Junos OS version out-of-date in AAP2 Networking workshop

rh-achapman commented 3 months ago

Problem Summary

Deploying the "Ansible Automation Platform 2 Networking Automation Workshop" using the Juniper option provisions the vSRX routers with Junos 22.3R2.12 software. This version is out-of-date and vulnerable to several CVEs and issues fixed in 22.3R2-S2 (or 22.3R3-S1) releases.

Provisioning workshops with newer software releases will improve the security of these workshops given they are (by default) provisioning publicly addressable infrastructure.

Issue Type

Security Issue

Extra vars file

N/A

Ansible Playbook Output

N/A

Ansible Version

N/A

Ansible Configuration

N/A

Ansible Execution Node

Ansible Controller (previously known as Ansible Tower)

Operating System

JUNOS 22.3R2.12

IPvSean commented 3 months ago

@rh-achapman Will 22.4R2-S2 be ok?

rh-achapman commented 3 months ago

That should be alright, yes. Most of the issues I could see were resolved in either 22.4R2-S2 or 22.4R3, so at least for now that would be fine.

Obviously as new issues are discovered, we'd want to update beyond that (to the 22.4R3 updates, for example) but 22.4R2-S2 would be appropriate at this time.

ansible / workshops