Search
SupportConsoleDevelopersStart a trialContact

Chapter 9. Patch releases

download PDF

Security, bug fixes, and enhancements for Ansible Automation Platform 2.5 are released as asynchronous erratas. All Ansible Automation Platform erratas are available on the Download Red Hat Ansible Automation Platform page.

As a Red Hat Customer Portal user, you can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, you receive notifications through email whenever new erratas relevant to your registered systems are released.

Note

Red Hat Customer Portal user accounts must have systems registered and consuming Ansible Automation Platform entitlements for Ansible Automation Platform errata notification emails to generate.

The patch releases section of the release notes will be updated over time to give notes on enhancements and bug fixes for patch releases of Ansible Automation Platform 2.5.

Additional resources

9.1. Ansible Automation Platform patch release October 28, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

9.1.1. Enhancements

9.1.1.1. Ansible Automation Platform

  • With this update, upgrades from Ansible Automation Platform 2.4 to 2.5 are supported for RPM and Operator-based deployments. For more information on how to upgrade, see RPM upgrade and migration. (ANSTRAT-809)

    • Upgrades from 2.4 Containerized Ansible Automation Platform Tech Preview to 2.5 Containerized Ansible Automation Platform are unsupported at this time.
    • Upgrades for Event-Driven Ansible are unsupported from Ansible Automation Platform 2.4 to Ansible Automation Platform 2.5.

9.1.1.2. Ansible Automation Platform Operator

  • An informative redirect page is now shown when you go to the automation hub URL root. (AAP-30915)

9.1.1.3. Container-based Ansible Automation Platform

  • The TLS Certificate Authority private key can now use a passphrase. (AAP-33594)
  • Automation hub is populated with container images (decision and execution environments) and Ansible collections. (AAP-33759)
  • The automation controller, Event-Driven Ansible, and automation hub legacy UIs now display a redirect page to the Platform UI rather than a blank page. (AAP-33794)

9.1.1.4. RPM-based Ansible Automation Platform

  • Added platform Redis to RPM-based Ansible Automation Platform. This allows a 6 node cluster for a Redis high availability (HA) deployment. Removed the variable aap_caching_mtls and replaced it with redis_disable_tls and redis_disable_mtls which are boolean flags that disable Redis server TLS and Redis client certificate authentication. (AAP-33773)
  • An informative redirect page is now shown when going to automation controller, Event-Driven Ansible, or automation hub URL. (AAP-33827)

9.1.2. Bug fixes

9.1.2.1. Ansible Automation Platform

  • Removed the Legacy external password option from the Authentication Type list. (AAP-31506)
  • Ansible Galaxy’s sessionauth class is now always the first in the list of authentication classes so that the platform UI can successfully authenticate. (AAP-32146)
  • CVE-2024-10033 - automation-gateway: Fixed a Cross-site Scripting (XSS) vulnerability on the automation-gateway component that allowed a malicious user to perform actions that impact users.
  • CVE-2024-22189 - receptor: Resolved an issue in quic-go that would allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs.

9.1.2.2. Automation controller

  • CVE-2024-41989 - automation-controller: Before this update, in Django, if floatformat received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. With this update, decimals with more than 200 digits are now returned as is.
  • CVE-2024-45230 - automation-controller: Resolved an issue in Python’s Django urlize() and urlizetrunc() functions where excessive input with a specific sequence of characters would lead to denial of service.

9.1.2.3. Automation hub

  • Refactored the dynaconf hooks to preserve the necessary authentication classes for Ansible Automation Platform 2.5 deployments. (AAP-31680)
  • During role migrations, model permissions are now re-added to roles to preserve ownership. (AAP-31417)

9.1.2.4. Ansible Automation Platform Operator

  • The port is now correctly set when configuring the platform gateway cache redis_host setting when using an external Redis cache. (AAP-33279)
  • Added checksums to the automation hub deployments so that pods are cycled to pick up changes to the PostgreSQL configuration and galaxy server settings Kubernetes secrets. (AAP-33518)

9.1.2.5. Container-based Ansible Automation Platform

  • Fixed the uninstall playbook execution when the environment was already uninstalled. (AAP-32981)

9.2. Ansible Automation Platform patch release October 14, 2024

The following fixes have been implemented in this release of Red Hat Ansible Automation Platform.

9.2.1. Fixed issues

9.2.1.1. Ansible Automation Platform

  • Fixed an issue in platform gateway where examining output logs for UWSGI shows a message that can be viewed as insensitive. (AAP-33213)
  • Fixed external Redis port configuration issue, which resulted in a cluster_host error when trying to connect to Redis. (AAP-32691)
  • Fixed a faulty conditional which was causing managed Redis to be deployed even if an external Redis was being configured. (AAP-31607)
  • After the initial deployment of Ansible Automation Platform, if you make changes to the automation controller, automation hub, or Event-Driven Ansible sections of the Ansible Automation Platform CR specification, those changes are now propagated to the component custom resources. (AAP-32350)
  • Fixed addressing issues when the filter keep_keys is used, all keys are removed from the dictionary. The keepkey fix is available in the updated ansible.utils collection. (AAP-32960)
  • Fixed an issue in cisco.ios.ios_static_routes where the metric distance is to be populated in the forward_router_address attribute. (AAP-32960)
  • Fixed an issue where Ansible Automation Platform Operator is not transferring metric settings to the controller. (AAP-32073)
  • Fixed an issue where you have a schedule on a resource, such as a job template, that prompts for credentials, and you update the credential to be different from what is on the resource by default, the new credential is not submitted to the API and it does not get updated. (AAP-31957)
  • Fixed an issue where setting *pg_host= without any other context no longer results in an empty HOST section of settings.py in controller. (AAP-32440)

9.2.2. Advisories

The following errata advisories are included in this release:

9.3. Ansible Automation Platform patch release October 7, 2024

The following enhancements and fixes have been implemented in this release of Red Hat Ansible Automation Platform.

9.3.1. Enhancements

  • Event-Driven Ansible workers and scheduler add timeout and retry resilience when communicating with a Redis cluster. (AAP-32139)
  • Removed the MTLS credential type that was incorrectly added. (AAP-31848)

9.3.2. Fixed issues

9.3.2.1. Ansible Automation Platform

  • Fixed conditional that was skipping necessary tasks in the restore role, which was causing restores to not finish reconciling. (AAP-30437)
  • Systemd services in the containerized installer are now set with restart policy set to always by default. (AAP-31824)
  • FLUSHDB is now modified to account for shared usage of a Redis database. It now respects access limitations by removing only those keys that the client has permissions to. (AAP-32138)
  • Added a fix to ensure default extra_vars values are rendered in the Prompt on launch wizard. (AAP-30585)
  • Filtered out the unused ANSIBLE_BASE_ settings from the environment variable in job execution. (AAP-32208)

9.3.2.2. Event-Driven Ansible

  • Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the RPM installer. (AAP-32027)
  • Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the containerized installer. (AAP-31851)
  • Fixed a bug where the Event-Driven Ansible workers and scheduler are unable to reconnect to the Redis cluster if a primary Redis node enters a failed state and a new primary node is promoted. See the KCS article Redis failover causes Event-Driven Ansible activation failures that include the steps that were necessary before this bug was fixed. (AAP-30722)

9.3.3. Advisories

The following errata advisories are included in this release:

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.