failed because the parameter client_id was added to the input fields while the API was not expecting it.(AAP-39846)
Fixed an issue where the job schedules were running at incorrect times when that schedule’s start time fell within a Daylight Saving Time period.(AAP-39826)

10.14.3.5. Automation hub
Copy link

Fixed an issue where the use of empty usernames and passwords when creating a remote registry was not allowed.(AAP-26462)

10.14.3.6. Container-based Ansible Automation Platform
Copy link

Fixed an issue where the containerized installer had no preflight check for the Postgres version of an external database.(AAP-39727)
Fixed an issue where the containerized installer could not register other peers in the database.(AAP-39470)
Fixed an issue where there was a missing installation user UID check.(AAP-39393)
Fixed an issue where Postgresql connection errors would be hidden during its configuration.(AAP-39389)
Fixed an issue in the preflight check regression when the TLS private key provided is not an RSA type.(AAP-39816)

10.14.3.7. Event-Driven Ansible
Copy link

Fixed an issue where the Generate extra vars button did not handle file/env injected credentials.(AAP-36003)

10.14.3.8. Known Issues
Copy link

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying the platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.15. Ansible Automation Platform patch release January 29, 2025
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.15.1. Enhancements
Copy link

10.15.1.1. Ansible Automation Platform
Copy link

Using PostgreSQL TLS certificate authentication with an external database is now available.(AAP-38400)

10.15.1.2. Event-Driven Ansible
Copy link

The ansible.eda collection has been updated to 2.3.1.(AAP-39057)
Users are now able to create a new Event-Driven Ansible credential by copying an existing one.(AAP-39249)
Added support for file and env injectors for credentials.(AAP-39091)

10.15.1.3. RPM-based Ansible Automation Platform
Copy link

Implemented certificate authentication support (mTLS) for external databases.
- Postgresql TLS certificate authentication is available for external databases.
- Postgresql TLS certificate authentication can be turned on/off (off by default for backward compatibility).
- Each component, automation controller, Event-Driven Ansible, platform gateway, and automation hub, now provides off the shelf (OTS) TLS certificate and key files (mandatory).(AAP-38400)

10.15.2. Bug fixes
Copy link

10.15.2.1. CVE
Copy link

With this update, the following CVEs have been addressed:

CVE-2024-56326 python3.11-jinja2: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38852)
CVE-2024-56374 ansible-lightspeed-container: Potential denial-of-service vulnerability in IPv6 validation.(AAP-38647)
CVE-2024-56374 python3.11-django: potential denial-of-service vulnerability in IPv6 validation.(AAP-38630)
CVE-2024-53907 python3.11-django: Potential denial-of-service in django.utils.html.strip_tags().(AAP-38486)
CVE-2024-56201 python3.11-jinja2: Jinja has a sandbox breakout through malicious filenames.(AAP-38331)
CVE-2024-56374 automation-controller: Potential denial-of-service vulnerability in IPv6 validation.(AAP-38648)
CVE-2024-56201 automation-controller: Jinja has a sandbox breakout through malicious filenames.(AAP-38081)
CVE-2024-56326 automation-controller: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38058)

10.15.2.2. Automation controller
Copy link

Fixed an issue where the order of source inventories was not respected by the collection ansible.controller.(AAP-38524)
Fixed an issue where an actively running job on an execution node may have had its folder deleted by a system task. This fix addresses some Failed to JSON parse a line from worker stream type errors.(AAP-38137)

10.15.2.3. Container-based Ansible Automation Platform
Copy link

The inventory file variable postgresql_admin_username is no longer required when using an external database. If you do not have database administrator credentials, you can supply the database credentials for each component in the inventory file instead.(AAP-39077)

10.15.2.4. Event-Driven Ansible
Copy link

Fixed an issue where the application version in the openapi spec was incorrectly set.(AAP-38392)
Fixed an issue where activations were not properly updated in some scenarios with a high load of the system. (AAP-38374)
Fixed an issue where users were unable to filter Rule Audits by rulebook activation name.(AAP-39253)
Fixed an issue where the input field of the injector configuration could not be empty.(AAP-39086)

10.15.2.5. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where setting automationedacontroller_max_running_activations could cause the installer to fail. (AAP-38708)
Fixed an issue where the platform gateway services are not restarted when a dependency changes.(AAP-38918)
Fixed an issue where the platform gateway could not be setup with custom SSL certificates.(AAP-38985)

10.16. Ansible Automation Platform patch release January 22, 2025
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.16.1. Enhancements
Copy link

10.16.1.1. Ansible Automation Platform
Copy link

Legacy Auth SSO URL settings are now customizable if needed for gateway, controller, and hub overrides passed on the Ansible Automation Platform CR if provided. This is mainly useful if you are using a custom ingress controller.(AAP-37364)

10.16.2. Bug fixes
Copy link

10.16.2.1. Ansible Automation Platform
Copy link

Fixed an issue where there was a service_id mismatch between gateway and Event-Driven Ansible which was causing activation rulebooks to fail.(AAP-38172)

Note

This fix applies to OpenShift Container Platform only.

10.17. Ansible Automation Platform patch release January 15, 2025
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.17.1. Enhancements
Copy link

10.17.1.1. Ansible Automation Platform
Copy link

With this update, the ansible.controller collection has been updated to 4.6.6.(AAP-38443)
Enhanced the status API, /api/gateway/v1/status/, from the services property within the JSON to an array. Consumers of this API can still request the previous format with a URL query parameter service_keys=true.(AAP-37903)

10.17.1.2. Ansible Automation Platform Operator
Copy link

Added the ability to configure topology_spread_constraints, `node_selector, and `tolerations for gateway deployments. (AAP-37193)

10.17.1.3. Container-based Ansible Automation Platform
Copy link

TLS certificate and key files are now validated during the preflight role execution.
- If the TLS certificate file is provided then the TLS key file must be provided.
- If the TLS key file is provided then the TLS certificate file must be provided.
- Both TLS certificate and key modulus should match.(AAP-37845)

10.17.2. Bug fixes
Copy link

10.17.2.1. CVE
Copy link

With this update, the following CVEs have been addressed:

CVE-2024-52304 python3.11-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions.(AAP-36192)
CVE-2024-55565 automation-gateway: nanoid mishandles non-integer values.(AAP-37168)
CVE-2024-53908 automation-controller: Potential SQL injection in HasKey(lhs, rhs) on Oracle.(AAP-36769)
CVE-2024-53907 automation-controller: Potential denial-of-service in django.utils.html.strip_tags().(AAP-36756)
CVE-2024-11407 automation-controller: Denial-of-Service through data corruption in gRPC-C++.(AAP-36745)
CVE-2024-52304 ansible-lightspeed-container: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions.(AAP-36185)
CVE-2024-56201 ansible-lightspeed-container: Jinja has a sandbox breakout through malicious filenames.(AAP-38079)
CVE-2024-56326 ansible-lightspeed-container: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38056)
CVE-2024-11407 ansible-lightspeed-container: Denial-of-Service through data corruption in gRPC-C++.(AAP-36744)

10.17.2.2. Red Hat Ansible Automation Platform
Copy link

Fixed not found error that occurred occasionally when navigating through the form wizards.(AAP-37495)
Fixed an issue where installing ansible-core no longer installs python3-jmespath on Red Hat Enterprise Linux 8.(AAP-18251)
Fixed an issue where ID_KEY attribute was improperly used to determine the username field in social auth pipelines.(AAP-38300)
Fixed an issue where authenticator could create a userid and return a non-viable authenticator_uid.(AAP-38021)
Fixed an issue where a private key was displayed in plain text when downloading the OpenAPI schema file. This was not the private key used by gateway, but a random default key.(AAP-37843)

10.17.2.3. Automation controller
Copy link

Fixed an issue that did not allow sending job_lifecycle logs to external aggregators.(AAP-37537)
Fixed an issue where there was a date comparison mismatch for traceback from host_metric_summary_monthly task.(AAP-37487)
Fixed an issue where the scheduled jobs with count set to a non-zero value would run unexpectedly. (AAP-37290)
Fixed an issue where a project’s requirements.yml could revert to a prior state in a cluster. (AAP-37228)
Fixed an issue where there would be an occasional error creating the event partition table before starting a job, when a large number of jobs were launched quickly. (AAP-37227)
Fixed an issue where temporary receptor files were not cleaned up after a job completed on nodes. (AAP-36904)
Fixed an issue where POST to /api/controller/login/ via the gateway resulted in a fatal response.(AAP-33911)
Fixed an issue when a job template was launched, the named URL returned a 404 error code.(AAP-37025)

10.17.2.3.1. Container-based Ansible Automation Platform
Copy link

Fixed an issue where the receptor TLS certificate content was not validated during the preflight role execution ensuring that the x509 Subject Alt Name (SAN) field contains the required ISO Object Identifier (OID) 1.3.6.1.4.1.2312.19.1. (AAP-37880)
Fixed an issue where the Postgresql SSL mode variables for controller, Event-Driven Ansible, gateway and automation hub were not validated during the preflight role execution. (AAP-37352)
Fixed an issue where the Ansible Automation Platform containerized setup installation would upload collections when inventory growth in the AIO installation was used.(AAP-38372)
Fixed an issue where the throttle capacity of controller in an AIO installation would allow for performance degradation.(AAP-38207)

10.17.2.4. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where adding a new automation hub host to an upgraded environment has caused the installation to fail. (AAP-38204)
Fixed an issue where the link to the documents in the installer README.md was broken. (AAP-37627)
Fixed an issue where the Gateway API status on Event-Driven Ansible proxy component returned 404 errors. (AAP-32816)

10.18. Ansible Automation Platform patch release December 18, 2024
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.18.1. Enhancements
Copy link

10.18.1.1. Ansible Automation Platform
Copy link

Added help text to all missing fields in Ansible Automation Platform gateway and django-ansible-base. (AAP-37068)
Consistently formatted sentence structure for help_text, and provided more context in the help text where it was vague.(AAP-37016)
Added dynamic preferences for usage by Automation Analytics.(AAP-36710)
- INSIGHTS_TRACKING_STATE: Enables the service to gather data on automation and send it to Automation Analytics.
- RED_HAT_CONSOLE_URL: This setting is used to to configure the upload URL for data collection for Automation Analytics.
- REDHAT_USERNAME: Username used to send data to Automation Analytics.
- REDHAT_PASSWORD: Password for the account used to send data to Automation Analytics.
- SUBSCRIPTIONS_USERNAME: Username is used to retrieve subscription and content information.
- SUBSCRIPTIONS_PASSWORD: Password is used to retrieve subscription and content information.
- AUTOMATION_ANALYTICS_GATHER_INTERVAL: interval in seconds at which Automation Analytics gathers data.
Added an enabled flag for turning authenticator maps on or off. (AAP-36709)
aap-metrics-utility has been updated to 0.4.1. (AAP-36393)
Added the setting trusted_header_timeout_in_ns to timegate X_TRUSTED_PROXY_HEADER validation in the django-ansible-base libraries used by Ansible Automation Platform components. (AAP-36712)

10.18.1.2. Documentation updates
Copy link

With this update, the Ansible Automation Platform Operator growth topology and Ansible Automation Platform Operator enterprise topology have been updated to include s390x (IBM Z) architecture test support.

10.18.1.3. Event-Driven Ansible
Copy link

Extended the scope of the log_level and debug settings. (AAP-33669)
A project can now be synced with the Event-Driven Ansible collection modules. (AAP-32264)
In the Rulebook activation create form, selecting a project is now required before selecting a rulebook.(AAP-28082)
The Create credentials button is now visible irrespective of whether there are any existing credentials or not.(AAP-23707)

10.18.2. Bug fixes
Copy link

10.18.2.1. General
Copy link

Fixed an issue where django-ansible-base fallback cache kept creating a tmp file even if the LOCATION was set to another path.(AAP-36869)
Fixed an issue where the OIDC authenticator was not allowed to use the JSON key to extract user groups, or for a user to be modified via the new GROUPS_CLAIM configuration setting.(AAP-36716)

With this update, the following CVEs have been addressed:

CVE-2024-11079 ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core.(AAP-35563)
CVE-2024-53908 ansible-lightspeed-container: Potential SQL injection in HasKey(lhs, rhs) on Oracle.(AAP-36767)
CVE-2024-53907 ansible-lightspeed-container: Potential denial-of-service in django.utils.html.strip_tags().(AAP-36755)
CVE-2024-11483 which allowed users to escape the scope of their personal access OAuth2 tokens, from read-scoped to read-write-scoped, in the gateway.(AAP-36261)

10.18.2.2. Red Hat Ansible Automation Platform
Copy link

Fixed an issue where when role user assignments were queried in the platform UI, the query is successful about 75% of the time.(AAP-36872)
Fixed an issue where the user was unable to filter job templates by label in Ansible Automation Platform 2.5.(AAP-36540)
Fixed an issue where it was not possible to open a job template after removing the user that created the template.(AAP-35820)
Fixed an issue where the inventory source update failed, and did not allow selection of the inventory file.(AAP-35246)
Fixed an issue where the Login Redirect Override setting was missing and not functioning as expected in Ansible Automation Platform 2.5.(AAP-33295)
Fixed an issue where users were able to select a credential that required a password when defining a schedule.(AAP-32821)
Fixed an issue where the job output did not show unless you switched tabs. This also fixed other display issues.(AAP-31125)
Fixed an issue where adding a new Automation Decision role to a team did not work from the Access Management → Teams navigation path.(AAP-31873)
Fixed an issue where migration was missing from Ansible Automation Platform.(AAP-37015)
Fixed an issue where the gateway OAuth token was not encrypted at rest.(AAP-36715)
Fixed an issue where the API forces the user to save a service with an API port even if one does not exist.(AAP-36714)
Fixed an issue where the Gateway did not properly interpret SAML attributes for mappings.(AAP-36713)
Fixed an issue where non-self-signed certificate+key pairs were allowed to be used in SAML authenticator configurations.(AAP-36707)
Fixed an issue where the login page was not redirecting to /api/gateway/v1 if a user was already logged in.(AAP-36638)

10.18.2.3. Ansible automation hub
Copy link

When configuring an Ansible Remote to sync collections from other servers, a requirements file is only required for syncs from Galaxy, and optional otherwise. Without a requirements file, all collections are synced.(AAP-31238)

10.18.2.3.1. Container-based Ansible Automation Platform
Copy link

Fixed an issue that allowed automation controller nodes to override the receptor_peers variable. (AAP-37085)
Fixed an issue where the containerized installer ignored receptor_type for automation controller hosts and always installed them as hybrid.(AAP-37012)
Fixed an issue where Podman was not present in the task container, and the cleanup image task failed.(AAP-37011)
Fixed an issue where only one automation controller node was configured with Execution/Hop node peers rather than all automation controller nodes.(AAP-36851)
Fixed an issue where the automation controller services lost connection to the database, where the containers are stopped and the systemd unit does not try to restart.(AAP-36850)
Fixed an issue where receptor_type and receptor_protocol variables validation checks were skipped during the preflight role execution.(AAP-36857)

10.18.2.4. Event-Driven Ansible
Copy link

Fixed an issue where the url field of the event stream was not updated if EDA_EVENT_STREAM_BASE_URL setting changed. (AAP-33819)
Fixed an issue where Event-Driven Ansible and automation controller fields were pre-populated with gateway credentials when secret: true is set on custom credentials.(AAP-33188)
Fixed an issue where the bulk removal of selected role permissions disappeared when more than 4 permissions were selected.(AAP-28030)
Fixed an issue where Enabled options had its own scrollbar on the Rulebook Activation Details page.(AAP-31130)
Fixed an issue where the status of an activation was occasionally inconsistent with the status of the latest instance after a restart.(AAP-29755)
Fixed an issue where importing a project from a non-existing branch resulted in the completed state instead of a Failed status.(AAP-29144)
Fixed an issue with respect to the custom credential types where if the user clicked The generate extra vars before the fields: key in the input configuration it would create an empty line that is uneditable.(AAP-28084)
Fixed an issue where the project sync would not fail on an empty or unstructured git repository.(AAP-35777)
Fixed an issue where rulebook validation import/sync fails when a rulebook has a duplicated rule name.(AAP-35164)
Fixed an issue where the Event Driven Ansible API allowed a credential’s type to be changed.(AAP-34968)
Fixed an issue where a previously failed project could be accidentally changed to completed after a resync.(AAP-34744)
Fixed an issue where no message was recorded when a project did not contain any rulebooks.(AAP-34555)
Fixed an issue where the name for credentials in the rulebook activation form field was not updated.(AAP-34123)
Updated the message for the rulebook activation/event streams for better clarity.(AAP-33485)
Fixed an issue where the source plugin was not able to use the env vars to establish a successful connection to the remote source.(AAP-35597)
Fixed an issue in the collection where the activation module failed with a misleading error message if the rulebook, project, decision environment, or organization, could not be found.(AAP-35360)
Fixed an issue where the validation a host specified as part of a container registry credential did not conform to container registry standards. The specified host was previously able to use a non-syntactically valid host (name or net address) and optional port value (<valid-host>[:<port>]). The validation is now applied when creating a credential as well as when modifying an existing credential regardless of fields being modified.(AAP-34969)
Fixed an issue whereby multiple Red Hat Ansible Automation Platform credentials were being attached to activations.(AAP-34025)
Fixed an issue where there was an erroneous dependency on the existence of an organization named Default.(AAP-33551)
Fixed an issue where occasionally an activation is reported as running, before it is ready to receive events.(AAP-31225)
Fixed an issue where the user could not edit auto-generated injector vars while creating Event-Driven Ansible custom credentials.(AAP-29752)
Fixed an issue where in some cases the file_watch source plugin in an Event-Driven Ansible collection raised the QueueFull exception.(AAP-29139)
Fixed an issue where the Event-Driven Ansible database increased in size continuously, even if the database was unused. Addend the purge_record script to clean up outdated database records.(AAP-30684)

10.19. Ansible Automation Platform patch release December 3, 2024
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.19.1. Enhancements
Copy link

10.19.1.1. Ansible Automation Platform
Copy link

Red Hat Ansible Lightspeed has been updated to 2.5.241127.(AAP-35307)
redhat.insights Ansible collection has been updated to 1.3.0.(AAP-35161)
ansible.eda collection has been updated to 2.2.0 in execution environment and decision environment images.(AAP-3398)

10.19.1.2. Ansible Automation Platform Operator
Copy link

With this update, you can set PostgreSQL SSL/TLS mode to verify-full or verify-ca with the proper sslrootcert configuration in the automation hub Operator.(AAP-35368)

10.19.1.3. Container-based Ansible Automation Platform
Copy link

With this update, ID and Image fields from a container image are used instead of Digest and ImageDigest to trigger a container update.(AAP-36575)
With this update, you can now update the registry URL value in Event-Driven Ansible credentials.(AAP-35085)
With this update, the kernel.keys.maxkeys and kernel.keys.maxbytes settings are increased on systems with large memory configuration.(AAP-34019)
Added ansible_connection=local to the inventory-growth file and clarified its usage.(AAP-34016)

10.19.1.4. Documentation updates
Copy link

With this update, the Container growth topology and Container enterprise topology have been updated to include s390x (IBM Z) architecture test support.(AAP-35969)

10.19.1.5. RPM-based Ansible Automation Platform
Copy link

With this update, you can now update the registry URL value in Event-Driven Ansible credentials.(AAP-35162)

10.19.2. Bug fixes
Copy link

10.19.2.1. General
Copy link

With this update, the following CVEs have been addressed:

CVE-2024-52304 automation-controller: aiohttp vulnerable to request smuggling due to wrong parsing of chunk extensions.

10.19.2.2. Ansible Automation Platform Operator
Copy link

With this update, missing Ansible Automation Platform Operator custom resource definitions (CRDs) are added to the aap-must-gather container image.(AAP-35226)
Disabled platform gateway authentication in the proxy configuration to prevent HTTP 502 errors when the control plane is down.(AAP-36527)
The Red Hat favicon is now correctly displayed on automation controller and Event-Driven Ansible API tabs.(AAP-30810)
With this update, the automation controller admin password is now reused during upgrade from Ansible Automation Platform 2.4 to 2.5.(AAP-35159)
Fixed undefined variable (_controller_enabled) when reconciling an AnsibleAutomationPlatformRestore. Fixed automation hub Operator pg_restore error on restores due to a wrong database secret being set.(AAP-35815)

10.19.2.3. Automation controller
Copy link

Updated the minor version of uWSGI to obtain updated log verbiage.(AAP-33169)
Fixed job schedules running at the wrong time when the rrule interval was set to HOURLY or MINUTELY.(AAP-36572)
Fixed an issue where sensitive data was displayed in the job output.(AAP-35584)
Fixed an issue where unrelated jobs could be marked as a dependency of other jobs.(AAP-35309)
Included pod anti-affinity configuration on default container group pod specification to optimally spread workload.(AAP-35055)

10.19.2.4. Container-based Ansible Automation Platform
Copy link

With this update, you cannot change the postgresql_admin_username value when using a managed database node.(AAP-36577)
Added update support for PCP monitoring role.
Disabled platform gateway authentication in the proxy configuration to prevent HTTP 502 errors when the control plane is down.
With this update, you can use dedicated nodes for the Redis group.
Fixed an issue where disabling TLS on platform gateway would cause installation to fail.
Fixed an issue where disabling TLS on platform gateway proxy would cause installation to fail.
Fixed an issue where platform gateway uninstall would leave container systemd unit files on disk.
Fixed an issue where the automation hub container signing service creation failed when hub_collection_signing=false but hub_container_signing=true.
Fixed an issue with the HOME environment variable for receptor containers which would cause a “Permission denied” error on the containerized execution node.
Fixed an issue where not setting up the GPG agent socket properly when many hub nodes are configured, resulted in not creating a GPG socket file in /var/tmp/pulp.
With this update, you can now change the platform gateway port value after the initial deployment.

10.19.2.5. Receptor
Copy link

Fixed an issue that caused a Receptor runtime panic error.

10.19.2.6. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where the metrics-utility command failed to run after updating automation controller.
Fixed the owner and group permissions on the /etc/tower/uwsgi.ini file.
Fixed an issue where not having eda_node_type defined in the inventory file would result in backup failure.
Fixed an issue where not having routable_hostname defined in the inventory file would result in a restore failure.
With this update, the inventory-growth file is now included in the RPM installer.
Fixed an issue where the dispatcher service went into FATAL status and failed to process new jobs after a database outage of a few minutes.
Disabled platform gateway authentication in the proxy configuration to allow access to the UI when the control plane is down.
With this update, the Receptor data directory can now be configured using the receptor_datadir variable.

10.20. Ansible Automation Platform patch release November 18, 2024
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.20.1. Enhancements
Copy link

With this release, a redirect page has now been implemented that will be exhibited when you navigate to the root / for each component’s stand-alone URL. The API endpoint remains functional. This affects Event-Driven Ansible, automation controller, Ansible Automation Platform Operator, and OpenShift Container Platform.

10.20.2. Bug fixes
Copy link

10.20.2.1. General
Copy link

With this update, the following CVEs have been addressed:

CVE-2024-9902 ansible-core: Ansible-core user may read/write unauthorized content.

CVE-2024-8775 ansible-core: Exposure of sensitive information in Ansible vault files due to improper logging.

10.20.2.2. Ansible Automation Platform
Copy link

Fixed an issue where the user was unable to filter out hosts on inventory groups where it returned a Failed to load options on Ansible Automation Platform UI.(AAP-34752)

10.20.2.3. Execution Environment
Copy link

Update pywinrm to 0.4.3 in ee-minimal and ee-supported container images to fix Python 3.11 compatibility.(AAP-34077)

10.20.2.4. Ansible Automation Platform Operator
Copy link

Fixed a syntax error when bundle_cacert_secret was defined due to incorrect indentation.(AAP-35358)
Fixed an issue where the default operator catalog for Ansible Automation Platform aligned to cluster-scoped versus namespace-scoped.(AAP-35313)
Added the ability to set tolerations and node_selector for the Redis statefulset and the gateway deployment.(AAP-33192)
Ensure the platform URL status is set when Ingress is used to resolve an issue with Microsoft Azure on Cloud managed deployments. This is due to the Ansible Automation Platform operator failing to finish because it is looking for OpenShift Container Platform routes that are not available on Azure Kubernetes Service.(AAP-34036)
Fixed an issue where the Ansible Automation Platform Operator description did not render code block correctly.(AAP-34589)
It is necessary to specify the CONTROLLER_SSO_URL and AUTOMATION_HUB_SSO_URL settings in Gateway to fix the OIDC auth redirect flow.(AAP-34080)
It is necessary to set the SERVICE_BACKED_SSO_AUTH_CODE_REDIRECT_URL setting to fix the OIDC auth redirect flow.(AAP-34079)

10.20.2.5. Container-based Ansible Automation Platform
Copy link

Fixed an issue when the port value was not defined in the gateway_main_url variable, the containerized installer failed with incorrect execution environment image reference error.(AAP-34716)
Fixed an issue where the containerized installer used port number when specifying the image_url for a decision environment. The user should not add a port to image URLs when using the default value.(AAP-34070)

10.20.2.6. RPM-based Ansible Automation Platform
Copy link

Fixed an issue where not setting up the gpg agent socket properly when multiple hub nodes are configured resulted in not creating a gpg socket file in /var/run/pulp.(AAP-34067)

10.20.2.7. Ansible development tools
Copy link

Fixed an issue where missing data files were not included in the molecule RPM package.(AAP-35758)

10.21. Ansible Automation Platform patch release October 28, 2024
Copy link

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.21.1. Enhancements
Copy link

10.21.1.1. Ansible Automation Platform
Copy link

With this update, upgrades from Ansible Automation Platform 2.4 to 2.5 are supported for RPM and Operator-based deployments. For more information on how to upgrade, see RPM upgrade and migration. (ANSTRAT-809)
- Upgrades from 2.4 Containerized Ansible Automation Platform Tech Preview to 2.5 Containerized Ansible Automation Platform are unsupported.
- Upgrades for Event-Driven Ansible are unsupported from Ansible Automation Platform 2.4 to Ansible Automation Platform 2.5.

10.21.1.2. Ansible Automation Platform Operator
Copy link

An informative redirect page is now shown when you go to the automation hub URL root. (AAP-30915)

10.21.1.3. Container-based Ansible Automation Platform
Copy link

The TLS Certificate Authority private key can now use a passphrase. (AAP-33594)
Automation hub is populated with container images (decision and execution environments) and Ansible collections. (AAP-33759)
The automation controller, Event-Driven Ansible, and automation hub legacy UIs now display a redirect page to the Platform UI rather than a blank page. (AAP-33794)

10.21.1.4. RPM-based Ansible Automation Platform
Copy link

Added platform Redis to RPM-based Ansible Automation Platform. This allows a 6 node cluster for a Redis high availability (HA) deployment. Removed the variable aap_caching_mtls and replaced it with redis_disable_tls and redis_disable_mtls which are boolean flags that disable Redis server TLS and Redis client certificate authentication. (AAP-33773)
An informative redirect page is now shown when going to automation controller, Event-Driven Ansible, or automation hub URL. (AAP-33827)

10.21.2. Bug fixes
Copy link

10.21.2.1. Ansible Automation Platform
Copy link

Removed the Legacy external password option from the Authentication Type list. (AAP-31506)
Ansible Galaxy’s sessionauth class is now always the first in the list of authentication classes so that the platform UI can successfully authenticate. (AAP-32146)
CVE-2024-10033 - automation-gateway: Fixed a Cross-site Scripting (XSS) vulnerability on the automation-gateway component that allowed a malicious user to perform actions that impact users.
CVE-2024-22189 - receptor: Resolved an issue in quic-go that would allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs.

10.21.2.2. Automation controller
Copy link

CVE-2024-41989 - automation-controller: Before this update, in Django, if floatformat received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. With this update, decimals with more than 200 digits are now returned as is.
CVE-2024-45230 - automation-controller: Resolved an issue in Python’s Django urlize() and urlizetrunc() functions where excessive input with a specific sequence of characters would lead to denial of service.

10.21.2.3. Automation hub
Copy link

Refactored the dynaconf hooks to preserve the necessary authentication classes for Ansible Automation Platform 2.5 deployments. (AAP-31680)
During role migrations, model permissions are now re-added to roles to preserve ownership. (AAP-31417)

10.21.2.4. Ansible Automation Platform Operator
Copy link

The port is now correctly set when configuring the platform gateway cache redis_host setting when using an external Redis cache. (AAP-33279)
Added checksums to the automation hub deployments so that pods are cycled to pick up changes to the PostgreSQL configuration and galaxy server settings Kubernetes secrets. (AAP-33518)

10.21.2.5. Container-based Ansible Automation Platform
Copy link

Fixed the uninstall playbook execution when the environment was already uninstalled. (AAP-32981)

10.22. Ansible Automation Platform patch release October 14, 2024
Copy link

The following fixes have been implemented in this release of Red Hat Ansible Automation Platform.

10.22.1. Fixed issues
Copy link

10.22.1.1. Ansible Automation Platform
Copy link

Fixed an issue in platform gateway where examining output logs for UWSGI shows a message that can be viewed as insensitive. (AAP-33213)
Fixed external Redis port configuration issue, which resulted in a cluster_host error when trying to connect to Redis. (AAP-32691)
Fixed a faulty conditional which was causing managed Redis to be deployed even if an external Redis was being configured. (AAP-31607)
After the initial deployment of Ansible Automation Platform, if you make changes to the automation controller, automation hub, or Event-Driven Ansible sections of the Ansible Automation Platform CR specification, those changes are now propagated to the component custom resources. (AAP-32350)
Fixed addressing issues when the filter keep_keys is used, all keys are removed from the dictionary. The keepkey fix is available in the updated ansible.utils collection. (AAP-32960)
Fixed an issue in cisco.ios.ios_static_routes where the metric distance is to be populated in the forward_router_address attribute. (AAP-32960)
Fixed an issue where Ansible Automation Platform Operator is not transferring metric settings to the controller. (AAP-32073)
Fixed an issue where you have a schedule on a resource, such as a job template, that prompts for credentials, and you update the credential to be different from what is on the resource by default, the new credential is not submitted to the API and it does not get updated. (AAP-31957)
Fixed an issue where setting *pg_host= without any other context no longer results in an empty HOST section of settings.py in controller. (AAP-32440)

10.22.2. Advisories
Copy link

The following errata advisories are included in this release:

10.23. Ansible Automation Platform patch release October 7, 2024
Copy link

The following enhancements and fixes have been implemented in this release of Red Hat Ansible Automation Platform.

10.23.1. Enhancements
Copy link

Event-Driven Ansible workers and scheduler add timeout and retry resilience when communicating with a Redis cluster. (AAP-32139)
Removed the MTLS credential type that was incorrectly added. (AAP-31848)

10.23.2. Fixed issues
Copy link

10.23.2.1. Ansible Automation Platform
Copy link

Fixed conditional that was skipping necessary tasks in the restore role, which was causing restores to not finish reconciling. (AAP-30437)
Systemd services in the containerized installer are now set with restart policy set to always by default. (AAP-31824)
FLUSHDB is now modified to account for shared usage of a Redis database. It now respects access limitations by removing only those keys that the client has permissions to. (AAP-32138)
Added a fix to ensure default extra_vars values are rendered in the Prompt on launch wizard. (AAP-30585)
Filtered out the unused ANSIBLE_BASE_ settings from the environment variable in job execution. (AAP-32208)

10.23.2.2. Event-Driven Ansible
Copy link

Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the RPM installer. (AAP-32027)
Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the containerized installer. (AAP-31851)
Fixed a bug where the Event-Driven Ansible workers and scheduler are unable to reconnect to the Redis cluster if a primary Redis node enters a failed state and a new primary node is promoted. See the KCS article Redis failover causes Event-Driven Ansible activation failures that include the steps that were necessary before this bug was fixed. (AAP-30722)

10.23.3. Advisories
Copy link

The following errata advisories are included in this release:

Legal Notice
Copy link

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Release notes

New features, enhancements, and bug fix information

Providing feedback on Red Hat documentationCopy linkLink copied to clipboard!

Chapter 1. Overview of Red Hat Ansible Automation PlatformCopy linkLink copied to clipboard!

1.1. What is included in the Ansible Automation PlatformCopy linkLink copied to clipboard!

1.2. Red Hat Ansible Automation Platform life cycleCopy linkLink copied to clipboard!

Chapter 2. New features and enhancementsCopy linkLink copied to clipboard!

2.1. Installation changesCopy linkLink copied to clipboard!

2.2. Deployment topologiesCopy linkLink copied to clipboard!

2.3. Unified UICopy linkLink copied to clipboard!

2.3.1. Terminology changesCopy linkLink copied to clipboard!

2.4. Event-Driven Ansible functionality (Automation decisions)Copy linkLink copied to clipboard!

2.5. Event-Driven Ansible 2.5 with automation controller 2.4Copy linkLink copied to clipboard!

2.6. Red Hat Ansible Lightspeed on-premise deploymentCopy linkLink copied to clipboard!

2.7. Ansible plug-ins for Red Hat Developer HubCopy linkLink copied to clipboard!

2.8. Self-service automation portalCopy linkLink copied to clipboard!

2.9. Ansible development toolsCopy linkLink copied to clipboard!

2.10. Red Hat Ansible Automation Platform Service on AWSCopy linkLink copied to clipboard!

2.11. EnhancementsCopy linkLink copied to clipboard!

Chapter 3. Technology previewCopy linkLink copied to clipboard!

3.1. Technology PreviewCopy linkLink copied to clipboard!

3.1.1. Ansible-core 2.19Copy linkLink copied to clipboard!

3.1.2. Ansible development workspacesCopy linkLink copied to clipboard!

3.1.3. Availability of Ansible Lightspeed intelligent assistantCopy linkLink copied to clipboard!

3.1.4. Managing AI infrastructure using Red Hat Ansible Automation PlatformCopy linkLink copied to clipboard!

Chapter 4. Deprecated featuresCopy linkLink copied to clipboard!

4.1. Deprecated API endpointsCopy linkLink copied to clipboard!

Chapter 5. Removed featuresCopy linkLink copied to clipboard!

Chapter 6. Changed featuresCopy linkLink copied to clipboard!

Chapter 7. Known issuesCopy linkLink copied to clipboard!

7.1. Ansible Automation PlatformCopy linkLink copied to clipboard!

7.2. Event-Driven AnsibleCopy linkLink copied to clipboard!

7.3. Ansible plug-ins for Red Hat Developer HubCopy linkLink copied to clipboard!

Chapter 8. Fixed issuesCopy linkLink copied to clipboard!

8.1. Ansible Automation PlatformCopy linkLink copied to clipboard!

8.2. Automation hubCopy linkLink copied to clipboard!

8.3. Event-Driven AnsibleCopy linkLink copied to clipboard!

8.4. Ansible Automation Platform OperatorCopy linkLink copied to clipboard!

8.5. Ansible plug-ins for Red Hat Developer HubCopy linkLink copied to clipboard!

Chapter 9. Ansible Automation Platform documentationCopy linkLink copied to clipboard!

Chapter 10. Patch releasesCopy linkLink copied to clipboard!

10.1. Ansible Automation Platform patch release September 23, 2025Copy linkLink copied to clipboard!

10.1.1. GeneralCopy linkLink copied to clipboard!

10.1.2. CVECopy linkLink copied to clipboard!

10.1.3. Ansible Automation PlatformCopy linkLink copied to clipboard!

10.1.3.1. EnhancementsCopy linkLink copied to clipboard!

10.1.3.2. Bug fixesCopy linkLink copied to clipboard!

10.1.4. Ansible Automation Platform OperatorCopy linkLink copied to clipboard!

10.1.5. Bug fixesCopy linkLink copied to clipboard!

10.1.6. Automation controllerCopy linkLink copied to clipboard!

10.1.6.1. Bug FixesCopy linkLink copied to clipboard!

10.1.7. Automation hubCopy linkLink copied to clipboard!

10.1.7.1. EnhancementsCopy linkLink copied to clipboard!

10.1.8. Container-based Ansible Automation PlatformCopy linkLink copied to clipboard!

10.1.8.1. Bug FixesCopy linkLink copied to clipboard!

10.1.9. Event-Driven AnsibleCopy linkLink copied to clipboard!

10.1.9.1. Bug FixesCopy linkLink copied to clipboard!

10.1.10. RPM-based Ansible Automation PlatformCopy linkLink copied to clipboard!

10.1.10.1. Bug FixesCopy linkLink copied to clipboard!

10.2. Ansible Automation Platform patch release August 27, 2025Copy linkLink copied to clipboard!

10.2.1. GeneralCopy linkLink copied to clipboard!

10.2.2. CVECopy linkLink copied to clipboard!

10.2.3. Ansible Automation PlatformCopy linkLink copied to clipboard!

10.2.3.1. FeaturesCopy linkLink copied to clipboard!

10.2.3.2. EnhancementsCopy linkLink copied to clipboard!

10.2.3.3. Bug fixesCopy linkLink copied to clipboard!

10.2.4. Ansible Automation Platform OperatorCopy linkLink copied to clipboard!

10.2.5. Bug fixesCopy linkLink copied to clipboard!

10.2.6. Automation controllerCopy linkLink copied to clipboard!

10.2.6.1. Bug FixesCopy linkLink copied to clipboard!

10.2.7. Container-based Ansible Automation PlatformCopy linkLink copied to clipboard!

10.2.7.1. EnhancementsCopy linkLink copied to clipboard!

10.2.7.2. Bug FixesCopy linkLink copied to clipboard!

10.2.8. Event-Driven AnsibleCopy linkLink copied to clipboard!

10.2.8.1. Bug FixesCopy linkLink copied to clipboard!

10.2.9. RPM-based Ansible Automation PlatformCopy linkLink copied to clipboard!

10.2.9.1. EnhancementsCopy linkLink copied to clipboard!

10.2.9.2. Bug FixesCopy linkLink copied to clipboard!

10.3. Ansible Automation Platform patch release July 30, 2025Copy linkLink copied to clipboard!

10.3.1. GeneralCopy linkLink copied to clipboard!

Providing feedback on Red Hat documentation
Copy link

Chapter 1. Overview of Red Hat Ansible Automation Platform
Copy link

1.1. What is included in the Ansible Automation Platform
Copy link

1.2. Red Hat Ansible Automation Platform life cycle
Copy link

Chapter 2. New features and enhancements
Copy link

2.1. Installation changes
Copy link

2.2. Deployment topologies
Copy link

2.3. Unified UI
Copy link

2.3.1. Terminology changes
Copy link

2.4. Event-Driven Ansible functionality (Automation decisions)
Copy link

2.5. Event-Driven Ansible 2.5 with automation controller 2.4
Copy link

2.6. Red Hat Ansible Lightspeed on-premise deployment
Copy link

2.7. Ansible plug-ins for Red Hat Developer Hub
Copy link

2.8. Self-service automation portal
Copy link

2.9. Ansible development tools
Copy link

2.10. Red Hat Ansible Automation Platform Service on AWS
Copy link

2.11. Enhancements
Copy link

Chapter 3. Technology preview
Copy link

3.1. Technology Preview
Copy link

3.1.1. Ansible-core 2.19
Copy link

3.1.2. Ansible development workspaces
Copy link

3.1.3. Availability of Ansible Lightspeed intelligent assistant
Copy link

3.1.4. Managing AI infrastructure using Red Hat Ansible Automation Platform
Copy link

Chapter 4. Deprecated features
Copy link

4.1. Deprecated API endpoints
Copy link

Chapter 5. Removed features
Copy link

Chapter 6. Changed features
Copy link

Chapter 7. Known issues
Copy link

7.1. Ansible Automation Platform
Copy link

7.2. Event-Driven Ansible
Copy link

7.3. Ansible plug-ins for Red Hat Developer Hub
Copy link

Chapter 8. Fixed issues
Copy link

8.1. Ansible Automation Platform
Copy link

8.2. Automation hub
Copy link

8.3. Event-Driven Ansible
Copy link

8.4. Ansible Automation Platform Operator
Copy link

8.5. Ansible plug-ins for Red Hat Developer Hub
Copy link

Chapter 9. Ansible Automation Platform documentation
Copy link

Chapter 10. Patch releases
Copy link

10.1. Ansible Automation Platform patch release September 23, 2025
Copy link

10.1.1. General
Copy link

10.1.2. CVE
Copy link

10.1.3. Ansible Automation Platform
Copy link

10.1.3.1. Enhancements
Copy link

10.1.3.2. Bug fixes
Copy link

10.1.4. Ansible Automation Platform Operator
Copy link

10.1.5. Bug fixes
Copy link

10.1.6. Automation controller
Copy link

10.1.6.1. Bug Fixes
Copy link

10.1.7. Automation hub
Copy link

10.1.7.1. Enhancements
Copy link

10.1.8. Container-based Ansible Automation Platform
Copy link

10.1.8.1. Bug Fixes
Copy link

10.1.9. Event-Driven Ansible
Copy link

10.1.9.1. Bug Fixes
Copy link

10.1.10. RPM-based Ansible Automation Platform
Copy link

10.1.10.1. Bug Fixes
Copy link

10.2. Ansible Automation Platform patch release August 27, 2025
Copy link

10.2.1. General
Copy link

10.2.2. CVE
Copy link

10.2.3. Ansible Automation Platform
Copy link

10.2.3.1. Features
Copy link

10.2.3.2. Enhancements
Copy link

10.2.3.3. Bug fixes
Copy link

10.2.4. Ansible Automation Platform Operator
Copy link

10.2.5. Bug fixes
Copy link

10.2.6. Automation controller
Copy link

10.2.6.1. Bug Fixes
Copy link

10.2.7. Container-based Ansible Automation Platform
Copy link

10.2.7.1. Enhancements
Copy link

10.2.7.2. Bug Fixes
Copy link

10.2.8. Event-Driven Ansible
Copy link

10.2.8.1. Bug Fixes
Copy link

10.2.9. RPM-based Ansible Automation Platform
Copy link

10.2.9.1. Enhancements
Copy link

10.2.9.2. Bug Fixes
Copy link

10.3. Ansible Automation Platform patch release July 30, 2025
Copy link

10.3.1. General
Copy link

10.3.2. CVE
Copy link

10.3.3. Ansible Automation Platform
Copy link