diff --git a/changelogs/fragments/no_log_fix_for_connection_exceptions.yaml b/changelogs/fragments/no_log_fix_for_connection_exceptions.yaml new file mode 100644 index 0000000000..a5be03a6ba --- /dev/null +++ b/changelogs/fragments/no_log_fix_for_connection_exceptions.yaml @@ -0,0 +1,9 @@ +--- +bugfixes: +- '**Security Fix** - Some connection exceptions would cause no_log specified on + a task to be ignored. If this happened, the task information, including any + private information could have been displayed to stdout and (if enabled, not + the default) logged to a log file specified in ansible.cfg''s log_path. + Additionally, sites which redirected stdout from ansible runs to a log file + may have stored that private information onto disk that way as well. + (https://github.com/ansible/ansible/pull/41414)'