rmol
commented
4 years ago Seems like we might as well jump to 2.9 for the same reason -- barring other security patches, it'll be longer before we're forced to update it again.
Closed redshiftzero closed 4 years ago
rmol
commented
4 years ago Seems like we might as well jump to 2.9 for the same reason -- barring other security patches, it'll be longer before we're forced to update it again.
Description
CVE-2019-14864 is a vulnerability in Ansible's
no_logflag for the splunk and sumologic plugins (sensitive data is incorrectly logged) but neither of which we're using. Regardless, we should update Ansible to a version that does not have this vulnerability in the next release.@emkll also pointed out to me that this is a good time to get onto the 2.8 series since the 2.7 series will become unmaintained when 2.10 is released (it's in development).