Release notes

Red Hat Ansible Automation Platform 2.5

New features, enhancements, and bug fix information

Red Hat Customer Content Services

Abstract

The release notes for Red Hat Ansible Automation Platform summarize all new features and enhancements, notable technical changes, major corrections from the previous version, and any known bugs upon general availability.

Providing feedback on Red Hat documentation

If you have a suggestion to improve this documentation, or find an error, you can contact technical support at https://access.redhat.com to open a request.

Chapter 1. Overview of Red Hat Ansible Automation Platform

Red Hat Ansible Automation Platform simplifies the development and operation of automation workloads for managing enterprise application infrastructure lifecycles. Ansible Automation Platform works across multiple IT domains, including operations, networking, security, and development, as well as across diverse hybrid environments. Simple to adopt, use, and understand, Ansible Automation Platform provides the tools needed to rapidly implement enterprise-wide automation, no matter where you are in your automation journey.

1.1. What is included in the Ansible Automation Platform

Ansible Automation Platform	Automation controller	Automation hub	Event-Driven Ansible controller	Insights for Ansible Automation Platform	Platform gateway (Unified UI)
2.5	4.6.0	4.10.0 hosted service	1.1.0	hosted service	1.1

1.2. Red Hat Ansible Automation Platform life cycle

Red Hat provides different levels of maintenance for each Ansible Automation Platform release. For more information, see Red Hat Ansible Automation Platform Life Cycle.

Chapter 2. New features and enhancements

2.1. Installation changes

Starting with Ansible Automation Platform 2.5, three different on-premise deployment models are fully tested. In addition to the existing RPM-based installer and operator, support for the containerized installer is being added.

As the platform moves toward a container-first model, the RPM-based installer will be removed in a future release, and a deprecation warning is being issued with the release of Ansible Automation Platform 2.5. While the RPM installer will still be supported for Ansible Automation Platform 2.5 until it is removed, the investment will focus on the container-based installation for RHEL deployments and the operator-based installation for OpenShift deployments. Upgrades from 2.4 containerized Ansible Automation Platform Technology Preview to 2.5 containerized Ansible Automation Platform are unsupported.

2.2. Deployment topologies

Red Hat tests Ansible Automation Platform 2.5 with a defined set of topologies to give you opinionated deployment options. Deploy all components of Ansible Automation Platform so that all features and capabilities are available for use without the need to take further action.

It is possible to install Ansible Automation Platform on different infrastructure topologies and with different environment configurations. Red Hat does not fully test topologies outside of published reference architectures. Red Hat recommends using a tested topology for all new deployments and provides commercially reasonable support for deployments that meet minimum requirements.

At the time of the Ansible Automation Platform 2.5 GA release, a limited set of topologies are fully tested. Red Hat will regularly add new topologies to iteratively expand the scope of fully tested deployment options. As new topologies roll out, we will include them in the release notes.

The following table shows the tested topologies for Ansible Automation Platform 2.5:

Mode	Infrastructure	Description	Tested topologies
RPM	Virtual Machines/Bare Metal	The RPM installer deploys the Ansible Automation Platform on Red Hat Enterprise Linux using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle.	RPM enterprise topology RPM mixed enterprise topology
Containers	Virtual Machines/Bare Metal	The containerized installer deploys the Ansible Automation Platform on Red Hat Enterprise Linux by using Podman that runs the platform in containers on host machines. Customers manage the product and infrastructure lifecycle.	Container enterprise topology Container growth topology
Operator	Red Hat OpenShift	The operator uses Red Hat OpenShift operators to deploy the Ansible Automation Platform within Red Hat OpenShift. Customers manage the product and infrastructure lifecycle.	Operator enterprise topology Operator growth topology

For more information, see Tested deployment models.

2.3. Unified UI

In versions before 2.5, the Ansible Automation Platform was split into three primary services: automation controller, automation hub, and Event-Driven Ansible controller. Each service included standalone user interfaces, separate deployment configurations, and separate authentication schemas.

In Ansible Automation Platform 2.5, the platform gateway is provided as a service that handles authentication and authorization for the Ansible Automation Platform. With the platform gateway, all services that make up the Ansible Automation Platform are consolidated into a single unified UI. The unified UI provides a single entry into the Ansible Automation Platform and serves the platform user interface to authenticate and access all of the Ansible Automation Platform services from a single location.

2.3.1. Terminology changes

The Unified UI highlights the functional benefits provided by each underlying service. New UI terminology aligns to earlier names as follows:

Automation execution provides functionality from the automation controller service
Automation decisions provides functionality from the Event-Driven Ansible service
Automation content provides functionality from the automation hub service

2.4. Event-Driven Ansible functionality (Automation decisions)

With Ansible Automation Platform 2.5, Event-Driven Ansible functionality has been enhanced with the following features:

Enterprise single-sign on and role-based access control are available through a new Ansible Automation Platform UI, which enables a single point of authentication and access to all functional components as follows:
- Automation Execution (automation controller)
- Automation Decision (Event-Driven Ansible)
- Automation Content (automation hub)
- Automation Analytics
- Access Management
- Red Hat Ansible Lightspeed
Simplified event routing capabilities introduce event streams. Event streams are an easy way to connect your sources to your rulebooks. This new capability lets you create a single endpoint to receive alerts from an event source and then use the events in multiple rulebooks. This simplifies rulebook activation setup, reduces maintenance demands, and helps lower risk by eliminating the need for additional ports to be open to external traffic.
Event-Driven Ansible in the Ansible Automation Platform 2.5 now supports horizontal scalability and enables high-availability deployments of the Event-Driven Ansible controller. These capabilities allow for the installation of multiple Event-Driven Ansible nodes and thus enable you to create highly available deployments.
Migration to the new platform-wide Red Hat Ansible Automation Platform credential type replaces the legacy controller token for enabling rulebook activations to call jobs in the automation controller.
Event-Driven Ansible now has the ability to manage credentials that can be added to rulebook activations. These credentials can be used in rulebooks to authenticate to event sources. In addition, you can now attach vault credentials to rulebook activations so that you can use vaulted variables in rulebooks. Encrypted credentials and vaulted variables enable enterprises to secure the use of Event-Driven Ansible within their environment.
New modules are added to the ansible.eda collection to enable users to automate the configuration of the Event-Driven Ansible controller using Ansible playbooks.

2.5. Event-Driven Ansible 2.5 with automation controller 2.4

You can use a newly installed version of Event-Driven Ansible from Ansible Automation Platform 2.5 with some existing versions of the automation controller. A hybrid configuration is supported with the following versions:

2.4 Ansible Automation Platform version of automation controller (4.4 or 4.5)
2.5 Ansible Automation Platform version of Event-Driven Ansible (1.1)

You can only use new installations of Event-Driven Ansible in this configuration. RPM-based hybrid deployments are fully supported by Red Hat. For details on setting up this configuration, see the chapter Installing Event-Driven Ansible controller 1.1 and configuring automation controller 4.4 or 4.5 in the Using Event-Driven Ansible 2.5 with Ansible Automation Platform 2.4 guide.

A hybrid configuration means you can install a new Event-Driven Ansible service and configure rulebook activations to execute job templates on a 2.4 version of the automation controller.

2.6. Red Hat Ansible Lightspeed on-premise deployment

Red Hat Ansible Lightspeed with IBM watsonx Code Assistant is a generative AI service that helps automation teams create, adopt, and maintain Ansible content more efficiently; it is now available as an on-premise deployment on the Ansible Automation Platform 2.5.

The on-premise deployment provides the Ansible Automation Platform customers more control over their data and supports compliance with enterprise security policies. For example, organizations in sensitive industries with data privacy or air-gapped requirements can use on-premise deployments of both Red Hat Ansible Lightspeed and IBM watsonx Code Assistant for Red Hat Ansible Lightspeed on Cloud Pak for Data. Red Hat Ansible Lightspeed on-premise deployments are supported on Ansible Automation Platform 2.5. For more information, see the chapter Setting up Red Hat Ansible Lightspeed on-premise deployment in the Red Hat Ansible Lightspeed with IBM watsonx Code Assistant User Guide.

2.7. Ansible plug-ins for Red Hat Developer Hub

The Ansible plug-ins for Red Hat Developer Hub deliver an Ansible-first Red Hat Developer Hub user experience that simplifies creating Ansible content, such as playbooks and collections, for Ansible users of all skill levels. The Ansible plug-ins provide curated content and features to accelerate Ansible learner onboarding and streamline Ansible use case adoption across your organization.

The Ansible plug-ins provide the following capabilities:

A customized home page and navigation tailored to Ansible users
Curated Ansible learning paths to help users new to Ansible
Software templates for creating Ansible playbooks and collection projects that follow best practices
Links to supported development environments and tools with opinionated configurations

For more information, see Installing Ansible plug-ins for Red Hat Developer Hub.

2.8. Ansible development tools

Ansible development tools is a suite of tools provided with the Ansible Automation Platform to help automation creators create, test, and deploy playbook projects, execution environments, and collections on Linux, MacOS, and Windows platforms. Consolidating core Ansible tools into a single package simplifies tool management and promotes recommended practices in the automation content creation experience.

Ansible development tools are distributed in an RPM package for RHEL systems, and in a supported container distribution that can be used on Linux, Mac, and Windows OS.

Ansible development tools comprise the following tools:

ansible-builder
ansible-core
ansible-lint
ansible-navigator
ansible-sign
Molecule
ansible-creator
ansible-dev-environment
pytest-ansible
tox-ansible

For more information, see Developing Ansible automation content.

2.9. Red Hat Ansible Automation Platform Service on AWS

Red Hat Ansible Automation Platform Service on AWS is a deployment of the Ansible Automation Platform control plane purchased through AWS Marketplace. Red Hat manages the service so that customer teams can focus on automation.

For more information, see Red Hat Ansible Automation Platform Service on AWS.

2.10. Enhancements

Added the ability to provide mounts.conf or copy from a local or remote source when installing Podman. (AAP-16214)
Updated the inventory file to include the SSL key and certificate parameters for provided SSL web certificates. (AAP-13728)
Added an Ansible Automation Platform operator-version label on Kubernetes resources created by the operator. (AAP-31058)
Added installation variables to support PostgreSQL certificate authentication for user-provided databases. (AAP-1095)
Updated NGINX to version 1.22. (AAP-15128)
Added a new configuration endpoint for the REST API. (AAP-13639)
Allowed adjustment of RuntimeDirectorySize for Podman environments at the time of installation. (AAP-11597)
Added support for the SAFE_PLUGINS_FOR_PORT_FORWARD setting for eda-server to the installation program. (AAP-21503)
Aligned inventory content to tested topologies and added comments for easier access to groups and variables when custom configurations are required. (AAP-30242)
The variable automationedacontroller_allowed_hostnames is no longer needed and is no longer supported for Event-Driven Ansible installations. (AAP-24421)
The eda-server now opens the ports for a rulebook with a source plugin that requires inbound connections only if that plugin is allowed in the settings. (AAP-17416)
The Event-Driven Ansible settings are now moved to a dedicated YAML file. (AAP-13276)
Starting with Ansible Automation Platform 2.5, customers using the controller collection (ansible.controller) have the platform collection (ansible.platform) as a single point of entry, and must use the platform collection to seed organizations, users, and teams. (AAP-31517)
Users are opted in for Automation Analytics by default when activating automation controller on first time log in. (ANSTRAT-875)

Chapter 3. Technology preview

3.1. Technology Preview

Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

3.1.1. Availability of Ansible Lightspeed intelligent assistant

The Ansible Lightspeed intelligent assistant is now available on Ansible Automation Platform 2.5 on Red Hat OpenShift Container Platform as a Technology Preview release. It is an intuitive chat interface embedded within the Ansible Automation Platform, utilizing generative artificial intelligence (AI) to answer questions about the Ansible Automation Platform.

The chat experience in the Ansible Lightspeed intelligent assistant interacts with users in their natural language prompts in English, and utilizes large language models (LLMs) to generate quick, accurate, and personalized responses. These responses empower Ansible Automation Platform users to work more efficiently, thereby improving productivity and the overall quality of their work.

To access and use the Ansible Lightspeed intelligent assistant, you need:

Installation of Ansible Automation Platform 2.5 on Red Hat OpenShift Container Platform.
Deployment of an LLM served by Red Hat AI platforms.

For more information, see Deploying the Ansible Lightspeed intelligent assistant on OpenShift Container Platform in Installing on OpenShift Container Platform guide.

3.1.2. Ansible Automation Platform self-service technical preview

Ansible Automation Platform self-service technical preview is released as a technical preview, with limited support offered in accordance with Red Hat’s support guidelines.

Self-service technical preview aims to provide a self-service experience, making automation simpler and easily accessible to users of any skill level and role. It also offers accelerated deployment of common automation use cases.

You can download the self-service technical preview from the Ansible Automation Platform download page on the Red Hat Customer Portal.

For more information, see Installing Ansible Automation Platform self-service technical preview.

Important

Self-service technical preview is a Technology Preview feature only.

Additional resources

For the most recent list of Technology Preview features, see Ansible Automation Platform - Preview Features.
For information about execution node enhancements on OpenShift deployments, see Managing Capacity With Instances.

Chapter 4. Deprecated features

Deprecated functionality is still included in Ansible Automation Platform and continues to be supported during this version’s support cycle. However, the functionality will be removed in a future release of Ansible Automation Platform and is not recommended for new deployments.

The following table provides information about features that were deprecated in Ansible Automation Platform 2.5:

Component	Feature
Automation controller, automation hub, and Event-Driven Ansible controller	Tokens for the automation controller and the automation hub are deprecated. If you want to generate tokens, use the platform gateway to create them. The platform gateway is the service that handles authentication and authorization for the Ansible Automation Platform. It provides a single entry into the Ansible Automation Platform and serves the platform user interface, so you can authenticate and access all of the Ansible Automation Platform services from a single location.
Automation controller and automation hub	All non-local authentications into the automation controller and automation hub are deprecated. Use the platform gateway to configure external authentications, such as SAML, LDAP, and RADIUS.
Ansible-core	The `INI` configuration option in the COLLECTIONS_PATHS is deprecated. Use the singular form COLLECTIONS_PATH instead.
Ansible-core	The environment variable ANSIBLE_COLLECTIONS_PATHS is deprecated. Use the singular form ANSIBLE_COLLECTIONS_PATH instead.
Ansible-core	Old-style Ansible vars plug-ins that use the entry points `get_host_vars` or `get_group_vars` were deprecated in ansible-core 2.16, and will be removed in ansible-core 2.18. Update the Ansible plug-in to inherit from BaseVarsPlugin and define a `get_vars` method as the entry point.
Ansible-core	The STRING_CONVERSION_ACTION configuration option is deprecated as it is no longer used in the ansible-core code base.
Ansible-core	The smart option for setting a connection plug-in is being removed as its main purpose of choosing between SSH and Paramiko protocols is now irrelevant. Select an explicit connection plug-in instead.
Ansible-core	The undocumented `vaultid` parameter in the `vault` and `unvault` filters is deprecated and will be removed in ansible-core version 2.20. Use `vault_id` instead.
Ansible-core	The string parameter `keepcache` in the `yum_repository` is deprecated.
Ansible-core	The `required` parameter in the API `ansible.module_utils.common.process.get_bin_path` is deprecated.
Ansible-core	`module_utils` - Importing the following convenience helpers from `ansible.module_utils.basic` has been deprecated: `get_exception`, `literal_eval`, `_literal_eval`, `datetime`, `signal`, `types`, `chain`, `repeat`, `PY2`, `PY3`, `b`, `binary_type`, `integer_types`, `iteritems`, `string_types`, `test_type`, `map`, and `shlex_quote`. Import the helpers from the source definition.
Ansible-core	`ansible-doc` - Role `entrypoint` attributes are deprecated and eventually will no longer be shown in `ansible-doc` from ansible-core.
Automation execution environment	Execution environment-29 will be deprecated in the next major release after Ansible Automation Platform 2.5.
Installer	The Ansible team is exploring ways to improve the installation of the Ansible Automation Platform on Red Hat Enterprise Linux, which may include changes to how components are deployed using RPM directly on the host OS. RPMs will be replaced by packages deployed into containers that are run via Podman; this is similar to how automation currently executes on Podman in containers (execution environments) on the host OS. Changes will be communicated through release notes, but removal will occur in major release versions of the Ansible Automation Platform.
Automation mesh	The Work Python option has been deprecated and will be removed from automation mesh in a future release.

4.1. Deprecated API endpoints

API endpoints that will be removed in a future release either because their functionality is being removed or superseded with other capabilities. For example, with the platform moving to a centralized authentication system in the platform gateway, the existing authorization APIs in the automation controller and automation hub are being deprecated for future releases as all authentication operations should occur in the platform gateway.

Component	Endpoint	Capability
Automation controller	`/api/o`	Token authentication is moving to the platform gateway.
Automation hub	`/api/login/keycloak`	Moving to the platform gateway.
Automation hub	`/api/v3/auth/token`	Token authentication used for pulling collections will migrate to the platform gateway tokens.
Automation controller	`/api/v2/organizations`	Moving to the platform gateway.
Automation controller	`/api/v2/teams`	Moving to the platform gateway.
Automation controller	`/api/v2/users`	Moving to the platform gateway.
Automation controller	`/api/v2/roles`	Controller-specific role definitions are moving to `/api/controller/v2/role_definitions`.
Automation controller	The following roles lists: `/api/v2/teams/{id}/roles/` `/api/v2/users/{id}/roles/`	Controller-specific resource permissions are moving to `/api/controller/v2/role_user_assignments` and `/api/controller/v2/role_team_assignments`.
Automation controller	The following object roles lists: `/api/v2/credentials/{id}/object_roles/` `/api/v2/instance_groups/{id}/object_roles/` `/api/v2/inventories/{id}/object_roles/` `/api/v2/job_templates/{id}/object_roles/` `/api/v2/organizations/{id}/object_roles/` `/api/v2/projects/{id}/object_roles/` `/api/v2/teams/{id}/object_roles/` `/api/v2/workflow_job_templates/{id}/object_roles/`	Controller-specific resource permissions are moving to `/api/controller/v2/role_user_assignments` and `/api/controller/v2/role_team_assignments`.
Automation controller	The following resource access lists: `/api/v2/credentials/{id}/access_list/` `/api/v2/instance_groups/{id}/access_list/` `/api/v2/inventories/{id}/access_list/` `/api/v2/job_templates/{id}/access_list/` `/api/v2/organizations/{id}/access_list/` `/api/v2/projects/{id}/access_list/` `/api/v2/teams/{id}/access_list/` `/api/v2/users/{id}/access_list/` `/api/v2/workflow_job_templates/{id}/access_list/`	No replacements yet.

Chapter 5. Removed features

Removed features are those that were deprecated in earlier releases. They are now removed from the Ansible Automation Platform, and will no longer be supported.

The following table provides information about features that are removed in Ansible Automation Platform 2.5:

Component	Feature
Automation controller	Proxy support for the automation controller has been removed. Load balancers must now point to the platform gateway instead of the controller.
ansible-lint	Support for old Ansible `include` tasks syntax is removed in version 2.16 and moved to `include_tasks` or `import_tasks`. Update content to use the currently-supported Ansible syntax, like include_tasks or import_tasks.
Event-Driven Ansible controller	Tokens for the Event-Driven Ansible controller are deprecated. Their configuration has been removed from rulebook activations, and they have been replaced with the Ansible Automation Platform credential type.
Ansible-core	Support for Windows Server versions 2012 and 2012 R2 is removed, as Microsoft’s supported end-of-life date is 10 October 2023. These versions of Windows Server are not tested in the Ansible Automation Platform 2.5 release. Red Hat does not guarantee that these features will continue to work as expected in this and future releases.
Ansible-core	In the Action plugin with an ActionBase class, the deprecated `_remote_checksum` method is now removed. Use `_execute_remote_stat` instead.
Ansible-core	The deprecated FileLock class is now removed. Add your own implementation or rely on third-party support.
Ansible-core	Python 3.9 is now removed as a supported version of the automation controller. Use Python 3.10 or later.
Ansible-core	The `include` module that was deprecated in ansible-core 2.12 is now removed. Use `include_tasks` or `import_tasks` instead.
Ansible-core	`Templar` - The deprecated `shared_loader_obj` parameter of `init` is now removed.
Ansible-core	`fetch_url` - Removed auto disabling `decompress` when gzip is not available.
Ansible-core	`inventory_cache` - Removed deprecated `default.fact_caching_prefix ini` configuration option. Use `defaults.fact_caching_prefix` instead.
Ansible-core	`module_utils/basic.py` - Removed Python 3.5 as a supported remote version. Python version 2.7 or Python version 3.6 or later is now required. Removed Python versions 2.7 and 3.6 as supported remote versions. Use Python 3.7 or later for target execution. NOTE: This applies to Ansible version 2.17 only. With the removal of Python 2 support, the `yum` module and `yum action` plug-in are removed and redirected to `dnf`.
Ansible-core	`stat` - Removed the unused `get_md5` parameter.
Ansible-core	Removed the deprecated `JINJA2_NATIVE_WARNING` environment variable.
Ansible-core	Removed the deprecated `scp_if_ssh` from the ssh connection plugin.
Ansible-core	Removed the deprecated `crypt` support from `ansible.utils.encrypt`.
Execution environment	The Python link is no longer available in the ubi9-based execution environments; only python3 is. Replace scripts that use `python` or `/bin/python` with `python3` or `/bin/python3`.

Chapter 6. Changed features

Changed features are not deprecated and will continue to be supported until further notice.

The following table provides information about features that are changed in Ansible Automation Platform 2.5:

Component	Feature
Automation hub	Error codes are now changed from 403 to 401. Any API client usage relying on specific status code 403 versus 401 will have to update their logic. Standard UI usage will work as expected.
Event-Driven Ansible	The endpoints `/extra_vars` are now moved to a property within `/activations`.
Event-Driven Ansible	The endpoint `/credentials` was replaced with `/eda-credentials`. This is part of an expanded credentials capability for Event-Driven Ansible. For more information, see the chapter Setting up credentials for Event-Driven Ansible controller in the Event-Driven Ansible controller user guide.
Event-Driven Ansible	Event-Driven Ansible can no longer add, edit, or delete the platform gateway-managed resources. Creating, editing, or deleting organizations, teams, or users is available through platform gateway endpoints only. The platform gateway endpoints also enable you to edit organization or team memberships and configure external authentication.
API	Auditing of users has now changed. Users are now audited through the platform API, not through the controller API. This change applies to the Ansible Automation Platform in both cloud service and on-premise deployments.
Automation controller, automation hub, platform gateway, and Event-Driven Ansible	User permission audits the sources of truth for the platform gateway. When an IdP (SSO) is used, then the IdP should be the source of truth for user permission audits. When the Ansible Automation Platform platform gateway is used without SSO, then the platform gateway should be the source of truth for user permissions, not the app-specific UIs or APIs.

Chapter 7. Known issues

This section provides information about known issues in Ansible Automation Platform 2.5.

7.1. Ansible Automation Platform

Added the podman_containers_conf_logs_max_size variable for containers.conf to control the max log size for Podman installations. The default value is 10 MiB. (AAP-12295)
Setting the pg_host= value without any other context no longer results in an empty HOST section of the settings.py in the automation controller. As a workaround, delete the pg_host= value or set it to pg_host=''. (AAP-31915)
Using Prompt on launch for variables for job templates, workflow job templates, workflow visualizer nodes, and schedules will not show the default variables when launching the job, or when configuring the workflows and schedules. (AAP-30585)
The unused ANSIBLE_BASE_ settings are included as environment variables in the job execution. These variables suffixed with SECRET are no longer used in the Ansible Automation Platform and might be ignored until they are removed in a future patch. (AAP-32208)

7.2. Event-Driven Ansible

mTLS event stream creation should be disallowed on all installation methods by default. It is currently disallowed on OpenShift Container Platform installation, but not disallowed in the containerized installations or on RPM installations. (AAP-31337)
If a primary Redis node enters a failed state and a new primary node is promoted, Event-Driven Ansible workers and scheduler are unable to reconnect to the cluster. This causes activations to fail until the containers or pods are recycled. (AAP-30722)
For more information, see the KCS article Redis failover causes Event-Driven Ansible activation failures.

7.3. Ansible plug-ins for Red Hat Developer Hub

Python VS Code extension v2024.14.1 does not work in OpenShift Dev Spaces version 1.9.3, prohibiting the Ansible VS Code extension from loading. As a workaround, downgrade the Python VS Code extension version to 2024.12.3.
The Ansible Content Creator Get Started page links do not work in OpenShift Dev Spaces version 1.9.3. As a workaround, use the Ansible VS Code Command Palette to access the features.

Chapter 8. Fixed issues

This section provides information about fixed issues in Ansible Automation Platform 2.5.

8.1. Ansible Automation Platform

The installer now ensures semanage command is available when SELinux is enabled. (AAP-24396)
The installer can now update certificates without attempting to start the nginx service for previously installed environments. (AAP-19948)
Event-Driven Ansible installation now fails when the pre-existing automation controller is older than version 4.4.0. (AAP-18572)
Event-Driven Ansible can now successfully install on its own with a controller URL when the controller is not in the inventory. (AAP-16483)
Postgres tasks that create users in FIPS environments now use scram-sha-256. (AAP-16456)
The installer now successfully generates a new SECRET_KEY for controller. (AAP-15513)
Ensure all backup and restore staged files and directories are cleaned up before running a backup or restore. You must also mark the files for deletion after a backup or restore. (AAP-14986)
Postgres certificates are now temporarily copied when checking the Postgres version for SSL mode verify-full. (AAP-14732)
The setup script now warns if the provided log path does not have write permissions, and fails if default path does not have write permissions. (AAP-14135)
The linger configuration is now correctly set by the root user for the Event-Driven Ansible user. (AAP-13744)
Subject alternative names for component hosts will now only be checked for signing certificates when HTTPS is enabled. (AAP-7737)
The UI for creating and editing an organization now validates the Max hosts value. This value must be an integer and have a value between 0 and 214748364. (AAP-23270)
Installations that do not include the automation controller but have an external database will no longer install an unused internal Postgres server. (AAP-29798)
Added default port values for all pg_port variables in the installer. (AAP-18484)
XDG_RUNTIME_DIR is now defined when applying Event-Driven Ansible linger settings for Podman. (AAP-18341)*
Fixed an issue where the restore process failed to stop pulpcore-worker services on RHEL 9. (AAP-12829)
Fixed Postgres sslmode for verify-full that affected external Postgres and Postgres signed for 127.0.0.1 for internally managed Postgres. (AAP-7107)
Fixed support for automation hub content signing. (AAP-9739)
Fixed conditional code statements to align with changes from ansible-core issue #82295. (AAP-19053)
Resolved an issue where providing the database installation with a custom port broke the installation of Postgres. (AAP-30636)

8.2. Automation hub

Automation hub now uses system crypto-policies in nginx. (AAP-17775)

8.3. Event-Driven Ansible

Fixed a bug where the Swagger API docs URL returned 404 error with trailing slash. (AAP-27417)
Fixed a bug where logs contained stack trace errors inappropriately. (AAP-23605)
Fixed a bug where the API returned error 500 instead of error 400 when a foreign key ID did not exist. (AAP-23105)
Fix a bug where the Git hash of a project could be empty. (AAP-21641)
Fixed a bug where an activation could fail at the start time due to authentication errors with Podman. (AAP-21067)
Fixed a bug where a project could not get imported if it contained a malformed rulebook. (AAP-20868)
Added EDA_CSRF_TRUSTED_ORIGINS, which can be set by user input or defined based on the allowed hostnames provided or determined by the installer as a default. (AAP-19319)
Redirected all Event-Driven Ansible traffic to /eda/ following UI changes that require the redirect. (AAP-18989)
Fixed target database for Event-Driven automation restore from backup. (AAP-17918)
Fixed the automation controller URL check when installing Event-Driven Ansible without a controller. (AAP-17249)
Fixed a bug when the membership operator failed in a condition applied to a previously saved event. (AAP-16663)
Fixed Event-Driven Ansible nginx configuration for custom HTTPS port. (AAP-16000)
Instead of the target service only, all Event-Driven Ansible services are enabled after installation is completed. The Event-Driven Ansible services will always start after the setup is complete. (AAP-15889)

8.4. Ansible Automation Platform Operator

Fixed Django REST Framework (DRF) browsable views. (AAP-25508)

8.5. Ansible plug-ins for Red Hat Developer Hub

The following updates were introduced in Ansible plug-ins for Red Hat Developer Hub 1.2:

Improvements in error handling and logging for collection and playbook project scaffolder.
Updates to the backstage-rhaap-backend plugin for compatibility with RHDH 1.4.

Chapter 9. Ansible Automation Platform documentation

Red Hat Ansible Automation Platform 2.5 documentation includes significant feature updates as well as documentation enhancements and offers an improved user experience.

The following are documentation enhancements in Ansible Automation Platform 2.5:

The Setting up an automation controller token chapter that previously existed has been deprecated and replaced with the Setting up a Red Hat Ansible Automation Platform credential topic. As the Event-Driven Ansible controller is now integrated with centralized authentication and the Platform UI, this method simplifies the authentication process required for rulebook activations moving forward.
Documentation changes for 2.5 reflect terminology and product changes. Additionally, we have consolidated content into fewer documents.
The following table summarizes title changes for the 2.5 release.

Version 2.4 document title	Version 2.5 document title
Red Hat Ansible Automation Platform release notes	Release notes
NA	New: Using automation analytics
Red Hat Ansible Automation Platform planning guide	Planning your installation
Containerized Ansible Automation Platform installation guide (Technology Preview release)	Containerized installation (First Generally Available release)
Deploying the Ansible Automation Platform operator on OpenShift Container Platform	Installing on OpenShift Container Platform
Getting started with automation controller Getting started with automation hub Getting started with Event-Driven Ansible	New: Getting started with Ansible Automation Platform
Installing and configuring central authentication for the Ansible Automation Platform	Access management and authentication
Getting started with Ansible playbooks	Getting started with Ansible playbooks
Ansible Automation Platform operations guide	Operating Ansible Automation Platform
Ansible Automation Platform automation mesh for operator-based installation	Automation mesh for managed cloud or operator environments
Ansible Automation Platform automation mesh for VM-based installation	Automation mesh for VM environments
Performance considerations for operator-based installation	Performance considerations for operator environments
Ansible Automation Platform operator backup and recovery guide	Backup and recovery for operator environments
Troubleshooting Ansible Automation Platform	Troubleshooting Ansible Automation Platform
Ansible Automation Platform hardening guide	Not available for 2.5 release; to be published at a later date
automation controller user guide	Using automation execution
automation controller administration guide	Configuring automation execution
automation controller API overview	Automation execution API overview
automation controller API reference	Automation execution API reference
automation controller CLI reference	Automation execution CLI reference
Event-Driven Ansible user guide	Using automation decisions
Managing content in automation hub	- Managing automation content - Automation content API reference
Ansible security automation guide	Ansible security automation guide
Using the automation calculator Viewing reports about your Ansible automation environment Evaluating your automation controller job runs using the job explorer Planning your automation jobs using the automation savings planner	Using automation analytics
Ansible Automation Platform creator guide	Developing automation content
Automation content navigator creator guide	Using content navigator
Creating and consuming execution environments	Creating and using execution environments
Installing Ansible plug-ins for Red Hat Developer Hub	Installing Ansible plug-ins for Red Hat Developer Hub
Using Ansible plug-ins for Red Hat Developer Hub	Using Ansible plug-ins for Red Hat Developer Hub

Chapter 10. Patch releases

Security, bug fixes, and enhancements for Ansible Automation Platform 2.5 are released as asynchronous erratas. All Ansible Automation Platform erratas are available on the Download Red Hat Ansible Automation Platform page.

As a Red Hat Customer Portal user, you can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, you receive notifications through email whenever new erratas relevant to your registered systems are released.

Note

Red Hat Customer Portal user accounts must have systems registered and consuming Ansible Automation Platform entitlements for Ansible Automation Platform errata notification emails to generate.

The patch releases section of the release notes will be updated over time to give notes on enhancements and bug fixes for patch releases of Ansible Automation Platform 2.5.

Additional resources

For more information about asynchronous errata support in Ansible Automation Platform, see Red Hat Ansible Automation Platform Life Cycle.
For information about Common Vulnerabilities and Exposures (CVEs), see What is a CVE? and Red Hat CVE Database.

10.1. Ansible Automation Platform patch release May 7, 2025

This release includes the following components and versions:

Release date	Component versions
May 7, 2025	Automation controller 4.6.12 Automation hub 4.10.4 Event-Driven Ansible 1.1.8 Container-based installer Ansible Automation Platform (bundle) 2.5-13 Container-based installer Ansible Automation Platform (online) 2.5-13 Receptor 1.5.5 RPM-based installer Ansible Automation Platform (bundle) 2.5-12 RPM-based installer Ansible Automation Platform (online) 2.5-12

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1746137767
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1746138413

10.1.1. General

Implemented GitHub application credential type.(AAP-38589)
The ansible.platform collection has been updated to 2.5.20250507.(AAP-44992)
The ansible.controller collection has been updated to 4.6.12.
The ansible.eda collection has been updated to 2.7.0.

10.1.2. Features

10.1.2.1. Ansible Automation Platform

Added an enhanced log viewer for rulebook activation instances similar to the job output logger.(AAP-43337)

10.1.2.2. Container-based Ansible Automation Platform

Implemented a playbook to collect sos reports using the inventory file.(AAP-42606)

10.1.2.3. Event-Driven Ansible

Event-Driven Ansible now submits analytics data.(AAP-40881)
Enabled Event-Driven Ansible analytics data to be uploaded to the cloud. This feature is guarded by a feature flag.(AAP-42468)
Added a log tracking id to each log message labelled as [tid: uuid-pattern].(AAP-42270)
Improved the user experience of managing rulebook activations in Event-Driven Ansible by introducing an edit capability.(AAP-33067)
The following datapoints Event-Driven Ansible now collects for analytics for MVP:
- Eventsources used in Event-Driven Ansible.
- Eventstreams used in Event-Driven Ansible.
- Version of Event-Driven Ansible installed.
- Installation type (container/OCP/VM).
- Platform organizations in Event-Driven Ansible.
- Which automation controller job template was launched from a rulebook activation.(AAP-31458)
Event-Driven Ansible gather_analytics command now runs on schedule as an internal task.(AAP-30063)
Event-Driven Ansible now writes analytics data collector that sends payloads to console.redhat.com.(AAP-30055)
Add x-request-id to each log message labelled as [rid:uuid-pattern].(AAP-42269)

10.1.3. Enhancements

10.1.3.1. Ansible Automation Platform

Updated platform gateway to adopt selected standard component for settings mechanism.(AAP-34939)
Refactored the authenticate() method inside the AuthenticatorPlugin class in legacy_password.py and legacy_sso.py to their common parent LegacyMixin. Added comments to classes and their methods for code clarity.(AAP-44460)

10.1.3.2. Ansible Automation Platform Operator

Fixed an issue where the Lightspeed Operator would not use the ANSIBLE_AI_MODEL_MESH_CONFIG.(AAP-41335)
Extended CCSP and renewal guidance reports to include inventory scope and node/host details.(AAP-38802)

10.1.3.3. Automation controller

Updated the pinned version of receptorctl in automation controller to 1.5.5.(AAP-44823)
Updated the pinned version for ansible-runner in automation controller.(AAP-43357)

10.1.3.4. Container-based Ansible Automation Platform

Added new variable use_archive_compression with default value: true. Added new variable component Name_use_archive_compression for each component with the default value: true.(AAP-41242)

10.1.3.5. Event-Driven Ansible

Event-Driven Ansible collection standardization enhancements.(AAP-41402)
Relevant settings and versions are emitted in logs when the ansible-rulebook starts in worker mode.(AAP-40781)
Added log entries with settings and version at startup.(AAP-40781)
Enhanced the Ansible Automation Platform injectors for eda-server to include common platform variables as extra_vars or environment variables if they are specified.(AAP-43029)
Event-Driven Ansible decision environment validation errors now display under the decision environment text box in the decision environment UI page.(AAP-42147)
Added a automation controller URL check for the CLI.(AAP-41575)
If a source plugin terminates you are now able to see the stack trace with the source file name, the function name, and line number.(AAP-41774)

10.1.3.6. RPM-based Ansible Automation Platform

Added compression for archive and database artifacts used in backup/restore
- Updated database filename used for automation controller pg_dump from tower to automation controller while maintaining backward compatibility for backups using tower.db filename.(AAP-42055)

10.1.4. Bug fixes

With this update, the following CVEs have been addressed:

CVE-2025-26699 automation-controller: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-41139)

10.1.4.1. Ansible Automation Platform

Fixed an issue where In AAP 2.5, the user needed to press Ctrl+Enter to start a new line.(AAP-43499)
Fixed an issue where the change anchor tag on API html view violated semantic rules. (AAP-43802)
LDAP Authenticator field USER_SEARCH field now properly supports LDAP Unions. Previously you could only define one search term in the field like:

[
  "ou=users,dc=example,dc=com",
  "SCOPE_SUBTREE",
  "uid=%(user)s"
]

[
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ],
   [
    "ou=users,dc=example,dc=com",
    "SCOPE_SUBTREE",
    "uid=%(user)s"
  ]
]

USER_DN_TEMPLATE will still take precedence over the USER_SEARCH field. If non-unique users are found when performing multiple searches, those users will be unable to login to Ansible Automation Platform.(AAP-42883)
Fixed an issue where there was a file not found error with Dynaconf.(AP-43144)
Fixed an issue where dynaconf mishandled the openapi schema.(AAP-43143)
Fixed an issue when editing an authenticator with a large number of Organization/Team mappings in platform-gateway would affect the loading time of the web page, potentially making the page unresponsive.(AAP-40963)
Fixed an issue where unreachable hosts were not being filtered out of CCSP reports usage.(AAP-38735)
Fixed an issue where the X-DAB-JW-TOKEN header message would flood logs.(AAP-38169)
Fixed an issue where after upgrading to Ansible Automation Platform 2.5 managed on Azure, the ability to see job output while the job was running was lost. (AAP-43894)
Fixed an issue where customers were not allowed to view output details for filtered job outputs.(AAP-38925)
Fixed an issue where unreachable hosts from CCSP usage reports were not excluded.(AAP-38735)
Fixed an issue where indirect hosts were being counted in the first tab as quantity.(AAP-44676)
Fixed an issue where the platform-gateway could not be installed with a different name for the admin user.(AAP-44180)
Fixed an issue where an Ansible Automation Platform UI session was being logged out even if the user is actively working.(AAP-43622)
Fixed an issue where exceptions handled on SSO login were not allowing for error messages to be properly captured.(AAP-43369)
Fixed an issue where the job output was slow and making it hard to read due to missing parts of the output.(AAP-41434)
Fixed an issue where the user was unable to edit an existing rulebook activation.(AAP-37299)

10.1.4.2. Ansible Automation Platform Operator

Fixed an issue where the pod affinity/anti-affinity was not configurable for the aap-gateway-operator to allow for pod placement on unique nodes.(AAP-42983)
Fixed an issue where Red Hat Ansible Lightspeed was incorrectly passing DAB settings.(AAP-43542)
Fixed an issue where the Lightspeed Operator WCA configuration was not optional.(AAP-42370)
Fixed an issue where status.conditions validation would not allow auto-reporting errors on CR statuses.(AAP-44081)
Fixed an issue where the Ansible Automation Platform gateway had the incorrect Lightspeed deployment name.(AAP-43837)
Fixed an issue where Lightspeed devel CRD was incompatible with 2.5 CRD.(AAP-43657)
Fixed an issue where status.conditions validation was not allowing auto-reporting errors on the CR statuses.(AAP-44083)
If the user is migrating between OpenShift Container Platform Operator on AAP 2.5 fails because of a postgres permission issue. The automation controller operator now grants permission to the automation controller user to avoid permissions errors when migrating the data.(AAP-44846)
Fixed an issue where there was an Intermittent 502 Bad Gateway error on Ansible Automation Platform 2.5 operator deployment.(AAP-44176)

10.1.4.3. Automation controller

Fixed usage of Django password validator UserAttributeSimilarityValidator.(AAP-43046)
Fixed an issue where there was no lookup credential without user Inputs, and where the credential defaults were not passing between awx-plugins and AWX.(AAP-38589)
Fixed an issue where there was an incorrect deprecation warning for awx.awx.schedule_rrule.(AAP-43474)
Fixed an issue where facts were unintentionally deleted when an inventory is modified during a job execution.(AAP-39365)

10.1.4.4. Container based Ansible Automation Platform

Fixed an issue where the paths to expose isolated jobs' settings did not work.(AAP-37599)

The ansible.gateway_configuration collection was replaced by ansible.platform.(AAP-44230)

Fixed an issue where the automation hub would fail to upload collections due to a missing worker temporary directory.(AAP-44166)

10.1.4.5. Event-Driven Ansible

Fixed an issue where the log messages were not using the correct log level.(AAP-43607)
Fixed an issue where the ansible-rulebook logs were not logged into the activation-worker log.(AAP-43549)
Fixed an issue where the container was not always deleted correctly, or it missed the last output entries in VM based installations.(AAP-42935)
Fixed an issue where Event-Driven Ansible logging did not allow searching.(AAP-43338)
Fixed an issue where the rulebook activations and event streams would not remain due to a cascading delete after the user who created them was deleted.(AAP-41769)
Fixed an issue where the decision environment was not using the image to authenticate and pull successfully when using an image registry with a custom port.(AAP-41281)
Fixed an issue where timestamps were not formatted to the local timezone of the user.(AAP-38396)
Fixed an issue where the activation failed with the message It will attempt to restart (1/5) in 60 seconds according to the restart policy always, but it does not restart.(AAP-43969)
Fixed an issue where a race condition would occur while cleaning up activation in OpenShift Container Platform, causing unexpected behavior.(AAP-44108)
Fixed an issue where the Event-Driven Ansible logs showed no information about an internal server error.(AAP-42271)
Fixed an issue where there was a duplicate error message in the CLI.(AAP-41745)
Fixed an issue where Envoy was stripping the Authorization header from client requests.(AAP-44700)
Fixed an issue where Event-Driven Ansible had not selected a standard component for settings mechanism.(AAP-41684)
Fixed an issue where documentation was missing for Event-Driven Ansible source plugins.(AAP-8630)
Fixed an issue where there was a memory leak in Event-Driven Ansible using the ansible-rulebook sqs plugin.(AAP-42623)
Fixed an issue where rulebook activations were not editable or copyable either through the UI or API.(AAP-37294)
Fixed an issue where the rule engine used in ansible-rulebook was keeping events that do not match in memory for the default_events_ttl of two hours causing a memory leak.(AAP-44899)
Fixed an issue where there was a memory leak in Event-Driven Ansible using ansible-rulebook sqs plugin.(AAP-44899)
Fixed an issue where the rulebook activation module in the Event-Driven Ansible collection lacked support for restarting the activation.(AAP-42542)
Fixed an issue where AAP aliases were unable to be used to specify Event-Driven Ansible collection variables.(AAP-42280)

10.1.4.6. Red Hat Ansible Lightspeed Operator

Fixed an issue where the auth_config_secret_name configuration in Lightspeed Operator was not optional in the automation controller.(AAP-44203)

10.1.4.7. Receptor

Fixed an issue where the kube API would lock up on every call by moving kubeAPIWapperInstance inside each kubeUnit and removing kubeAPIWapperlocks.(AAP-43111)

10.1.4.8. RPM-based Ansible Automation Platform

Fixed an issue where platform gateway services were not aligned after restore with the target environment.
- Fixed an issue where old instance nodes were still registered in automation controller post restore.
- Fixed an issue where nginx would attempt to reload before the configuration was finalized.(AAP-44231)

10.2. Ansible Automation Platform patch release April 9, 2025

This release includes the following components and versions:

Release date	Component versions
April 9, 2025	Automation controller 4.6.11 Automation hub 4.10.3 Event-Driven Ansible 1.1.7 Container-based installer Ansible Automation Platform (bundle) 2.5-12 Container-based installer Ansible Automation Platform (online) 2.5-12 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-11 RPM-based installer Ansible Automation Platform (online) 2.5-11

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1743660124
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1743660958

10.2.1. General

The ansible.controller collection has been updated to 4.6.11.(AAP-43126)
Fixed an issue where authentication configuration for AzureAD/EntraId groups could not be used in authentication mapping.(AAP-42890)

10.2.2. Enhancements

10.2.2.1. Container-based Ansible Automation Platform

Implemented variables for applying extra_settings for automation controller, Event-Driven Ansible, platform gateway, and automation hub during installation.(AAP-42932)

10.2.3. Bug fixes

With this update, the following CVEs have been addressed:

CVE-2025-2877 ansible-rulebook: exposure of inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in Event-Driven Ansible.(AAP-42817)

10.2.3.1. Ansible Automation Platform

Fixed an issue where job workflow templates failed with limits.(AAP-33726)
Fixed an issue where there was non-viable information disclosure for pen testing.(AAP-39977)

10.2.3.2. Ansible Automation Platform Operator

Fixed an issue on the OpenShift Container Platform Route TLS termination that was always configured with the edge value.(AAP-42051)

10.2.3.3. Container based Ansible Automation Platform

Fixed an issue where backup and restore jobs would fail to restore on CONT jobs. Implemented validation and cleanup for service nodes on a restore to a new cluster.(AAP-42781)
Fixed an issue where podman logs did not show any log messages if the user was not part of the local administrator or systemd-journal group.(AAP-42755)
Fixed an issue where the Ansible Automation Platform 2.5 containerized installer was unable to read custom configurations.(AAP-40798)
Fixed an issue where a remote user was not part of the systemd-journal group and could not access container logs.(AAP-42755)

10.2.3.4. Automation execution environments

Fixed an issue where there was a Python 3.11 incompatibility by updating pykerberos to 1.2.4 in ee-minimal and ee-supported container images.(AAP-42428)

10.2.3.5. Event-Driven Ansible

Fixed an issue where activations attached with some event streams could not be created in deployments configured with Postgresql with mTLS.(AAP-42268)

10.2.3.6. RPM-based Ansible Automation Platform

Fixed an issue where the token refresh prevented Event-Driven Ansible worker nodes from re-authenticating tokens.(AAP-42981)
Fixed an issue where the bundle installer failed to update automation controller and aap-metrics-utility in the same run.(AAP-42632)
Fixed an issue where platform UI was not loading when the platform gateway was on a FIPS enabled Red Hat Enterprise Linux 9.(AAP-39146)

10.2.4. Known Issues

This section provides information about known issues in Ansible Automation Platform 2.5. Upgrade issues with the RPM installer.
Upgrading from Red Hat Enterprise Linux 9.4 to Red Hat Enterprise Linux 9.5 or later fails when running platform gateway version 2.5.20250409 or later. To upgrade to Red Hat Enterprise Linux 9.5 or later, follow the steps in this KCS article.
When upgrading Ansible Automation Platform 2.5, you must use the RPM installer version 2.5-11 or later. If you use an older installer, the installation might fail. If you encounter a failed installation using an earlier version of the installer, rerun the installation with version 2.5-11 or later.

10.3. Ansible Automation Platform patch release March 26, 2025

This release includes the following components and versions:

Release date	Component versions
March 26, 2025	Platform gateway 2.5.20250326 Automation controller 4.6.10 Automation hub 4.10.3 Event-Driven Ansible 1.1.6 Container-based installer Ansible Automation Platform (bundle) 2.5-11.1 Container-based installer Ansible Automation Platform (online) 2.5-11 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-10 RPM-based installer Ansible Automation Platform (online) 2.5-10

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1742434024
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1742434756

10.3.1. General

The ansible.controller collection has been updated to 4.6.10.(AAP-42242)
Service account support has been integrated into Ansible Automation Platform Analytics; service account credentials have replaced basic auth credentials when linking to Analytics.(AAP-39472)
- For more information, see the KCS article Configure Ansible Automation Platform to use service account credentials for authentication.

10.3.1.1. Deprecated

Deprecated and suppressed the warning about ANSIBLE_COLLECTIONS_PATHS in the job output.(AAP-41566)

10.3.2. Bug fixes

With this update, the following CVEs have been addressed:

CVE-2025-27516 python3.11-jinja2: Jinja sandbox breakout through attr filter selecting format method.(AAP-42104)
CVE-2025-26699 python3.11-django: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-42107)
CVE-2025-26699 ansible-lightspeed-container: Potential denial-of-service vulnerability in django.utils.text.wrap().(AAP-41138)
CVE-2025-27516 automation-controller: Jinja sandbox breakout through attr filter selecting format method.(AAP-41692)
CVE-2025-27516 ansible-lightspeed-container: Jinja sandbox breakout through attr filter selecting format method.(AAP-41690)

10.3.2.1. Ansible Automation Platform

Fixed an issue when migrating user accounts with invalid email addresses, the process would print a message showing the user name of the user whose email address has been removed.(AAP-41675)
Fixed an issue that occurred after enabling automigration of user accounts from the previous SSO authenticator to a new authenticator, the user accounts from other Ansible Automation Platform services such as automation controller or automation hub, were not properly merged into one account, and the account on those services deleted.(AAP-42146)

10.3.2.2. Ansible Automation Platform Operator

Fixed an issue where the legacy automation controller API information link on the automation controller redirect page was broken.(AAP-41510)
Fixed an issue where Ansible Automation Platform backups would fail when writing yaml to the PVC on OpenShift Container Platform clusters with OpenShift Container Platform Virtualization installed.(AAP-28609)

10.3.2.3. Automation controller

Fixed an issue where Insights projects were failing on OpenShift Container Platform on Ansible Automation Platform, due to incorrectly specifying the extra vars path.(AAP-41874)
Fixed an issue where the host metrics for dark, unreachable hosts were being collected.(AAP-41567)
Fixed an issue where the system auditor could download the execution node install bundle.(AAP-37922)
Fixed an issue where the host record was added to HostMetric when the host had failures or unreachable tasks completed.(AAP-32094)

10.3.2.4. Automation hub

Fixed an issue where the user could not delete automation hub teams on the resource API.(AAP-42158)
Fixed an issue where the retain_repo_versions was null for the validated repos.(AAP-42005)

10.3.2.5. RPM-based Ansible Automation Platform

Fixed an issue where preflight was not accounting for automationgateway being a CA server node.(AAP-41817)
Fixed an issue where platform gateway installations resulted in failures in environments with IPv6 due to nginx configuration timing.(AAP-41816)

10.3.3. Known Issues

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.4. Ansible Automation Platform patch release March 12, 2025

This release includes the following components and versions:

Release Date	Component versions
March 12, 2025	Automation controller 4.6.9 Automation hub 4.10.2 Event-Driven Ansible 1.1.6 Container-based installer Ansible Automation Platform (bundle) 2.5-11 Container-based installer Ansible Automation Platform (online) 2.5-11 Receptor 1.5.3 RPM-based installer Ansible Automation Platform (bundle) 2.5-9 RPM-based installer Ansible Automation Platform (online) 2.5-9

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1740093573
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1740094176

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.4.1. General

The ansible.controller collection has been updated to 4.6.9.(AAP-41400)
ansible-lint has been updated to 25.1.2.(AAP-38116)
Fixed an issue where the bundle installer/ee-supported did not contain the latest collection versions. The following collections have been updated in the ee-supported and the bundle installer:
- amazon.aws 9.2.0
- ansible.windows 2.7.0
- arista.eos 10.0.1
- cisco.ios 9.1.1
- cisco.iosxr 10.3.0
- cisco.nxos 9.3.0
- cloud.common 4.0.0
- cloud.terraform 3.0.0
- kubernetes.core 5.1.0
- microsoft.ad 1.8.0
- redhat.openshift 4.0.1
- vmware.vmware 1.10.1
- vmware.vmware_rest 4.6.0.(AAP-39960)
Fixed an issue where ansible-rulebook did not support by default third party python libraries.(AAP-41341)

10.4.2. Features

10.4.2.1. Event-Driven Ansible

Adopts the new credential copy endpoint from the API.(AAP-41384)

10.4.3. Enhancements

10.4.3.1. Event-Driven Ansible

Event-Driven Ansible activation logging is now provided via the journald driver.(AAP-39745)
Rulebook activations' log message field is now separated into timestamps and message fields.(AAP-39743)
Moved ansible.eda collection from de-supported to de-minimal as elements of the collection are required for all Event-Driven Ansible images.(AAP-39749)

10.4.3.2. RPM-based Ansible Automation Platform

The setup.sh script now has an option to collect sosreport.(AAP-40085)

10.4.4. Deprecated

Deprecated the variables eda_main_url and hub_main_url in favor of the platform gateway proxy URL. Automation hub will now use the platform gateway proxy URL.(AAP-41306)

10.4.5. Bug fixes

With this update, the following CVEs have been addressed:

CVE-2025-26791 automation-gateway: Mutation XSS in DOMPurify due to improper template literal handling.(AAP-40402)

10.4.5.1. Ansible Automation Platform

Fixed an issue in the user collection module where running with state: present would cause a stack trace.(AAP-40887)
Fixed an issue that caused updates to SAML authenticators to ignore an updated public certificate provided via UI or API and then fail with the message The certificate and private key do not match.(AAP-40767)
Fixed an issue with the ServiceAuthToken destroy method to allow HTTP delete via ServiceAuth to work properly.(AAP-37630)

10.4.5.2. Platform gateway

Fixed an issue that would prevent some types of resources from getting synced if there was a naming conflict.(AAP-41241)
Fixed an issue where the login failed for users who were members of a team or organization that had a naming conflict.(AAP-41240)
Fixed an issue where there would be 401 unauthorized errors thrown at random in the platform gateway UI.(AAP-41165)
Fixed an issue where services could not request cloud.redhat.com settings from the platform gateway using ServiceTokenAuth.(AAP-39649)

10.4.5.3. Automation controller

Fixed an issue where upgrading was preventing automation controller administrator password to be set for the platform gateway administrator account.(AAP-40839)
Fixed an issue where the indirect host counting name recorded the hostname, instead of from the query result.(AAP-41033)
Fixed an issue where the OpaClient was not initializing properly after timeouts and retries.(AAP-40997)
Fixed an issue where automation controller was missing the service account credentials for analytics.(AAP-40769)
Fixed an issue where the ability to enable feature flags via the corresponding setting of the same name was not possible.(AAP-39783)
Fixed an issue where the DAB feature flags endpoints were not registered in the automation controller API.(AAP-39778)
Fixed an issue where the API was missing a helper method for fetching the service account token from sso.redhat.com.(AAP-39637)

10.4.5.4. Container-based Ansible Automation Platform

Fixed an issue where the containerized installer was not creating receptor mesh connections between all automation controller nodes.(AAP-41102)
Fixed an issue where a default installation of the containerized Ansible Automation Platform was unable to use container groups.(AAP-40431)
Fixed an issue where errors would be hidden during Event-Driven Ansible status validation.(AAP-40021)
Fixed an issue where the polkit RPM package was not installed, therefore, not enabling user lingering.(AAP-39860)

10.4.5.5. Event-Driven Ansible

Fixed an issue where the EDA_ACTIVATION_DB_HOST environment variable in the eda-initial-data container was missing.(AAP-41270)
Fixed an issue with the behavior of the ansible-rulebook and Event-Driven Ansible controller to help when an activation that was started correctly was considered unresponsive and was scheduled for a restart.(AAP-41070)
Fixed an issue where editing and copying of rulebook activations in the API were not allowed.(AAP-40254)
Fixed an issue where the activation was incorrectly restarted with the error message Missing container for running activation.(AAP-39545)
Fixed an issue where the Event-Driven Ansible server did not support PG Notify using certificates.(AAP-39294)
Fixed an issue where the user was not required to give a unique user defined name when copying a credential.(AAP-39079)
Fixed an issue where the image URL in the collection decision_environment testing was not OCI compliant.(AAP-39064)
Fixed an issue where when creating a new team with the same name should have propagated IntegrityError.(AAP-38941)
Fixed an issue where decision environment URLs were not validated against OCI specification to ensure successful authentication to the container registry when pulling the image.(AAP-38822)
Fixed an issue where the Activation module did not support the copy operation from other activations.(AAP-37306)

10.4.5.6. Receptor

Fixed an issue where automation mesh receptor was creating too many inotify processes, and where the user would encounter a too many open files error.(AAP-22605)

10.4.5.7. RPM-based Ansible Automation Platform

Fixed an issue where the activation instance logs were missing in RPM deployments.(AAP-40886)
Fixed an issue where the managed CA would not correctly assign eligible groups during discovery, during installation, and backup and restore.(AAP-40277)
Fixed an issue where during an installation or upgrade, SELinux relabeling was not occurring even if new fcontext rules were added.(AAP-40489)
Fixed an issue where the credentials for execution environments and decision environments hosted in automation hub were incorrectly configured.(AAP-40419)
Fixed an issue where projects failed to sync due to incorrectly configured credentials for Ansible Automation Platform collections hosted in automation hub.(AAP-40418)

10.4.6. Known Issues

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.5. Ansible Automation Platform patch release March 01, 2025

This release includes the following components and versions:

Release date	Component versions
March 01, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10.2 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.3 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV versions in this release:

Namespace-scoped bundle: aap-operator.v2.5.0-0.1740773472
Cluster-scoped bundle: aap-operator.v2.5.0-0.1740774104

Important

An issue was found in affected versions of Ansible Automation Platform that enabled a lesser privileged user (even unauthenticated) promotion to a greater privileged user. All Ansible Automation Platform 2.5 customers should upgrade their environments to the latest version as soon as possible to resolve this issue. Ansible Automation Platform on Microsoft Azure and Ansible Automation Platform Service on AWS environments are already patched by Red Hat.

The following bug fixes have been implemented in this release of Ansible Automation Platform:

10.5.1. Bug fixes

10.5.1.1. CVE

With this update, the following CVE has been addressed:

CVE-2025-1801 automation-gateway: aap-gateway privilege escalation. (AAP-41180)

10.5.1.2. Platform gateway

Fixed an issue that caused the API to randomly return 401 errors. (AAP-41054)

10.6. Ansible Automation Platform patch release February 25, 2025

This release includes the following components and versions:

Release Date	Component versions
February 25, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10.1 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.2 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1740093573
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1740094176

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.6.1. Enhancements

10.6.1.1. Platform gateway

Previously gateway_proxy_url was used for the proxy health check, but is no longer used in favor of the ENVOY_HOSTNAME setting.(AAP-39907)

10.6.1.2. Event-Driven Ansible

In the credential type schema the format field can be set to binary_base64 to specify a file should be loaded as a binary file.(AAP-36581)
- Sample Credential Type Schema
- Inputs Configuration
- fields:
  - id: keytab
  - type: string
  - label: Kerberos Keytab file
  - format: binary_base64 secret: true
  - help_text: Please select a Kerberos Keytab file
  - multiline: true

10.6.2. Bug fixes

10.6.2.1. Ansible Automation Platform

Fixed an issue where the subscription entitlement expiration notification was visible, even when the subscription was active.(AAP-39982)
Fixed an issue where upon UI reload/refresh, logs of a running job before the refresh would not appear until new logs were generated from the playbook.(AAP-38924)
Fixed an issue when the customer was unable to scale down replicas to put Ansible Automation Platform into idle mode.(AAP-39492)
After launching the Workflow Job Template, the launched job for a job template node in the workflow should contain the job_tags and skip_tags that were specified in the launch prompt step.(AAP-40395)
Fixed an issue where the user was not able to create a members role in Ansible Automation Platform 2.5.(AAP-37626)
Fixed an issue where a custom image showed Base64 encoded data.(AAP-26984)
Fixed an issue where a custom logo showed Base64 encoded data.(AAP-26909)
Fixed an issue that restricted users from executing jobs for which they had the correct permissions.(AAP-40398)
Fixed an issue where the workflow job template node extra vars were not saved.(AAP-40396)
Fixed an issue where the Creating and using execution environments guide had the incorrect ansible-core version.(AAP-40390)
Fixed an issue where you were not able to create a members role in Ansible Automation Platform 2.5.(AAP-40698)
Fixed an issue where the initial login to any of the services from platform gateway could result in the user being given access to the wrong account.(AAP-40617)
Fixed an issue where the service owned resources were not kept in sync with the platform gateway allowing for duplicate name values on user login.(AAP-40616)
Fixed an issue where users, organizations, and teams, became permanently out of sync if any user, organization, or team, was deleted from the platform gateway.(AAP-40615)
Fixed an issue where automation hub would fail to run the sync task if any users were deleted from the system.(AAP-40613)

10.6.2.2. Platform gateway

Fixed an issue where ping and status checks with resolvable, but nonresponding, URLs could cause all platform gateway uwsgi workers to hang until all were exhausted. The new settings are PING_PAGE_CHECK_TIMEOUT and PING_PAGE_CHECK_IGNORE_CERT.(AAP-39907)

10.6.2.3. Event-Driven Ansible

Fixed an issue where credentials could be copied in AAP but could not be copied in Event-Driven Ansible.(AAP-35875)

10.6.2.4. Known Issues

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying the platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.7. Ansible Automation Platform patch release February 13, 2025

This release includes the following components and versions:

Release Date	Component versions
February 13, 2025	Automation controller 4.6.8 Automation hub 4.10.1 Event-Driven Ansible 1.1.4 Container-based installer Ansible Automation Platform (bundle) 2.5-10 Container-based installer Ansible Automation Platform (online) 2.5-10 Receptor 1.5.1 RPM-based installer Ansible Automation Platform (bundle) 2.5-8.1 RPM-based installer Ansible Automation Platform (online) 2.5-8

CSV Versions in this release:

Namespace-scoped Bundle: aap-operator.v2.5.0-0.1738808953
Cluster-scoped Bundle: aap-operator.v2.5.0-0.1738809624

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.7.1. New Features

10.7.1.1. Ansible Automation Platform

Keycloak now allows for the configuration of the claim key/name for the field containing a user’s group membership returned in the ID token and/or user info data. This can be configured by setting the GROUPS_CLAIM configuration value on a per-authenticator plugin basis as was done for the OIDC plugin.(AAP-38720)

10.7.2. Enhancements

10.7.2.1. General

The ansible.controller collection has been updated to 4.6.8.(AAP-39848)
ansible.platform collection has been updated to 2.5.20250213.(AAP-39740)
ansible.eda collection has been updated to 2.4.0.(AAP-39577)

10.7.2.2. Ansible Automation Platform

It is now possible to configure automation hub without Redis PVC.(AAP-39600)

10.7.2.3. Automation controller

This release sees the addition of client_id and client_secret fields to the Insights credential to support service accounts via console.redhat.com.(AAP-36565)
You are now able to specify the input for the client_id and client_secret for the insights credential via the awx.awx.credential_type module.(AAP-37441)
Updated awxkit by adding service account support for Insights credential type, specifically adding the fields client_id and client_secret to credential_input_fields.(AAP-39352)

10.7.2.4. Automation execution environments

The file command has been added to ee-minimal and ee-supported container images.(AAP-40009)

10.7.3. Bug fixes

10.7.3.1. Migration

Fixed an issue where after upgrading Ansible Automation Platform from 2.4 to 2.5, many of the surveys that had multiple choice options displayed a blank space in the drop down menu.(AAP-35093)

10.7.3.2. Ansible Automation Platform

Fixed a bug in the collections token module where it was unable to find an application if multiple organizations had the same application name.(AAP-38625)
Fixed an issue where upgrading Ansible Automation Platform 2.5 caused an occasional internal server error for all users with Event-Driven Ansible and Automation hub post upgrade.(AAP-39293)
Fixed an issue where the administrator was not allowed to configure auto migration of legacy authenticators.(AAP-39949)
Fixed an issue where there were two launch/relaunch icons displayed from the jobs list for failed jobs.(AAP-38483)
Fixed an issue where the Schedules Add wizard returned a RequestError Not Found.(AAP-37909)
Fixed an issue where the EC2 Inventory Source type required credentials, which is not necessary when using IAM instance profiles.(AAP-37346)
Fixed an issue when attempting to assign the Automation Decisions - Organization Admin role to a user in an organization resulted in the error, Not managed locally, use the resource server instead. Administrators can now be added by using the Organization → Administrators tab.(AAP-37106)
Fixed an issue where when updating a workflow node, the Job Tags were lost and Skip Tags were not saved.(AAP-35956)
Fixed an issue where new users who logged in with legacy authentication were not merged when switching to Gateway authentication.(AAP-40120)
Fixed an issue where the user was unable to link legacy SSO accounts to Gateway.(AAP-40050)
Fixed an issue where updating Ansible Automation Platform to 2.5 caused an Internal Service Error for all users with Event-Driven Ansible and Automation hub post upgrade. The migration process will now detect and fix users who were created in services via JWT auth and improperly linked to the service instead of the platform gateway.(AAP-39914)

10.7.3.3. Ansible Automation Platform Operator

Fixed an issue where AnsibleWorkflow custom resources would not parse and utilize extra_vars if specified.(AAP-39005)

10.7.3.4. Automation controller

Fixed an issue where when an Azure credential was created using awxkit, the creation failed because the parameter client_id was added to the input fields while the API was not expecting it.(AAP-39846)
Fixed an issue where the job schedules were running at incorrect times when that schedule’s start time fell within a Daylight Saving Time period.(AAP-39826)

10.7.3.5. Automation hub

Fixed an issue where the use of empty usernames and passwords when creating a remote registry was not allowed.(AAP-26462)

10.7.3.6. Container-based Ansible Automation Platform

Fixed an issue where the containerized installer had no preflight check for the Postgres version of an external database.(AAP-39727)
Fixed an issue where the containerized installer could not register other peers in the database.(AAP-39470)
Fixed an issue where there was a missing installation user UID check.(AAP-39393)
Fixed an issue where Postgresql connection errors would be hidden during its configuration.(AAP-39389)
Fixed an issue in the preflight check regression when the TLS private key provided is not an RSA type.(AAP-39816)

10.7.3.7. Event-Driven Ansible

Fixed an issue where the Generate extra vars button did not handle file/env injected credentials.(AAP-36003)

10.7.3.8. Known Issues

In the platform gateway, the tooltip for Projects → Create Project - Project Base Path is undefined.(AAP-27631)
Deploying the platform gateway on FIPS enabled RHEL 9 is currently not supported.(AAP-39146)

10.8. Ansible Automation Platform patch release January 29, 2025

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.8.1. Enhancements

10.8.1.1. Ansible Automation Platform

Using PostgreSQL TLS certificate authentication with an external database is now available.(AAP-38400)

10.8.1.2. Event-Driven Ansible

The ansible.eda collection has been updated to 2.3.1.(AAP-39057)
Users are now able to create a new Event-Driven Ansible credential by copying an existing one.(AAP-39249)
Added support for file and env injectors for credentials.(AAP-39091)

10.8.1.3. RPM-based Ansible Automation Platform

Implemented certificate authentication support (mTLS) for external databases.
- Postgresql TLS certificate authentication is available for external databases.
- Postgresql TLS certificate authentication can be turned on/off (off by default for backward compatibility).
- Each component, automation controller, Event-Driven Ansible, platform gateway, and automation hub, now provides off the shelf (OTS) TLS certificate and key files (mandatory).(AAP-38400)

10.8.2. Bug fixes

10.8.2.1. CVE

With this update, the following CVEs have been addressed:

CVE-2024-56326 python3.11-jinja2: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38852)
CVE-2024-56374 ansible-lightspeed-container: Potential denial-of-service vulnerability in IPv6 validation.(AAP-38647)
CVE-2024-56374 python3.11-django: potential denial-of-service vulnerability in IPv6 validation.(AAP-38630)
CVE-2024-53907 python3.11-django: Potential denial-of-service in django.utils.html.strip_tags().(AAP-38486)
CVE-2024-56201 python3.11-jinja2: Jinja has a sandbox breakout through malicious filenames.(AAP-38331)
CVE-2024-56374 automation-controller: Potential denial-of-service vulnerability in IPv6 validation.(AAP-38648)
CVE-2024-56201 automation-controller: Jinja has a sandbox breakout through malicious filenames.(AAP-38081)
CVE-2024-56326 automation-controller: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38058)

10.8.2.2. Automation controller

Fixed an issue where the order of source inventories was not respected by the collection ansible.controller.(AAP-38524)
Fixed an issue where an actively running job on an execution node may have had its folder deleted by a system task. This fix addresses some Failed to JSON parse a line from worker stream type errors.(AAP-38137)

10.8.2.3. Container-based Ansible Automation Platform

The inventory file variable postgresql_admin_username is no longer required when using an external database. If you do not have database administrator credentials, you can supply the database credentials for each component in the inventory file instead.(AAP-39077)

10.8.2.4. Event-Driven Ansible

Fixed an issue where the application version in the openapi spec was incorrectly set.(AAP-38392)
Fixed an issue where activations were not properly updated in some scenarios with a high load of the system. (AAP-38374)
Fixed an issue where users were unable to filter Rule Audits by rulebook activation name.(AAP-39253)
Fixed an issue where the input field of the injector configuration could not be empty.(AAP-39086)

10.8.2.5. RPM-based Ansible Automation Platform

Fixed an issue where setting automationedacontroller_max_running_activations could cause the installer to fail. (AAP-38708)
Fixed an issue where the platform gateway services are not restarted when a dependency changes.(AAP-38918)
Fixed an issue where the platform gateway could not be setup with custom SSL certificates.(AAP-38985)

10.9. Ansible Automation Platform patch release January 22, 2025

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.9.1. Enhancements

10.9.1.1. Ansible Automation Platform

Legacy Auth SSO URL settings are now customizable if needed for gateway, controller, and hub overrides passed on the Ansible Automation Platform CR if provided. This is mainly useful if you are using a custom ingress controller.(AAP-37364)

10.9.2. Bug fixes

10.9.2.1. Ansible Automation Platform

Fixed an issue where there was a service_id mismatch between gateway and Event-Driven Ansible which was causing activation rulebooks to fail.(AAP-38172)

Note

This fix applies to OpenShift Container Platform only.

10.10. Ansible Automation Platform patch release January 15, 2025

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.10.1. Enhancements

10.10.1.1. Ansible Automation Platform

With this update, the ansible.controller collection has been updated to 4.6.6.(AAP-38443)
Enhanced the status API, /api/gateway/v1/status/, from the services property within the JSON to an array. Consumers of this API can still request the previous format with a URL query parameter service_keys=true.(AAP-37903)

10.10.1.2. Ansible Automation Platform Operator

Added the ability to configure topology_spread_constraints, `node_selector, and `tolerations for gateway deployments. (AAP-37193)

10.10.1.3. Container-based Ansible Automation Platform

TLS certificate and key files are now validated during the preflight role execution.
- If the TLS certificate file is provided then the TLS key file must be provided.
- If the TLS key file is provided then the TLS certificate file must be provided.
- Both TLS certificate and key modulus should match.(AAP-37845)

10.10.2. Bug fixes

10.10.2.1. CVE

With this update, the following CVEs have been addressed:

CVE-2024-52304 python3.11-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions.(AAP-36192)
CVE-2024-55565 automation-gateway: nanoid mishandles non-integer values.(AAP-37168)
CVE-2024-53908 automation-controller: Potential SQL injection in HasKey(lhs, rhs) on Oracle.(AAP-36769)
CVE-2024-53907 automation-controller: Potential denial-of-service in django.utils.html.strip_tags().(AAP-36756)
CVE-2024-11407 automation-controller: Denial-of-Service through data corruption in gRPC-C++.(AAP-36745)
CVE-2024-52304 ansible-lightspeed-container: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions.(AAP-36185)
CVE-2024-56201 ansible-lightspeed-container: Jinja has a sandbox breakout through malicious filenames.(AAP-38079)
CVE-2024-56326 ansible-lightspeed-container: Jinja has a sandbox breakout through indirect reference to format method.(AAP-38056)
CVE-2024-11407 ansible-lightspeed-container: Denial-of-Service through data corruption in gRPC-C++.(AAP-36744)

10.10.2.2. Red Hat Ansible Automation Platform

Fixed not found error that occurred occasionally when navigating through the form wizards.(AAP-37495)
Fixed an issue where installing ansible-core no longer installs python3-jmespath on Red Hat Enterprise Linux 8.(AAP-18251)
Fixed an issue where ID_KEY attribute was improperly used to determine the username field in social auth pipelines.(AAP-38300)
Fixed an issue where authenticator could create a userid and return a non-viable authenticator_uid.(AAP-38021)
Fixed an issue where a private key was displayed in plain text when downloading the OpenAPI schema file.(AAP-37843)

Note

This was not the private key used by gateway, but a random default key.

10.10.2.3. Automation controller

Fixed an issue that did not allow sending job_lifecycle logs to external aggregators.(AAP-37537)
Fixed an issue where there was a date comparison mismatch for traceback from host_metric_summary_monthly task.(AAP-37487)
Fixed an issue where the scheduled jobs with count set to a non-zero value would run unexpectedly. (AAP-37290)
Fixed an issue where a project’s requirements.yml could revert to a prior state in a cluster. (AAP-37228)
Fixed an issue where there would be an occasional error creating the event partition table before starting a job, when a large number of jobs were launched quickly. (AAP-37227)
Fixed an issue where temporary receptor files were not cleaned up after a job completed on nodes. (AAP-36904)
Fixed an issue where POST to /api/controller/login/ via the gateway resulted in a fatal response.(AAP-33911)
Fixed an issue when a job template was launched, the named URL returned a 404 error code.(AAP-37025)

10.10.2.3.1. Container-based Ansible Automation Platform

Fixed an issue where the receptor TLS certificate content was not validated during the preflight role execution ensuring that the x509 Subject Alt Name (SAN) field contains the required ISO Object Identifier (OID) 1.3.6.1.4.1.2312.19.1. (AAP-37880)
Fixed an issue where the Postgresql SSL mode variables for controller, Event-Driven Ansible, gateway and automation hub were not validated during the preflight role execution. (AAP-37352)
Fixed an issue where the Ansible Automation Platform containerized setup installation would upload collections when inventory growth in the AIO installation was used.(AAP-38372)
Fixed an issue where the throttle capacity of controller in an AIO installation would allow for performance degradation.(AAP-38207)

10.10.2.4. RPM-based Ansible Automation Platform

Fixed an issue where adding a new automation hub host to an upgraded environment has caused the installation to fail. (AAP-38204)
Fixed an issue where the link to the documents in the installer README.md was broken. (AAP-37627)
Fixed an issue where the Gateway API status on Event-Driven Ansible proxy component returned 404 errors. (AAP-32816)

10.11. Ansible Automation Platform patch release December 18, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.11.1. Enhancements

10.11.1.1. Ansible Automation Platform

Added help text to all missing fields in Ansible Automation Platform gateway and django-ansible-base. (AAP-37068)
Consistently formatted sentence structure for help_text, and provided more context in the help text where it was vague.(AAP-37016)
Added dynamic preferences for usage by Automation Analytics.(AAP-36710)
- INSIGHTS_TRACKING_STATE: Enables the service to gather data on automation and send it to Automation Analytics.
- RED_HAT_CONSOLE_URL: This setting is used to to configure the upload URL for data collection for Automation Analytics.
- REDHAT_USERNAME: Username used to send data to Automation Analytics.
- REDHAT_PASSWORD: Password for the account used to send data to Automation Analytics.
- SUBSCRIPTIONS_USERNAME: Username is used to retrieve subscription and content information.
- SUBSCRIPTIONS_PASSWORD: Password is used to retrieve subscription and content information.
- AUTOMATION_ANALYTICS_GATHER_INTERVAL: interval in seconds at which Automation Analytics gathers data.
Added an enabled flag for turning authenticator maps on or off. (AAP-36709)
aap-metrics-utility has been updated to 0.4.1. (AAP-36393)
Added the setting trusted_header_timeout_in_ns to timegate X_TRUSTED_PROXY_HEADER validation in the django-ansible-base libraries used by Ansible Automation Platform components. (AAP-36712)

10.11.1.2. Documentation updates

With this update, the Ansible Automation Platform Operator growth topology and Ansible Automation Platform Operator enterprise topology have been updated to include s390x (IBM Z) architecture test support.

10.11.1.3. Event-Driven Ansible

Extended the scope of the log_level and debug settings. (AAP-33669)
A project can now be synced with the Event-Driven Ansible collection modules. (AAP-32264)
In the Rulebook activation create form, selecting a project is now required before selecting a rulebook.(AAP-28082)
The Create credentials button is now visible irrespective of whether there are any existing credentials or not.(AAP-23707)

10.11.2. Bug fixes

10.11.2.1. General

Fixed an issue where django-ansible-base fallback cache kept creating a tmp file even if the LOCATION was set to another path.(AAP-36869)
Fixed an issue where the OIDC authenticator was not allowed to use the JSON key to extract user groups, or for a user to be modified via the new GROUPS_CLAIM configuration setting.(AAP-36716)

With this update, the following CVEs have been addressed:

CVE-2024-11079 ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core.(AAP-35563)
CVE-2024-53908 ansible-lightspeed-container: Potential SQL injection in HasKey(lhs, rhs) on Oracle.(AAP-36767)
CVE-2024-53907 ansible-lightspeed-container: Potential denial-of-service in django.utils.html.strip_tags().(AAP-36755)
CVE-2024-11483 which allowed users to escape the scope of their personal access OAuth2 tokens, from read-scoped to read-write-scoped, in the gateway.(AAP-36261)

10.11.2.2. Red Hat Ansible Automation Platform

Fixed an issue where when role user assignments were queried in the platform UI, the query is successful about 75% of the time.(AAP-36872)
Fixed an issue where the user was unable to filter job templates by label in Ansible Automation Platform 2.5.(AAP-36540)
Fixed an issue where it was not possible to open a job template after removing the user that created the template.(AAP-35820)
Fixed an issue where the inventory source update failed, and did not allow selection of the inventory file.(AAP-35246)
Fixed an issue where the Login Redirect Override setting was missing and not functioning as expected in Ansible Automation Platform 2.5.(AAP-33295)
Fixed an issue where users were able to select a credential that required a password when defining a schedule.(AAP-32821)
Fixed an issue where the job output did not show unless you switched tabs. This also fixed other display issues.(AAP-31125)
Fixed an issue where adding a new Automation Decision role to a team did not work from the Access Management → Teams navigation path.(AAP-31873)
Fixed an issue where migration was missing from Ansible Automation Platform.(AAP-37015)
Fixed an issue where the gateway OAuth token was not encrypted at rest.(AAP-36715)
Fixed an issue where the API forces the user to save a service with an API port even if one does not exist.(AAP-36714)
Fixed an issue where the Gateway did not properly interpret SAML attributes for mappings.(AAP-36713)
Fixed an issue where non-self-signed certificate+key pairs were allowed to be used in SAML authenticator configurations.(AAP-36707)
Fixed an issue where the login page was not redirecting to /api/gateway/v1 if a user was already logged in.(AAP-36638)

10.11.2.3. Ansible automation hub

When configuring an Ansible Remote to sync collections from other servers, a requirements file is only required for syncs from Galaxy, and optional otherwise. Without a requirements file, all collections are synced.(AAP-31238)

10.11.2.3.1. Container-based Ansible Automation Platform

Fixed an issue that allowed automation controller nodes to override the receptor_peers variable. (AAP-37085)
Fixed an issue where the containerized installer ignored receptor_type for automation controller hosts and always installed them as hybrid.(AAP-37012)
Fixed an issue where Podman was not present in the task container, and the cleanup image task failed.(AAP-37011)
Fixed an issue where only one automation controller node was configured with Execution/Hop node peers rather than all automation controller nodes.(AAP-36851)
Fixed an issue where the automation controller services lost connection to the database, where the containers are stopped and the systemd unit does not try to restart.(AAP-36850)
Fixed an issue where receptor_type and receptor_protocol variables validation checks were skipped during the preflight role execution.(AAP-36857)

10.11.2.4. Event-Driven Ansible

Fixed an issue where the url field of the event stream was not updated if EDA_EVENT_STREAM_BASE_URL setting changed. (AAP-33819)
Fixed an issue where Event-Driven Ansible and automation controller fields were pre-populated with gateway credentials when secret: true is set on custom credentials.(AAP-33188)
Fixed an issue where the bulk removal of selected role permissions disappeared when more than 4 permissions were selected.(AAP-28030)
Fixed an issue where Enabled options had its own scrollbar on the Rulebook Activation Details page.(AAP-31130)
Fixed an issue where the status of an activation was occasionally inconsistent with the status of the latest instance after a restart.(AAP-29755)
Fixed an issue where importing a project from a non-existing branch resulted in the completed state instead of a Failed status.(AAP-29144)
Fixed an issue with respect to the custom credential types where if the user clicked The generate extra vars before the fields: key in the input configuration it would create an empty line that is uneditable.(AAP-28084)
Fixed an issue where the project sync would not fail on an empty or unstructured git repository.(AAP-35777)
Fixed an issue where rulebook validation import/sync fails when a rulebook has a duplicated rule name.(AAP-35164)
Fixed an issue where the Event Driven Ansible API allowed a credential’s type to be changed.(AAP-34968)
Fixed an issue where a previously failed project could be accidentally changed to completed after a resync.(AAP-34744)
Fixed an issue where no message was recorded when a project did not contain any rulebooks.(AAP-34555)
Fixed an issue where the name for credentials in the rulebook activation form field was not updated.(AAP-34123)
Updated the message for the rulebook activation/event streams for better clarity.(AAP-33485)
Fixed an issue where the source plugin was not able to use the env vars to establish a successful connection to the remote source.(AAP-35597)
Fixed an issue in the collection where the activation module failed with a misleading error message if the rulebook, project, decision environment, or organization, could not be found.(AAP-35360)
Fixed an issue where the validation a host specified as part of a container registry credential did not conform to container registry standards. The specified host was previously able to use a non-syntactically valid host (name or net address) and optional port value (<valid-host>[:<port>]). The validation is now applied when creating a credential as well as when modifying an existing credential regardless of fields being modified.(AAP-34969)
Fixed an issue whereby multiple Red Hat Ansible Automation Platform credentials were being attached to activations.(AAP-34025)
Fixed an issue where there was an erroneous dependency on the existence of an organization named Default.(AAP-33551)
Fixed an issue where occasionally an activation is reported as running, before it is ready to receive events.(AAP-31225)
Fixed an issue where the user could not edit auto-generated injector vars while creating Event-Driven Ansible custom credentials.(AAP-29752)
Fixed an issue where in some cases the file_watch source plugin in an Event-Driven Ansible collection raised the QueueFull exception.(AAP-29139)
Fixed an issue where the Event-Driven Ansible database increased in size continuously, even if the database was unused. Addend the purge_record script to clean up outdated database records.(AAP-30684)

10.12. Ansible Automation Platform patch release December 3, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.12.1. Enhancements

10.12.1.1. Ansible Automation Platform

Red Hat Ansible Lightspeed has been updated to 2.5.241127.(AAP-35307)
redhat.insights Ansible collection has been updated to 1.3.0.(AAP-35161)
ansible.eda collection has been updated to 2.2.0 in execution environment and decision environment images.(AAP-3398)

10.12.1.2. Ansible Automation Platform Operator

With this update, you can set PostgreSQL SSL/TLS mode to verify-full or verify-ca with the proper sslrootcert configuration in the automation hub Operator.(AAP-35368)

10.12.1.3. Container-based Ansible Automation Platform

With this update, ID and Image fields from a container image are used instead of Digest and ImageDigest to trigger a container update.(AAP-36575)
With this update, you can now update the registry URL value in Event-Driven Ansible credentials.(AAP-35085)
With this update, the kernel.keys.maxkeys and kernel.keys.maxbytes settings are increased on systems with large memory configuration.(AAP-34019)
Added ansible_connection=local to the inventory-growth file and clarified its usage.(AAP-34016)

10.12.1.4. Documentation updates

With this update, the Container growth topology and Container enterprise topology have been updated to include s390x (IBM Z) architecture test support.(AAP-35969)

10.12.1.5. RPM-based Ansible Automation Platform

With this update, you can now update the registry URL value in Event-Driven Ansible credentials.(AAP-35162)

10.12.2. Bug fixes

10.12.2.1. General

With this update, the following CVEs have been addressed:

CVE-2024-52304 automation-controller: aiohttp vulnerable to request smuggling due to wrong parsing of chunk extensions.

10.12.2.2. Ansible Automation Platform Operator

With this update, missing Ansible Automation Platform Operator custom resource definitions (CRDs) are added to the aap-must-gather container image.(AAP-35226)
Disabled platform gateway authentication in the proxy configuration to prevent HTTP 502 errors when the control plane is down.(AAP-36527)
The Red Hat favicon is now correctly displayed on automation controller and Event-Driven Ansible API tabs.(AAP-30810)
With this update, the automation controller admin password is now reused during upgrade from Ansible Automation Platform 2.4 to 2.5.(AAP-35159)
Fixed undefined variable (_controller_enabled) when reconciling an AnsibleAutomationPlatformRestore. Fixed automation hub Operator pg_restore error on restores due to a wrong database secret being set.(AAP-35815)

10.12.2.3. Automation controller

Updated the minor version of uWSGI to obtain updated log verbiage.(AAP-33169)
Fixed job schedules running at the wrong time when the rrule interval was set to HOURLY or MINUTELY.(AAP-36572)
Fixed an issue where sensitive data was displayed in the job output.(AAP-35584)
Fixed an issue where unrelated jobs could be marked as a dependency of other jobs.(AAP-35309)
Included pod anti-affinity configuration on default container group pod specification to optimally spread workload.(AAP-35055)

10.12.2.4. Container-based Ansible Automation Platform

With this update, you cannot change the postgresql_admin_username value when using a managed database node.(AAP-36577)
Added update support for PCP monitoring role.
Disabled platform gateway authentication in the proxy configuration to prevent HTTP 502 errors when the control plane is down.
With this update, you can use dedicated nodes for the Redis group.
Fixed an issue where disabling TLS on platform gateway would cause installation to fail.
Fixed an issue where disabling TLS on platform gateway proxy would cause installation to fail.
Fixed an issue where platform gateway uninstall would leave container systemd unit files on disk.
Fixed an issue where the automation hub container signing service creation failed when hub_collection_signing=false but hub_container_signing=true.
Fixed an issue with the HOME environment variable for receptor containers which would cause a “Permission denied” error on the containerized execution node.
Fixed an issue where not setting up the GPG agent socket properly when many hub nodes are configured, resulted in not creating a GPG socket file in /var/tmp/pulp.
With this update, you can now change the platform gateway port value after the initial deployment.

10.12.2.5. Receptor

Fixed an issue that caused a Receptor runtime panic error.

10.12.2.6. RPM-based Ansible Automation Platform

Fixed an issue where the metrics-utility command failed to run after updating automation controller.
Fixed the owner and group permissions on the /etc/tower/uwsgi.ini file.
Fixed an issue where not having eda_node_type defined in the inventory file would result in backup failure.
Fixed an issue where not having routable_hostname defined in the inventory file would result in a restore failure.
With this update, the inventory-growth file is now included in the RPM installer.
Fixed an issue where the dispatcher service went into FATAL status and failed to process new jobs after a database outage of a few minutes.
Disabled platform gateway authentication in the proxy configuration to allow access to the UI when the control plane is down.
With this update, the Receptor data directory can now be configured using the receptor_datadir variable.

10.13. Ansible Automation Platform patch release November 18, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.13.1. Enhancements

With this release, a redirect page has now been implemented that will be exhibited when you navigate to the root / for each component’s stand-alone URL. The API endpoint remains functional. This affects Event-Driven Ansible, automation controller, Ansible Automation Platform Operator, and OpenShift Container Platform.

10.13.2. Bug fixes

10.13.2.1. General

With this update, the following CVEs have been addressed:

CVE-2024-9902 ansible-core: Ansible-core user may read/write unauthorized content.

CVE-2024-8775 ansible-core: Exposure of sensitive information in Ansible vault files due to improper logging.

10.13.2.2. Ansible Automation Platform

Fixed an issue where the user was unable to filter out hosts on inventory groups where it returned a Failed to load options on Ansible Automation Platform UI.(AAP-34752)

10.13.2.3. Execution Environment

Update pywinrm to 0.4.3 in ee-minimal and ee-supported container images to fix Python 3.11 compatibility.(AAP-34077)

10.13.2.4. Ansible Automation Platform Operator

Fixed a syntax error when bundle_cacert_secret was defined due to incorrect indentation.(AAP-35358)
Fixed an issue where the default operator catalog for Ansible Automation Platform aligned to cluster-scoped versus namespace-scoped.(AAP-35313)
Added the ability to set tolerations and node_selector for the Redis statefulset and the gateway deployment.(AAP-33192)
Ensure the platform URL status is set when Ingress is used to resolve an issue with Microsoft Azure on Cloud managed deployments. This is due to the Ansible Automation Platform operator failing to finish because it is looking for OpenShift Container Platform routes that are not available on Azure Kubernetes Service.(AAP-34036)
Fixed an issue where the Ansible Automation Platform Operator description did not render code block correctly.(AAP-34589)
It is necessary to specify the CONTROLLER_SSO_URL and AUTOMATION_HUB_SSO_URL settings in Gateway to fix the OIDC auth redirect flow.(AAP-34080)
It is necessary to set the SERVICE_BACKED_SSO_AUTH_CODE_REDIRECT_URL setting to fix the OIDC auth redirect flow.(AAP-34079)

10.13.2.5. Container-based Ansible Automation Platform

Fixed an issue when the port value was not defined in the gateway_main_url variable, the containerized installer failed with incorrect execution environment image reference error.(AAP-34716)
Fixed an issue where the containerized installer used port number when specifying the image_url for a decision environment. The user should not add a port to image URLs when using the default value.(AAP-34070)

10.13.2.6. RPM-based Ansible Automation Platform

Fixed an issue where not setting up the gpg agent socket properly when multiple hub nodes are configured resulted in not creating a gpg socket file in /var/run/pulp.(AAP-34067)

10.13.2.7. Ansible development tools

Fixed an issue where missing data files were not included in the molecule RPM package.(AAP-35758)

10.14. Ansible Automation Platform patch release October 28, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

10.14.1. Enhancements

10.14.1.1. Ansible Automation Platform

With this update, upgrades from Ansible Automation Platform 2.4 to 2.5 are supported for RPM and Operator-based deployments. For more information on how to upgrade, see RPM upgrade and migration. (ANSTRAT-809)
- Upgrades from 2.4 Containerized Ansible Automation Platform Tech Preview to 2.5 Containerized Ansible Automation Platform are unsupported.
- Upgrades for Event-Driven Ansible are unsupported from Ansible Automation Platform 2.4 to Ansible Automation Platform 2.5.

10.14.1.2. Ansible Automation Platform Operator

An informative redirect page is now shown when you go to the automation hub URL root. (AAP-30915)

10.14.1.3. Container-based Ansible Automation Platform

The TLS Certificate Authority private key can now use a passphrase. (AAP-33594)
Automation hub is populated with container images (decision and execution environments) and Ansible collections. (AAP-33759)
The automation controller, Event-Driven Ansible, and automation hub legacy UIs now display a redirect page to the Platform UI rather than a blank page. (AAP-33794)

10.14.1.4. RPM-based Ansible Automation Platform

Added platform Redis to RPM-based Ansible Automation Platform. This allows a 6 node cluster for a Redis high availability (HA) deployment. Removed the variable aap_caching_mtls and replaced it with redis_disable_tls and redis_disable_mtls which are boolean flags that disable Redis server TLS and Redis client certificate authentication. (AAP-33773)
An informative redirect page is now shown when going to automation controller, Event-Driven Ansible, or automation hub URL. (AAP-33827)

10.14.2. Bug fixes

10.14.2.1. Ansible Automation Platform

Removed the Legacy external password option from the Authentication Type list. (AAP-31506)
Ansible Galaxy’s sessionauth class is now always the first in the list of authentication classes so that the platform UI can successfully authenticate. (AAP-32146)
CVE-2024-10033 - automation-gateway: Fixed a Cross-site Scripting (XSS) vulnerability on the automation-gateway component that allowed a malicious user to perform actions that impact users.
CVE-2024-22189 - receptor: Resolved an issue in quic-go that would allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs.

10.14.2.2. Automation controller

CVE-2024-41989 - automation-controller: Before this update, in Django, if floatformat received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. With this update, decimals with more than 200 digits are now returned as is.
CVE-2024-45230 - automation-controller: Resolved an issue in Python’s Django urlize() and urlizetrunc() functions where excessive input with a specific sequence of characters would lead to denial of service.

10.14.2.3. Automation hub

Refactored the dynaconf hooks to preserve the necessary authentication classes for Ansible Automation Platform 2.5 deployments. (AAP-31680)
During role migrations, model permissions are now re-added to roles to preserve ownership. (AAP-31417)

10.14.2.4. Ansible Automation Platform Operator

The port is now correctly set when configuring the platform gateway cache redis_host setting when using an external Redis cache. (AAP-33279)
Added checksums to the automation hub deployments so that pods are cycled to pick up changes to the PostgreSQL configuration and galaxy server settings Kubernetes secrets. (AAP-33518)

10.14.2.5. Container-based Ansible Automation Platform

Fixed the uninstall playbook execution when the environment was already uninstalled. (AAP-32981)

10.15. Ansible Automation Platform patch release October 14, 2024

The following fixes have been implemented in this release of Red Hat Ansible Automation Platform.

10.15.1. Fixed issues

10.15.1.1. Ansible Automation Platform

Fixed an issue in platform gateway where examining output logs for UWSGI shows a message that can be viewed as insensitive. (AAP-33213)
Fixed external Redis port configuration issue, which resulted in a cluster_host error when trying to connect to Redis. (AAP-32691)
Fixed a faulty conditional which was causing managed Redis to be deployed even if an external Redis was being configured. (AAP-31607)
After the initial deployment of Ansible Automation Platform, if you make changes to the automation controller, automation hub, or Event-Driven Ansible sections of the Ansible Automation Platform CR specification, those changes are now propagated to the component custom resources. (AAP-32350)
Fixed addressing issues when the filter keep_keys is used, all keys are removed from the dictionary. The keepkey fix is available in the updated ansible.utils collection. (AAP-32960)
Fixed an issue in cisco.ios.ios_static_routes where the metric distance is to be populated in the forward_router_address attribute. (AAP-32960)
Fixed an issue where Ansible Automation Platform Operator is not transferring metric settings to the controller. (AAP-32073)
Fixed an issue where you have a schedule on a resource, such as a job template, that prompts for credentials, and you update the credential to be different from what is on the resource by default, the new credential is not submitted to the API and it does not get updated. (AAP-31957)
Fixed an issue where setting *pg_host= without any other context no longer results in an empty HOST section of settings.py in controller. (AAP-32440)

10.15.2. Advisories

The following errata advisories are included in this release:

10.16. Ansible Automation Platform patch release October 7, 2024

The following enhancements and fixes have been implemented in this release of Red Hat Ansible Automation Platform.

10.16.1. Enhancements

Event-Driven Ansible workers and scheduler add timeout and retry resilience when communicating with a Redis cluster. (AAP-32139)
Removed the MTLS credential type that was incorrectly added. (AAP-31848)

10.16.2. Fixed issues

10.16.2.1. Ansible Automation Platform

Fixed conditional that was skipping necessary tasks in the restore role, which was causing restores to not finish reconciling. (AAP-30437)
Systemd services in the containerized installer are now set with restart policy set to always by default. (AAP-31824)
FLUSHDB is now modified to account for shared usage of a Redis database. It now respects access limitations by removing only those keys that the client has permissions to. (AAP-32138)
Added a fix to ensure default extra_vars values are rendered in the Prompt on launch wizard. (AAP-30585)
Filtered out the unused ANSIBLE_BASE_ settings from the environment variable in job execution. (AAP-32208)

10.16.2.2. Event-Driven Ansible

Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the RPM installer. (AAP-32027)
Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the containerized installer. (AAP-31851)
Fixed a bug where the Event-Driven Ansible workers and scheduler are unable to reconnect to the Redis cluster if a primary Redis node enters a failed state and a new primary node is promoted. See the KCS article Redis failover causes Event-Driven Ansible activation failures that include the steps that were necessary before this bug was fixed. (AAP-30722)

10.16.3. Advisories

The following errata advisories are included in this release:

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.