SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 9. Patch releases

Security, bug fixes, and enhancements for Ansible Automation Platform 2.5 are released as asynchronous erratas. All Ansible Automation Platform erratas are available on the Download Red Hat Ansible Automation Platform page.

As a Red Hat Customer Portal user, you can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, you receive notifications through email whenever new erratas relevant to your registered systems are released.

Note

Red Hat Customer Portal user accounts must have systems registered and consuming Ansible Automation Platform entitlements for Ansible Automation Platform errata notification emails to generate.

The patch releases section of the release notes will be updated over time to give notes on enhancements and bug fixes for patch releases of Ansible Automation Platform 2.5.

Additional resources

9.1. Ansible Automation Platform patch release November 18, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

9.1.1. Enhancements

  • With this release, a redirect page has now been implemented that will be exhibited when you navigate to the root / for each component’s stand-alone URL. The API endpoint remains functional. This affects Event-Driven Ansible, automation controller, Ansible Automation Platform Operator, and OpenShift Container Platform.

9.1.2. Bug fixes

9.1.2.1. General

With this update, the following CVEs have been addressed:

CVE-2024-9902 ansible-core: Ansible-core user may read/write unauthorized content.

CVE-2024-8775 ansible-core: Exposure of sensitive information in Ansible vault files due to improper logging.

9.1.2.2. Ansible Automation Platform

  • Fixed an issue where the user was unable to filter out hosts on inventory groups where it returned a Failed to load options on Ansible Automation Platform UI.

9.1.2.3. Execution Environment

  • Update pywinrm to 0.4.3 in ee-minimal and ee-supported container images to fix Python 3.11 compatibility.

9.1.2.4. Ansible Automation Platform Operator

  • Fixed a syntax error when bundle_cacert_secret was defined due to incorrect indentation.
  • Fixed an issue where the default operator catalog for Ansible Automation Platform aligned to cluster-scoped versus namespace-scoped.
  • Added the ability to set tolerations and node_selector for the Redis statefulset and the gateway deployment.
  • Ensure the platform URL status is set when Ingress is used to resolve an issue with Microsoft Azure on Cloud managed deployments. This is due to the Ansible Automation Platform operator failing to finish because it is looking for OpenShift Container Platform routes that are not available on Azure Kubernetes Service.
  • Fixed an issue where the Ansible Automation Platform Operator description did not render code block correctly.
  • It is necessary to specify the CONTROLLER_SSO_URL and AUTOMATION_HUB_SSO_URL settings in Gateway to fix the OIDC auth redirect flow.
  • It is necessary to set the SERVICE_BACKED_SSO_AUTH_CODE_REDIRECT_URL setting to fix the OIDC auth redirect flow.

9.1.2.5. container-based installation Ansible Automation Platform

  • Fixed an issue when the port value was not defined in the gateway_main_url variable, the containerized installer failed with incorrect execution environment image reference error.
  • Fixed an issue where the containerized installer used port number when specifying the image_url for a decision environment. The user should not add a port to image URLs when using the default value.

9.1.2.6. RPM-based Ansible Automation Platform

  • Fixed an issue where not setting up the gpg agent socket properly when multiple hub nodes are configured resulted in not creating a gpg socket file in /var/run/pulp.

9.1.2.7. Ansible development tools

  • Fixed an issue where missing data files were not included in the molecule RPM package.

9.2. Ansible Automation Platform patch release October 28, 2024

The following enhancements and bug fixes have been implemented in this release of Ansible Automation Platform.

9.2.1. Enhancements

9.2.1.1. Ansible Automation Platform

  • With this update, upgrades from Ansible Automation Platform 2.4 to 2.5 are supported for RPM and Operator-based deployments. For more information on how to upgrade, see RPM upgrade and migration. (ANSTRAT-809)

    • Upgrades from 2.4 Containerized Ansible Automation Platform Tech Preview to 2.5 Containerized Ansible Automation Platform are unsupported at this time.
    • Upgrades for Event-Driven Ansible are unsupported from Ansible Automation Platform 2.4 to Ansible Automation Platform 2.5.

9.2.1.2. Ansible Automation Platform Operator

  • An informative redirect page is now shown when you go to the automation hub URL root. (AAP-30915)

9.2.1.3. Container-based Ansible Automation Platform

  • The TLS Certificate Authority private key can now use a passphrase. (AAP-33594)
  • Automation hub is populated with container images (decision and execution environments) and Ansible collections. (AAP-33759)
  • The automation controller, Event-Driven Ansible, and automation hub legacy UIs now display a redirect page to the Platform UI rather than a blank page. (AAP-33794)

9.2.1.4. RPM-based Ansible Automation Platform

  • Added platform Redis to RPM-based Ansible Automation Platform. This allows a 6 node cluster for a Redis high availability (HA) deployment. Removed the variable aap_caching_mtls and replaced it with redis_disable_tls and redis_disable_mtls which are boolean flags that disable Redis server TLS and Redis client certificate authentication. (AAP-33773)
  • An informative redirect page is now shown when going to automation controller, Event-Driven Ansible, or automation hub URL. (AAP-33827)

9.2.2. Bug fixes

9.2.2.1. Ansible Automation Platform

  • Removed the Legacy external password option from the Authentication Type list. (AAP-31506)
  • Ansible Galaxy’s sessionauth class is now always the first in the list of authentication classes so that the platform UI can successfully authenticate. (AAP-32146)
  • CVE-2024-10033 - automation-gateway: Fixed a Cross-site Scripting (XSS) vulnerability on the automation-gateway component that allowed a malicious user to perform actions that impact users.
  • CVE-2024-22189 - receptor: Resolved an issue in quic-go that would allow an attacker to trigger a denial of service by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs.

9.2.2.2. Automation controller

  • CVE-2024-41989 - automation-controller: Before this update, in Django, if floatformat received a string representation of a number in scientific notation with a large exponent, it could lead to significant memory consumption. With this update, decimals with more than 200 digits are now returned as is.
  • CVE-2024-45230 - automation-controller: Resolved an issue in Python’s Django urlize() and urlizetrunc() functions where excessive input with a specific sequence of characters would lead to denial of service.

9.2.2.3. Automation hub

  • Refactored the dynaconf hooks to preserve the necessary authentication classes for Ansible Automation Platform 2.5 deployments. (AAP-31680)
  • During role migrations, model permissions are now re-added to roles to preserve ownership. (AAP-31417)

9.2.2.4. Ansible Automation Platform Operator

  • The port is now correctly set when configuring the platform gateway cache redis_host setting when using an external Redis cache. (AAP-33279)
  • Added checksums to the automation hub deployments so that pods are cycled to pick up changes to the PostgreSQL configuration and galaxy server settings Kubernetes secrets. (AAP-33518)

9.2.2.5. Container-based Ansible Automation Platform

  • Fixed the uninstall playbook execution when the environment was already uninstalled. (AAP-32981)

9.3. Ansible Automation Platform patch release October 14, 2024

The following fixes have been implemented in this release of Red Hat Ansible Automation Platform.

9.3.1. Fixed issues

9.3.1.1. Ansible Automation Platform

  • Fixed an issue in platform gateway where examining output logs for UWSGI shows a message that can be viewed as insensitive. (AAP-33213)
  • Fixed external Redis port configuration issue, which resulted in a cluster_host error when trying to connect to Redis. (AAP-32691)
  • Fixed a faulty conditional which was causing managed Redis to be deployed even if an external Redis was being configured. (AAP-31607)
  • After the initial deployment of Ansible Automation Platform, if you make changes to the automation controller, automation hub, or Event-Driven Ansible sections of the Ansible Automation Platform CR specification, those changes are now propagated to the component custom resources. (AAP-32350)
  • Fixed addressing issues when the filter keep_keys is used, all keys are removed from the dictionary. The keepkey fix is available in the updated ansible.utils collection. (AAP-32960)
  • Fixed an issue in cisco.ios.ios_static_routes where the metric distance is to be populated in the forward_router_address attribute. (AAP-32960)
  • Fixed an issue where Ansible Automation Platform Operator is not transferring metric settings to the controller. (AAP-32073)
  • Fixed an issue where you have a schedule on a resource, such as a job template, that prompts for credentials, and you update the credential to be different from what is on the resource by default, the new credential is not submitted to the API and it does not get updated. (AAP-31957)
  • Fixed an issue where setting *pg_host= without any other context no longer results in an empty HOST section of settings.py in controller. (AAP-32440)

9.3.2. Advisories

The following errata advisories are included in this release:

9.4. Ansible Automation Platform patch release October 7, 2024

The following enhancements and fixes have been implemented in this release of Red Hat Ansible Automation Platform.

9.4.1. Enhancements

  • Event-Driven Ansible workers and scheduler add timeout and retry resilience when communicating with a Redis cluster. (AAP-32139)
  • Removed the MTLS credential type that was incorrectly added. (AAP-31848)

9.4.2. Fixed issues

9.4.2.1. Ansible Automation Platform

  • Fixed conditional that was skipping necessary tasks in the restore role, which was causing restores to not finish reconciling. (AAP-30437)
  • Systemd services in the containerized installer are now set with restart policy set to always by default. (AAP-31824)
  • FLUSHDB is now modified to account for shared usage of a Redis database. It now respects access limitations by removing only those keys that the client has permissions to. (AAP-32138)
  • Added a fix to ensure default extra_vars values are rendered in the Prompt on launch wizard. (AAP-30585)
  • Filtered out the unused ANSIBLE_BASE_ settings from the environment variable in job execution. (AAP-32208)

9.4.2.2. Event-Driven Ansible

  • Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the RPM installer. (AAP-32027)
  • Configured the setting EVENT_STREAM_MTLS_BASE_URL to the correct default to ensure MTLS is disallowed in the containerized installer. (AAP-31851)
  • Fixed a bug where the Event-Driven Ansible workers and scheduler are unable to reconnect to the Redis cluster if a primary Redis node enters a failed state and a new primary node is promoted. See the KCS article Redis failover causes Event-Driven Ansible activation failures that include the steps that were necessary before this bug was fixed. (AAP-30722)

9.4.3. Advisories

The following errata advisories are included in this release:

Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.