diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3e54f47a02..5462e991e7 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,65 @@ Community General Release Notes .. contents:: Topics +v1.3.8 +====== + +Release Summary +--------------- + +Security bugfix and regular bugfix release. + +Minor Changes +------------- + +- bundler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- consul - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- consul_acl - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- consul_session - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- datadog_monitor - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- oneandone_firewall_policy - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- oneandone_load_balancer - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- oneandone_monitoring_policy - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- oneandone_private_network - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- oneandone_server - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- profitbricks - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- profitbricks_volume - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- sensu_check - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- sensu_client - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- sensu_handler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- webfaction_domain - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). +- webfaction_site - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + +Breaking Changes / Porting Guide +-------------------------------- + +- docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103). + +Security Fixes +-------------- + +- docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). +- na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). +- sf_account_manager - mark the ``initiator_secret`` and ``target_secret`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). + +Bugfixes +-------- + +- Mark various module options with ``no_log=False`` which have a name that potentially could leak secrets, but which do not (https://github.com/ansible-collections/community.general/pull/2001). +- bigpanda - actually use the ``deployment_message`` option (https://github.com/ansible-collections/community.general/pull/1928). +- cloudforms inventory - fixed issue that non-existing (archived) VMs were synced (https://github.com/ansible-collections/community.general/pull/720). +- docker_container - fix healthcheck disabling idempotency issue with strict comparison (https://github.com/ansible-collections/community.docker/issues/85). +- docker_image - prevent module failure when removing image that is removed between inspection and removal (https://github.com/ansible-collections/community.docker/pull/87). +- docker_image - prevent module failure when removing non-existant image by ID (https://github.com/ansible-collections/community.docker/pull/87). +- docker_image_info - prevent module failure when image vanishes between listing and inspection (https://github.com/ansible-collections/community.docker/pull/87). +- docker_image_info - prevent module failure when querying non-existant image by ID (https://github.com/ansible-collections/community.docker/pull/87). +- nmcli - ensure the ``slave-type`` option is passed to ``nmcli`` for type ``bond-slave`` (https://github.com/ansible-collections/community.general/pull/1882). +- proxmox - removed requirement that root password is provided when containter state is ``present`` (https://github.com/ansible-collections/community.general/pull/1999). +- proxmox inventory - added handling of extra trailing slashes in the URL (https://github.com/ansible-collections/community.general/pull/1914). +- proxmox inventory - exclude qemu templates from inclusion to the inventory via pools (https://github.com/ansible-collections/community.general/issues/1986, https://github.com/ansible-collections/community.general/pull/1991). +- xfs_quota - the feedback for initializing project quota using xfs_quota binary from ``xfsprogs`` has changed since the version it was written for (https://github.com/ansible-collections/community.general/pull/1596). +- zfs - some ZFS properties could be passed when the dataset/volume did not exist, but would fail if the dataset already existed, even if the property matched what was specified in the ansible task (https://github.com/ansible-collections/community.general/issues/868, https://github.com/ansible-collections/community.general/pull/1833). + v1.3.7 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index fafb267265..64e4de2aa7 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -2149,3 +2149,88 @@ releases: - 1895-proxmox-kvm-fix-issue-1875.yml - selective-core-2.11.yml release_date: '2021-02-25' + 1.3.8: + changes: + breaking_changes: + - docker_swarm - if ``join_token`` is specified, a returned join token with + the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. + Make sure that you do not blindly use the join tokens from the return value + of this module when the module is invoked with ``join_token`` specified! This + breaking change appears in a minor release since it is necessary to fix a + security issue (https://github.com/ansible-collections/community.docker/pull/103). + bugfixes: + - Mark various module options with ``no_log=False`` which have a name that potentially + could leak secrets, but which do not (https://github.com/ansible-collections/community.general/pull/2001). + - bigpanda - actually use the ``deployment_message`` option (https://github.com/ansible-collections/community.general/pull/1928). + - cloudforms inventory - fixed issue that non-existing (archived) VMs were synced + (https://github.com/ansible-collections/community.general/pull/720). + - docker_container - fix healthcheck disabling idempotency issue with strict + comparison (https://github.com/ansible-collections/community.docker/issues/85). + - docker_image - prevent module failure when removing image that is removed + between inspection and removal (https://github.com/ansible-collections/community.docker/pull/87). + - docker_image - prevent module failure when removing non-existant image by + ID (https://github.com/ansible-collections/community.docker/pull/87). + - docker_image_info - prevent module failure when image vanishes between listing + and inspection (https://github.com/ansible-collections/community.docker/pull/87). + - docker_image_info - prevent module failure when querying non-existant image + by ID (https://github.com/ansible-collections/community.docker/pull/87). + - nmcli - ensure the ``slave-type`` option is passed to ``nmcli`` for type ``bond-slave`` + (https://github.com/ansible-collections/community.general/pull/1882). + - proxmox - removed requirement that root password is provided when containter + state is ``present`` (https://github.com/ansible-collections/community.general/pull/1999). + - proxmox inventory - added handling of extra trailing slashes in the URL (https://github.com/ansible-collections/community.general/pull/1914). + - proxmox inventory - exclude qemu templates from inclusion to the inventory + via pools (https://github.com/ansible-collections/community.general/issues/1986, + https://github.com/ansible-collections/community.general/pull/1991). + - xfs_quota - the feedback for initializing project quota using xfs_quota binary + from ``xfsprogs`` has changed since the version it was written for (https://github.com/ansible-collections/community.general/pull/1596). + - zfs - some ZFS properties could be passed when the dataset/volume did not + exist, but would fail if the dataset already existed, even if the property + matched what was specified in the ansible task (https://github.com/ansible-collections/community.general/issues/868, + https://github.com/ansible-collections/community.general/pull/1833). + minor_changes: + - bundler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - consul - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - consul_acl - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - consul_session - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - datadog_monitor - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - oneandone_firewall_policy - elements of list parameters are now validated + (https://github.com/ansible-collections/community.general/pull/1885). + - oneandone_load_balancer - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - oneandone_monitoring_policy - elements of list parameters are now validated + (https://github.com/ansible-collections/community.general/pull/1885). + - oneandone_private_network - elements of list parameters are now validated + (https://github.com/ansible-collections/community.general/pull/1885). + - oneandone_server - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - profitbricks - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - profitbricks_volume - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - sensu_check - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - sensu_client - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - sensu_handler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - webfaction_domain - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + - webfaction_site - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). + release_summary: Security bugfix and regular bugfix release. + security_fixes: + - docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it + is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103). + - na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid + leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). + - sf_account_manager - mark the ``initiator_secret`` and ``target_secret`` parameters + as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018). + fragments: + - 1.3.8.yml + - 1596-xfs_quota-feedback_on_projects_not_initialized_has_changed.yml + - 1833-zfs-creation-only-properties.yaml + - 1882-fix-nmcli-ensure-slave-type-for-bond-slave.yml + - 1885-sanity-check-fixes-batch3.yml + - 1914-add-sanitization-to-url.yml + - 1928-bigpanda-message.yml + - 1991-proxmox-inventory-fix-template-in-pool.yml + - 1999-proxmox-fix-issue-1955.yml + - 2001-no_log-false.yml + - 720-cloudforms_inventory.yml + - community.docker-103-docker_swarm-no_log.yml + - community.docker-87-docker_image-load-image-ids.yml + - community.docker-88-docker_container-healthcheck.yml + - missing-no_log-again.yml + release_date: '2021-03-15' diff --git a/changelogs/fragments/1.3.8.yml b/changelogs/fragments/1.3.8.yml deleted file mode 100644 index 669e0010ec..0000000000 --- a/changelogs/fragments/1.3.8.yml +++ /dev/null @@ -1 +0,0 @@ -release_summary: Security bugfix and regular bugfix release. diff --git a/changelogs/fragments/1596-xfs_quota-feedback_on_projects_not_initialized_has_changed.yml b/changelogs/fragments/1596-xfs_quota-feedback_on_projects_not_initialized_has_changed.yml deleted file mode 100644 index ba75a86a62..0000000000 --- a/changelogs/fragments/1596-xfs_quota-feedback_on_projects_not_initialized_has_changed.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - xfs_quota - the feedback for initializing project quota using xfs_quota binary from ``xfsprogs`` has changed since the version it was written for (https://github.com/ansible-collections/community.general/pull/1596). diff --git a/changelogs/fragments/1833-zfs-creation-only-properties.yaml b/changelogs/fragments/1833-zfs-creation-only-properties.yaml deleted file mode 100644 index deb972a6d2..0000000000 --- a/changelogs/fragments/1833-zfs-creation-only-properties.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - zfs - some ZFS properties could be passed when the dataset/volume did not exist, but would fail if the dataset already existed, even if the property matched what was specified in the ansible task (https://github.com/ansible-collections/community.general/issues/868, https://github.com/ansible-collections/community.general/pull/1833). diff --git a/changelogs/fragments/1882-fix-nmcli-ensure-slave-type-for-bond-slave.yml b/changelogs/fragments/1882-fix-nmcli-ensure-slave-type-for-bond-slave.yml deleted file mode 100644 index 47569b6a24..0000000000 --- a/changelogs/fragments/1882-fix-nmcli-ensure-slave-type-for-bond-slave.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - nmcli - ensure the ``slave-type`` option is passed to ``nmcli`` for type ``bond-slave`` (https://github.com/ansible-collections/community.general/pull/1882). diff --git a/changelogs/fragments/1885-sanity-check-fixes-batch3.yml b/changelogs/fragments/1885-sanity-check-fixes-batch3.yml deleted file mode 100644 index bf819a6e21..0000000000 --- a/changelogs/fragments/1885-sanity-check-fixes-batch3.yml +++ /dev/null @@ -1,18 +0,0 @@ -minor_changes: - - oneandone_firewall_policy - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - oneandone_load_balancer - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - oneandone_monitoring_policy - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - oneandone_private_network - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - oneandone_server - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - profitbricks - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - profitbricks_volume - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - webfaction_domain - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - webfaction_site - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - consul - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - consul_acl - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - consul_session - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - datadog_monitor - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - sensu_check - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - sensu_client - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - sensu_handler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). - - bundler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885). diff --git a/changelogs/fragments/1914-add-sanitization-to-url.yml b/changelogs/fragments/1914-add-sanitization-to-url.yml deleted file mode 100644 index 3b41bcb7af..0000000000 --- a/changelogs/fragments/1914-add-sanitization-to-url.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - proxmox inventory - added handling of extra trailing slashes in the URL (https://github.com/ansible-collections/community.general/pull/1914). diff --git a/changelogs/fragments/1928-bigpanda-message.yml b/changelogs/fragments/1928-bigpanda-message.yml deleted file mode 100644 index 081b51cc0f..0000000000 --- a/changelogs/fragments/1928-bigpanda-message.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "bigpanda - actually use the ``deployment_message`` option (https://github.com/ansible-collections/community.general/pull/1928)." diff --git a/changelogs/fragments/1991-proxmox-inventory-fix-template-in-pool.yml b/changelogs/fragments/1991-proxmox-inventory-fix-template-in-pool.yml deleted file mode 100644 index 90a438dddf..0000000000 --- a/changelogs/fragments/1991-proxmox-inventory-fix-template-in-pool.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - proxmox inventory - exclude qemu templates from inclusion to the inventory via pools (https://github.com/ansible-collections/community.general/issues/1986, https://github.com/ansible-collections/community.general/pull/1991). diff --git a/changelogs/fragments/1999-proxmox-fix-issue-1955.yml b/changelogs/fragments/1999-proxmox-fix-issue-1955.yml deleted file mode 100644 index 274e70fb0f..0000000000 --- a/changelogs/fragments/1999-proxmox-fix-issue-1955.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: -- proxmox - removed requirement that root password is provided when containter state is ``present`` (https://github.com/ansible-collections/community.general/pull/1999). diff --git a/changelogs/fragments/2001-no_log-false.yml b/changelogs/fragments/2001-no_log-false.yml deleted file mode 100644 index 82d9ba0bb0..0000000000 --- a/changelogs/fragments/2001-no_log-false.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "Mark various module options with ``no_log=False`` which have a name that potentially could leak secrets, but which do not (https://github.com/ansible-collections/community.general/pull/2001)." diff --git a/changelogs/fragments/720-cloudforms_inventory.yml b/changelogs/fragments/720-cloudforms_inventory.yml deleted file mode 100644 index f5675205d1..0000000000 --- a/changelogs/fragments/720-cloudforms_inventory.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - cloudforms inventory - fixed issue that non-existing (archived) VMs were synced (https://github.com/ansible-collections/community.general/pull/720). diff --git a/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml b/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml deleted file mode 100644 index a2e40747ac..0000000000 --- a/changelogs/fragments/community.docker-103-docker_swarm-no_log.yml +++ /dev/null @@ -1,4 +0,0 @@ -security_fixes: -- "docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103)." -breaking_changes: -- "docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103)." diff --git a/changelogs/fragments/community.docker-87-docker_image-load-image-ids.yml b/changelogs/fragments/community.docker-87-docker_image-load-image-ids.yml deleted file mode 100644 index 7433f69ab8..0000000000 --- a/changelogs/fragments/community.docker-87-docker_image-load-image-ids.yml +++ /dev/null @@ -1,5 +0,0 @@ -bugfixes: -- "docker_image - prevent module failure when removing image that is removed between inspection and removal (https://github.com/ansible-collections/community.docker/pull/87)." -- "docker_image - prevent module failure when removing non-existant image by ID (https://github.com/ansible-collections/community.docker/pull/87)." -- "docker_image_info - prevent module failure when image vanishes between listing and inspection (https://github.com/ansible-collections/community.docker/pull/87)." -- "docker_image_info - prevent module failure when querying non-existant image by ID (https://github.com/ansible-collections/community.docker/pull/87)." diff --git a/changelogs/fragments/community.docker-88-docker_container-healthcheck.yml b/changelogs/fragments/community.docker-88-docker_container-healthcheck.yml deleted file mode 100644 index 949d0875b5..0000000000 --- a/changelogs/fragments/community.docker-88-docker_container-healthcheck.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "docker_container - fix healthcheck disabling idempotency issue with strict comparison (https://github.com/ansible-collections/community.docker/issues/85)." diff --git a/changelogs/fragments/missing-no_log-again.yml b/changelogs/fragments/missing-no_log-again.yml deleted file mode 100644 index a555c85ed7..0000000000 --- a/changelogs/fragments/missing-no_log-again.yml +++ /dev/null @@ -1,3 +0,0 @@ -security_fixes: -- "na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018)." -- "sf_account_manager - mark the ``initiator_secret`` and ``target_secret`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018)."