Stay Informed

This week, read about:

Non-Security Based Updates

Angular 18.0.0
(refactor - bcce85af72) | remove deprecatedmatchesElementfromAnimationDriver(#55479)

(refactor - d34c033902) | Deprecate Local Data API functions (#54483)
(refactor - 3b0de30b37) | remove deprecatedisPlatformWorkerAppandisPlatformWorkerUiAPI (#55302)

(fix - 91b007e58f) | add math elements to schema (#55631)
(fix - 33d0102304) | allow comments between connected blocks (#55966)
(fix - 7fc7f3f05f) | capture all control flow branches for content projection in if blocks (#54921)
(fix - a369f43fbd) | capture switch block cases for content projection (#54921)
(fix - eb625d3783) | declare for loop aliases in addition to new name (#54942)
(fix - f824911510) | ForFatalDiagnosticError, hide themessagefield without affecting the emit (#55160)
(fix - a040fb720a) | maintain multiline CSS selectors during CSS scoping (#55509)
(fix - 39624c6b12) | output input flags as a literal (#55215)
(fix - eba92cfa55) | prevent usage of reserved control flow symbol in custom interpolation context. (#55809)
(fix - 7d5bc1c628) | remove container index from conditional instruction (#55190)
(fix - 4eb0165750) | remove support for unassignable expressions in two-way bindings (#55342)
(fix - e1650e3b13) | throw error if item name and context variables conflict (#55045)

(feat - 5bd188a394) | add partial compilation support for deferred blocks (#54908)
(feat - b02b31a915) | drop support for TypeScript older than 5.4 (#54961)
(fix - 78188e877a) | add diagnostic if initializer API is used outside of an initializer (#54993)
(fix - 69a83993b3) | do not throw when retrieving TCB symbol for signal input with restricted access (#55774)
(fix - 4f4f41016e) | dom property binding check in signal extended diagnostic (#54324)
(fix - 7a16d7e969) | don't type check the bodies of control flow nodes in basic mode (#55360)
(fix - 8d93597a82) | fix type narrowing of@ifwith aliases (#55835)
(fix - 9b424d7224) | preserve original reference to non-deferrable dependency (#54759)
(fix - 694ba79cbf) | report cases where initializer APIs are used in a non-directive class (#54993)
(fix - 6219341d26) | report errors when initializer APIs are used on private fields (#54981)
(fix - c04ffb1fa6) | use switch statements to narrow Angular switch blocks (#55168)

(feat - a730f09ae9) | Add a public API to establish events to be replayed and an attribute to mark an element with an event handler. (#55356)
(feat - fdd560ea14) | Add ability to configure zone change detection to use zoneless scheduler (#55252)
(feat - bce5e2344f) | Add build target for jsaction contract binary. (#55319)
(feat - 666d646575) | Add event delegation library to queue up events and replay them when the application is ready (#55121)
(feat - 5f06ca8f55) | add HOST_TAG_NAME token (#54751)
(feat - a600a39d0c) | add support for fallback content in ng-content (#54854)
(feat - 146306a141) | add support for i18n hydration (#54823)
(feat - f09c5a7bc4) | Add zoneless change detection provider as experimental (#55329)
(feat - d28614b90e) | Modify EventType from an enum to an object. (#55323)
(feat - ac863ded48) | provide ExperimentalPendingTasks API (#55487)
(feat - 1ee9f32621) | Synchronize changes from internal JSAction codebase. (#55182)
(fix - d888da4606) | ApplicationRef.tickshould respect OnPush for host bindings (#53718)
(fix - 64f870c12b) | ApplicationRef.tickshould respect OnPush for host bindings (#53718) (#53718)
(fix - 8cad4e8cbe) | ComponentFixtureautoDetectrespectsOnPushflag of host view (#54824)
(fix - 658cf8c384) | ComponentFixturestability should matchApplicationRef(#54949)
(fix - 2fc11eae9e) | account for re-projected ng-content elements with fallback content (#54854)
(fix - 0cbd73c6e9) | add warning when using zoneless but zone.js is still loaded (#55769)
(fix - d5edfde6ee) | afterRender hooks registered outside change detection can mark views dirty (#55623)
(fix - de7447d15e) | Angular should not ignore changes that happen outside the zone (#55102)
(fix - ba8e465974) | Change Detection will continue to refresh views while marked for check (#54734)
(fix - 5a10f405d3) | complete the removal of deprecationasyncfunction (#55491)
(fix - 24bc0ed4f2) | ComponentFixture autodetect should detect changes within ApplicationRef.tick (#54733)
(fix - 1c0ec56c46) | correctly project single-root content inside control flow (#54921)
(fix - 840c375255) | do not save point-in-timesetTimeoutandrAFreferences (#55124)
(fix - 10c5cdb49c) | ensure change detection runs in a reasonable timeframe with zone coalescing (#54578)
(fix - ad045efd4b) | Ensure views marked for check are refreshed during change detection (#54735)
(fix - 69085ea26e) | error about provideExperimentalCheckNoChangesForDebug uses wrong name (#55824)
(fix - 0147e0b85a) | exhaustive checkNoChanges should only do a single pass (#55839)
(fix - e02bcf89cf) | Fix clearing of pending task in zoneless cleanup implementation (#55074)
(fix - 0cec9e4f9a) | Fix null dereference erroraddEvent(#55353)
(fix - 44c0ed83a6) | hide implementation details of ExperimentalPendingTasks (#55516)
(fix - 314112de99) | PreventmarkForCheckduring change detection from causing infinite loops (#54900)
(fix - a5fa279b6e) | prevent i18n hydration from cleaning projected nodes (#54823)
(fix - 6534c035c0) | Remove deprecated Testability methods (#53768)
(fix - a5c57c7484) | resolve error for multiple component instances that use fallback content (#55478)
(fix - f44a5e4604) | support content projection and VCRs in i18n (#54823)
(fix - 0510930a25) | TestBed should not override NgZone from initTestEnvironment (#55226)
(fix - e9a0c86766) | TestBed should not override NgZone from initTestEnvironment (#55226)
(fix - 700c0520bb) | Update ApplicationRef.tick loop to only throw in dev mode (#54848)
(fix - a99cb7ce5b) | zoneless scheduler should check if Zone is defined before accessing it (#55118)
(refactor - 1fd63e9cff) | deprecate@Component.interpolation(#55778)

(feat - 1c736dc3b2) | Unified Control State Change Events (#54579)
(fix - 61007dced0) | Add event for forms submitted & reset (#55667)
(fix - 2e27ca9ddf) | Allow canceled async validators to emit. (#55134)

(feat - 6f88d80758) | allow caching requests with different origins between server and client (#55274)
(feat - 8eacb6e4b9) | exclude caching for authenticated HTTP requests (#55034)
(fix - d9b339fdbc) | resolvewithRequestsMadeViaParentbehavior withwithFetch(#55652)
(refactor - ef665a40a5) | DeprecateHttpClientModule& related modules (#54020)

(fix - 6d1b82df32) | allow external projects to use provided compiler options (#55035)
(fix - a48afe0d94) | avoid generating TS syntactic diagnostics for templates (#55091)
(fix - bd236cc150) | implement getDefinitionAtPosition for Angular templates (#55269)
(fix - 4166dfc1b6) | prevent underlying TS Service from handling template files (#55003)
(fix - b7f2fd4739) | use type-only import in plugin factory (#55996)

(feat - f914f6a362) | Migration schematics forHttpClientModule(#54020)
(fix - 8459ee46cb) | handle more cases in HttpClientModule migration (#55640)
(fix - c4b2f18709) | migrate HttpClientTestingModule in test modules (#55803)
(fix - bb4a4016a9) | preserve existing properties in HttpClientModule migration (#55777)
(fix - f93e5180be) | resolve multiple structural issues with HttpClient migration (#55557)

(feat - 45ae7a6b60) | add withI18nSupport() in developer preview (#55130)
(fix - 23f914f101) | Use the right namespace for mathML. (#55622)|
(refactor - cba336d4f1) | remove deprecated transfer state APIs (#55474)

(refactor - eb20c1a8b1) | unusedRESOURCE_CACHE_PROVIDERAPI has been removed (#54875)

(fix - 5674c644ab) | addnonceattribute to event record script (#55495)
(fix - e71e869112) | remove event dispatch script from HTML when hydration is disabled (#55681)
(refactor - 07ac017731) | remove deprecatedplatformDynamicServerAPI (#54874)
(refactor - e8b588d8b7) | remove deprecatedServerTransferStateModuleAPI (#54874)
(refactor - 3b1967ca64) | remove deprecateduseAbsoluteUrlandbaseUrlfromPlatformConfig(#54874)
(refactor - 2357d3566c) | remove legacy URL handling logic (#54874)

(feat - 4a42961393) | withNavigationErrorHandlercan convert errors to redirects (#55370)
(feat - 8735af08b9) | Add ability to returnUrlTreewithNavigationBehaviorOptionsfrom guards (#45023)
(feat - 87f3f27f90) | Allow resolvers to returnRedirectCommand(#54556)
(feat - 2b802587f2) | Allow Route.redirectTo to be a function which returns a string or UrlTree (#52606)
(fix - 60f1d681e0) | preserve replaceUrl when returning a urlTree from CanActivate (#54042)
(fix - 3839cfbb18) | Routed components never inheritRouterOutletEnvironmentInjector(#54265)
(fix - da906fdafc) | Routed components never inheritRouterOutletEnvironmentInjector(#54265)

(fix - 3bc63eaaf3) | avoid running CDs oncontrollerchange(#54222)
(fix - e598634c10) | removecontrollerchangelistener when app is destroyed (#55365)

Ansible v2.17.0
Major Changes:
- - Removed support for Python 2

Minor Changes:
- Add ``dump`` and ``passno`` mount information to facts component (
- Added MIRACLE LINUX 9.2 in RedHat OS Family.
- Interpreter Discovery - Remove hardcoded references to specific python interpreters to use for certain distro versions, and modify logic for python3 to become the default.
- Use Python's built-in ``functools.update_wrapper`` instead an inline copy from Python 3.7.
- User can now set ansible.log to record higher verbosity than what is specified for display via new configuration item LOG_VERBOSITY.
- ``DEFAULT_PRIVATE_ROLE_VARS`` is now overridden by explicit setting of ``public`` for ``include_roles`` and ``import_roles``.
- ``ansible-galaxy role|collection init`` - accept ``--extra-vars`` to supplement/override the variables ``ansible-galaxy`` injects for templating ``.j2`` files in the skeleton.
- ``import_role`` action now also gets a ``public`` option that controls variable exports,  default depending on ``DEFAULT_PRIVATE_ROLE_VARS`` (if using defaults equates to ``public=True``).
- added configuration item ``TARGET_LOG_INFO`` that allows the user/author to add an information string to the log output on targets.
- ansible-doc - treat double newlines in documentation strings as paragraph breaks. This is useful to create multi-paragraph notes in module/plugin documentation (
- ansible-doc output has been revamped to make it more visually pleasing when going to a terminal, also more concise, use -v to show extra information.
- ansible-galaxy - Started normalizing build directory with a trailing separator when building collections, internally. (
- ansible-galaxy dependency resolution messages have changed the unexplained 'virtual' collection for the specific type ('scm', 'dir', etc) that is more user friendly
- ansible-test - Add Alpine 3.19 container.
- ansible-test - Add Alpine 3.19 to remotes.
- ansible-test - Add Fedora 39 container.
- ansible-test - Add Fedora 39 remote.
- ansible-test - Add a work-around for permission denied errors when using ``pytest >= 8`` on multi-user systems with an installed version of ``ansible-test``.
- ansible-test - Add support for RHEL 9.3 remotes.
- ansible-test - Added a macOS 14.3 remote VM.
- ansible-test - Bump the ``nios-test-container`` from version 2.0.0 to version 3.0.0.
- ansible-test - Containers and remotes managed by ansible-test will have their Python ``EXTERNALLY-MANAGED`` marker (PEP668) removed. This provides backwards compatibility for existing tests running in newer environments which mark their Python as externally managed. A future version of ansible-test may change this behavior, requiring tests to be adapted to such environments.
- ansible-test - Make Python 3.12 the default version used in the ``base`` and ``default`` containers.
- ansible-test - Remove Alpine 3(.18) container.
- ansible-test - Remove Alpine 3.18 from remotes.
- ansible-test - Remove Fedora 38 remote support.
- ansible-test - Remove Fedora 38 test container.
- ansible-test - Remove rhel/9.2 test remote
- ansible-test - Remove the FreeBSD 13.2 remote.
- ansible-test - Removed fallback to ``virtualenv`` when ``-m venv`` is non-functional.
- ansible-test - Removed test remotes: macos/13.2
- ansible-test - Removed the ``no-basestring`` sanity test. The test is no longer necessary now that Python 3 is required.
- ansible-test - Removed the ``no-dict-iteritems``, ``no-dict-iterkeys`` and ``no-dict-itervalues`` sanity tests. The tests are no longer necessary since Python 3 is required.
- ansible-test - Removed the ``no-main-display`` sanity test. The unwanted pattern is unlikely to occur, since the test has existed since Ansible 2.8.
- ansible-test - Removed the ``no-unicode-literals`` sanity test. The test is unnecessary now that Python 3 is required and the ``unicode_literals`` feature has no effect.
- ansible-test - Special handling for installation of ``cryptography`` has been removed, as it is no longer necessary.
- ansible-test - The ``shellcheck`` sanity test no longer disables the ``SC2164`` check. In most cases, seeing this error means the script is missing ``set -e``.
- ansible-test - The ``unidiomatic-typecheck`` rule has been enabled in the ``pylint`` sanity test.
- ansible-test - The ``unidiomatic-typecheck`` rule has been removed from the ``validate-modules`` sanity test.
- ansible-test - Update the base and default containers to use Ubuntu 22.04 for the base image. This also updates PowerShell to version 7.4.0 with .NET 8.0.0 and ShellCheck to version 0.8.0.
- ansible-test - Updated the CloudStack test container to version 1.7.0.
- ansible-test - Updated the distro test containers to version 6.3.0 to include coverage 7.3.2 for Python 3.8+. The alpine3 container is now based on 3.18 instead of 3.17 and includes Python 3.11 instead of Python 3.10.
- ansible-test - Updated the distro test containers to version 7.1.0.
- ansible-test - When ansible-test installs requirements, it now instructs pip to allow installs on externally managed environments as defined by PEP 668. This only occurs in ephemeral environments managed by ansible-test, such as containers, or when the `--requirements` option is used.
- ansible-test - When invoking ``sleep`` in containers during container setup, the ``env`` command is used to avoid invoking the shell builtin, if present.
- ansible-test - document block name now included in error message for YAML parsing errors (
- ansible-test - sanity test allows ``EXAMPLES`` to be multi-document YAML (
- ansible-test now has FreeBSD 13.3 and 14.0 support
- ansible.builtin.user - Remove user not found warning (
- - use endpoint instead of
- async tasks can now also support check mode at the same time.
- async_status now supports check mode.
- constructed inventory plugin - Adding a note that only group_vars of explicit groups are loaded (
- csvfile - add a keycol parameter to specify in which column to search.
- dnf - add the ``best`` option
- dnf5 - add the ``best`` option
- filter plugin - Add the count and mandatory_count parameters in the regex_replace filter
- find - add a encoding parameter to specify which encoding of the files to be searched.
- git module - gpg_allowlist name was added in 2.17 and we will eventually deprecate the gpg_whitelist alias.
- import_role - allow subdirectories with ``_from`` options for parity with ``include_role`` (
- module argument spec - Allow module authors to include arbitrary additional context in the argument spec, by making use of a new top level key called ``context``. This key should be a dict type. This allows for users to customize what they place in the argument spec, without having to ignore sanity tests that validate the schema.
- modules - Add the ability for an action plugin to call ``self._execute_module(*, ignore_unknown_opts=True)`` to execute a module with options that may not be supported for the version being called. This tells the module basic wrapper to ignore validating the options provided match the arg spec.
- package action now has a configuration that overrides the detected package manager, it is still overridden itself by the use option.
- py3compat - Remove ``ansible.utils.py3compat`` as it is no longer necessary
- removed the unused argument ``create_new_password`` from ``CLI.build_vault_ids`` (
- urls - Add support for TLS 1.3 post handshake certificate authentication -
- urls - reduce complexity of ````
- user - accept yescrypt hash as user password
- validate-modules tests now correctly handles ``choices`` in dictionary format.

Breaking Changes / Porting Guide:
- assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.

Deprecated Features:
- Old style vars plugins which use the entrypoints `get_host_vars` or `get_group_vars` are deprecated. The plugin should be updated to inherit from `BaseVarsPlugin` and define a `get_vars` method as the entrypoint.
- The 'required' parameter in 'ansible.module_utils.common.process.get_bin_path' API is deprecated (
- ``module_utils`` - importing the following convenience helpers from ``ansible.module_utils.basic`` has been deprecated: ``get_exception``, ``literal_eval``, ``_literal_eval``, ``datetime``, ``signal``, ``types``, ``chain``, ``repeat``, ``PY2``, ``PY3``, ``b``, ``binary_type``, ``integer_types``, ``iteritems``, ``string_types``, ``test_type``, ``map`` and ``shlex_quote``.
- ansible-doc - role entrypoint attributes are deprecated and eventually will no longer be shown in ansible-doc from ansible-core 2.20 on (,
- paramiko connection plugin, configuration items in the global scope are being deprecated and will be removed in favor or the existing same options in the plugin itself. Users should not need to change anything (how to configure them are the same) but plugin authors using the global constants should move to using the plugin's get_option().

Removed Features (previously deprecated):
- Remove deprecated APIs from ansible-docs (
- Remove deprecated JINJA2_NATIVE_WARNING environment variable (
- Remove deprecated ``scp_if_ssh`` from ssh connection plugin (
- Remove deprecated crypt support from ansible.utils.encrypt (
- Removed Python 2.7 and Python 3.6 as a supported remote version. Python 3.7+ is now required for target execution.
- With the removal of Python 2 support, the yum module and yum action plugin are removed and redirected to ``dnf``.

Security Fixes:
- ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690)
- ansible-galaxy - Prevent roles from using symlinks to overwrite files outside of the installation directory (CVE-2023-5115)
- templating - Address issues where internal templating can cause unsafe variables to lose their unsafe designation (CVE-2023-5764)

Bug Fixes:
- Add a version ceiling constraint for pypsrp to avoid potential breaking changes in the 1.0.0 release.
- All core lookups now use set_option(s) even when doing their own custom parsing. This ensures that the options are always the proper type.
- Allow for searching handler subdir for included task via include_role (
- AnsibleModule.atomic_move - fix preserving extended ACLs of the destination when it exists (
- Cache host_group_vars after instantiating it once and limit the amount of repetitive work it needs to do every time it runs.
- Call PluginLoader.all() once for vars plugins, and load vars plugins that run automatically or are enabled specifically by name subsequently.
- Consolidate systemd detection logic into one place (
- Consolidated the list of internal static vars, centralized them as constant and completed from some missing entries.
- Do not print undefined error message twice (
- Enable file cache for vaulted files during vars lookup to fix a strong performance penalty in huge and complex playbboks.
- Fix NEVRA parsing of package names that include digit(s) in them (,
- Fix ``force_handlers`` not working with ``any_errors_fatal`` (
- Fix ``run_once`` being incorrectly interpreted on handlers (
- Fix an issue when setting a plugin name from an unsafe source resulted in ``ValueError: unmarshallable object`` (
- Fix check for missing _sub_plugin attribute in older connection plugins (
- Fix condition for unquoting configuration strings from ini files (
- Fix for when ``any_errors_fatal`` was ignored if error occurred in a block with always (
- Fix handlers not being executed in lockstep using the linear strategy in some cases (
- Fix handling missing urls in ansible.module_utils.urls.fetch_file for Python 3.
- Fix issue where an ``include_tasks`` handler in a role was not able to locate a file in ``tasks/`` when ``tasks_from`` was used as a role entry point and ``main.yml`` was not present (
- Fix issues when tasks withing nested blocks wouldn't run when ``force_handlers`` is set (
- Fix loading vars_plugins in roles (
- Fix notifying role handlers by listen keyword topics with the "role_name : " prefix (
- Fix setting proper locale for git executable when running on non english systems, ensuring git output can always be parsed.
- Fix tasks in always section not being executed for nested blocks with ``any_errors_fatal`` (
- Fixes permission for cache json file from 600 to 644 (
- Give the tombstone error for ``include`` pre-fork like other tombstoned action/module plugins.
- Harden python templates for respawn and ansiballz around str literal quoting
- Include the task location when a module or action plugin is deprecated (
- Interpreter discovery - Add ``Amzn`` to ``OS_FAMILY_MAP`` for correct family fallback for interpreter discovery (
- Mirror the behavior of dnf on the command line when handling NEVRAs with omitted epoch (
- Plugin loader does not dedupe nor cache filter/test plugins by file basename, but full path name.
- Properly template tags in parent blocks (
- Provide additional information about the alternative plugin in the deprecation message (
- Remove the galaxy_info field ``platforms`` from the role templates (
- Restoring the ability of filters/tests can have same file base name but different tests/filters defined inside.
- Reword the error message when the module fails to parse parameters in JSON format (
- Reword warning if the reserved keyword _ansible_ used as a module parameter (
- Run all handlers with the same ``listen`` topic, even when notified from another handler (
- Slight optimization to hostvars (instantiate template only once per host, vs per call to var).
- Stopped misleadingly advertising ``async`` mode support in the ``reboot`` module (
- ``ansible-galaxy role import`` - fix using the ``role_name`` in a standalone role's ``galaxy_info`` metadata by disabling automatic removal of the ``ansible-role-`` prefix. This matches the behavior of the Galaxy UI which also no longer implicitly removes the ``ansible-role-`` prefix. Use the ``--role-name`` option or add a ``role_name`` to the ``galaxy_info`` dictionary in the role's ``meta/main.yml`` to use an alternate role name.
- ``ansible-test sanity --test runtime-metadata`` - add ``action_plugin`` as a valid field for modules in the schema (
- ``ansible.module_utils.service`` - ensure binary data transmission in ``daemonize()``
- ``any_errors_fatal`` should fail all hosts and rescue all of them when a ``rescue`` section is specified (
- ``include_role`` - properly execute ``v2_playbook_on_include`` and ``v2_runner_on_failed`` callbacks as well as increase ``ok`` and ``failed`` stats in the play recap, when appropriate (
- allow_duplicates - fix evaluating if the current role allows duplicates instead of using the initial value from the duplicate's cached role.
- ansible-config init will now dedupe ini entries from plugins.
- ansible-config will now properly template defaults before dumping them.
- ansible-doc - fixed "inicates" typo in output
- ansible-doc - format top-level descriptions with multiple paragraphs as multiple paragraphs, instead of concatenating them (
- ansible-galaxy - Deprecate use of the Galaxy v2 API (
- ansible-galaxy - Provide a better error message when using a requirements file with an invalid format -
- ansible-galaxy - Resolve issue with the dataclass used for galaxy.yml manifest caused by using future annotations
- ansible-galaxy - ensure path to ansible collection when installing or downloading doesn't have a backslash (
- ansible-galaxy - started allowing the use of pre-releases for collections that do not have any stable versions published. (
- ansible-galaxy - started allowing the use of pre-releases for dependencies on any level of the dependency tree that specifically demand exact pre-release versions of collections and not version ranges. (
- ansible-galaxy error on dependency resolution will not error itself due to 'virtual' collections not having a name/namespace.
- ansible-galaxy info - fix reporting no role found when lookup_role_by_name returns None.
- ansible-galaxy role import - exit with 1 when the import fails (
- ansible-galaxy role install - fix installing roles from Galaxy that have version ``None`` (
- ansible-galaxy role install - fix symlinks (,
- ansible-galaxy role install - normalize tarfile paths and symlinks using ``ansible.utils.path.unfrackpath`` and consider them valid as long as the realpath is in the tarfile's role directory (
- ansible-inventory - index available_hosts for major performance boost when dumping large inventories
- ansible-pull now will expand relative paths for the ``-d|--directory`` option is now expanded before use.
- ansible-pull will now correctly handle become and connection password file options for ansible-playbook.
- ansible-test - Add a ``pylint`` plugin to work around a known issue on Python 3.12.
- ansible-test - Explicitly supply ``ControlPath=none`` when setting up port forwarding over SSH to address the scenario where the local ssh configuration uses ``ControlPath`` for all hosts, and would prevent ports to be forwarded after the initial connection to the host.
- ansible-test - Fix parsing of cgroup entries which contain a ``:`` in the path (
- ansible-test - Include missing ``pylint`` requirements for Python 3.10.
- ansible-test - Properly detect docker host when using ``ssh://`` protocol for connecting to the docker daemon.
- ansible-test - The ``libexpat`` package is automatically upgraded during remote bootstrapping to maintain compatibility with newer Python packages.
- ansible-test - The ``validate-modules`` sanity test no longer attempts to process files with unrecognized extensions as Python (resolves
- ansible-test - Update ``pylint`` to version 3.0.1.
- ansible-test ansible-doc sanity test - do not remove underscores from plugin names in collections before calling ``ansible-doc`` (
- ansible-test validate-modules sanity test - do not treat leading underscores for plugin names in collections as an attempted deprecation (
- ansible-test — Python 3.8–3.12 will use ``coverage`` v7.3.2.
- ansible.builtin.apt - calling clean = true does not properly clean certain cache files such as /var/cache/apt/pkgcache.bin and /var/cache/apt/pkgcache.bin (
- ansible.builtin.uri - the module was ignoring the ``force`` parameter and always requesting a cached copy (via the ``If-Modified-Since`` header) when downloading to an existing local file. Disable caching when ``force`` is ``true``, as documented (
- ansible_managed restored it's 'templatability' by ensuring the possible injection routes are cut off earlier in the process.
- apt - honor install_recommends and dpkg_options while installing python3-apt library (
- apt - install recommended packages when installing package via deb file (
- apt_repository - do not modify repo files if the file is a symlink (
- apt_repository - update PPA URL to point to https URL (
- assemble - fixed missing parameter 'content' in _get_diff_data API (
- async - Fix bug that stopped running async task in ``--check`` when ``check_mode: False`` was set as a task attribute -
- blockinfile - when ``create=true`` is used with a filename without path, the module crashed (
- check if there are attributes to set before attempting to set them (
- copy action now also generates temprary files as hidden ('.' prefixed) to avoid accidental pickup by running services that glob by extension.
- copy action now ensures that tempfiles use the same suffix as destination, to allow for ``validate`` to work with utilities that check extensions.
- deb822_repository - handle idempotency if the order of parameters is changed (
- debconf - allow user to specify a list for value when vtype is multiselect (
- delegate_to when set to an empty or undefined variable will now give a proper error.
- - Recognize ALP-Dolomite as part of the SUSE OS family in Ansible, fixing its previous misidentification (
- distro - bump bundled distro version from 1.6.0 to 1.8.0 (
- dnf - fix an issue when cached RPMs were left in the cache directory even when the keepcache setting was unset (
- dnf - fix an issue when installing a package by specifying a file it provides could result in installing a different package providing the same file than the package already installed resulting in resolution failure (
- dnf - properly set gpg check options on enabled repositories according to the ``disable_gpg_check`` option (
- dnf - properly skip unavailable packages when ``skip_broken`` is enabled (
- dnf - the ``nobest`` option only overrides the distribution default when explicitly used, and is used for all supported operations (
- dnf5 - replace removed API calls
- dnf5 - respect ``allow_downgrade`` when installing packages directly from rpm files
- dnf5 - the ``nobest`` option only overrides the distribution default when used
- dwim functions for lookups should be better at detectging role context even in abscense of tasks/main.
- ensure we have logger before we log when we have increased verbosity.
- expect - fix argument spec error using timeout=null (
- fact gathering on linux now handles thread count by using rounding vs dropping decimals, it should give slightly more accurate numbers.
- facts - add a generic detection for VMware in product name.
- facts - detect VMware ESXi 8.0 virtualization by product name VMware20,1
- fetch - Do not calculate the file size for Windows fetch targets to improve performance.
- fetch - add error message when using ``dest`` with a trailing slash that becomes a local directory -
- find - do not fail on Permission errors (
- first_found lookup now always returns a full (absolute) and normalized path
- first_found lookup now always takes into account k=v options
- flush_handlers - properly handle a handler failure in a nested block when ``force_handlers`` is set (
- galaxy - skip verification for unwanted Python compiled bytecode files (
- handle exception raised while validating with elements='int' and value is not within choices (
- include_tasks - include `ansible_loop_var` and `ansible_index_var` in a loop (
- include_vars - fix calculating ``depth`` relative to the root and ensure all files are included (
- interpreter_discovery - handle AnsibleError exception raised while interpreter discovery (
- iptables - add option choices 'src,src' and 'dst,dst' in match_set_flags (
- iptables - set jump to DSCP when set_dscp_mark or set_dscp_mark_class is set (
- known_hosts - Fix issue with `@cert-authority` entries in known_hosts incorrectly being removed.
- module no_log will no longer affect top level booleans, for example ``no_log_module_parameter='a'`` will no longer hide ``changed=False`` as a 'no log value' (matches 'a').
- moved assemble, raw, copy, fetch, reboot, script and wait_for_connection to query task instead of play_context ensuring they get the lastest and most correct data.
- reboot action now handles connections with 'timeout' vs only 'connection_timeout' settings.
- role params now have higher precedence than host facts again, matching documentation, this had unintentionally changed in 2.15.
- roles, code cleanup and performance optimization of dependencies, now cached,  and ``public`` setting is now determined once, at role instantiation.
- roles, the ``static`` property is now correctly set, this will fix issues with ``public`` and ``DEFAULT_PRIVATE_ROLE_VARS`` controls on exporting vars.
- set_option method for plugins to update config now properly passes through type casting and validation.
- ssh - add tests for the SSH connection plugin.
- support url-encoded credentials in URLs like (
- syslog - Handle ValueError exception raised when sending Null Characters to syslog with Python 3.12.
- systemd_services - update documentation regarding required_one_of and required_by parameters (
- template - Fix error when templating an unsafe string which corresponds to an invalid type in Python (
- template action will also inherit the behavior from copy (as it uses it internally).
- templating - ensure syntax errors originating from a template being compiled into Python code object result in a failure (
- unarchive - add support for 8 character permission strings for zip archives (
- unarchive - force unarchive if symlink target changes (
- unarchive modules now uses zipinfo options without relying on implementation defaults, making it more compatible with all OS/distributions.
- unsafe data - Address an incompatibility when iterating or getting a single index from ``AnsibleUnsafeBytes``
- unsafe data - Address an incompatibility with ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes`` when pickling with ``protocol=0``
- unsafe data - Enable directly using ``AnsibleUnsafeText`` with Python ``pathlib`` (
- uri - update the documentation for follow_redirects.
- uri action plugin now skipped during check mode (not supported) instead of even trying to execute the module, which already skipped, this does not really change the result, but returns much faster.
- vars - handle exception while combining VarsWithSources and dict (
- wait_for should not handle 'non mmapable files' again.
- winrm - Better handle send input failures when communicating with hosts under load
- winrm - Do not raise another exception during cleanup when a task is timed out -
- winrm - does not hang when attempting to get process output when stdin write failed

Ansible 2.16.7
Minor Changes:
- ansible.builtin.user - Remove user not found warning (

Bug Fixes:
- Add a version ceiling constraint for pypsrp to avoid potential breaking changes in the 1.0.0 release.
- Fix NEVRA parsing of package names that include digit(s) in them (,
- Fix handlers not being executed in lockstep using the linear strategy in some cases (
- Give the tombstone error for ``include`` pre-fork like other tombstoned action/module plugins.
- Include the task location when a module or action plugin is deprecated (
- Mirror the behavior of dnf on the command line when handling NEVRAs with omitted epoch (
- ansible-test - Automatically enable the PyPI proxy for the ``centos7`` container to restore the ability to use ``pip`` in that container.
- ansible_managed restored it's 'templatability' by ensuring the possible injection routes are cut off earlier in the process.
- assemble - fixed missing parameter 'content' in _get_diff_data API (
- dnf - fix an issue when installing a package by specifying a file it provides could result in installing a different package providing the same file than the package already installed resulting in resolution failure (
- uri - update the documentation for follow_redirects.

Ansible 2.15.12
Bug Fixes:
- Add a version ceiling constraint for pypsrp to avoid potential breaking changes in the 1.0.0 release.
- ansible-test - Automatically enable the PyPI proxy for the ``centos7`` container to restore the ability to use ``pip`` in that container.
- facts - add a generic detection for VMware in product name.
- uri - update the documentation for follow_redirects.
-->TAG: v2.14.17 ' : TAG TIMESTAMP' 2024-05-20 18:25:36<---

Release Summary:
| Release Date: 2024-05-20
| `Porting Guide`__

Bug Fixes:
- ansible-test - Automatically enable the PyPI proxy for the ``centos7`` container to restore the ability to use ``pip`` in that container.

AWX 24.4.0
What's Changed:
* Expose websockets on api prefix v2 by @jamesmarshall24 in
* Clean up settings file by @jessicamack in
* Skip 3 expensive calls for jobs saving in 'waiting' status on UnifiedJob by @kdelee in
* Support Django logout redirects by @manstis in
* Fix podman failure in development environment by @TheRealHaoLiu in
* Bump jinja2 from 3.1.3 to 3.1.4 in /docs/docsite by @dependabot in
* add skip authorization option to collection application module by @sean-m-sullivan in
* Fix terraform backend credential issue by @abikouo in
* Fix success_url_allowed_hosts set instantiation by @manstis in
* Added docs for new RBAC changes by @tvo318 in
* Allow wsrelay to fail without FATAL by @TheRealHaoLiu in
* Update a few dev requirements by @AlanCoding in
* Fix up ansible-test sanity checks due to ansible 2.17 release by @fosterseth in

Docker-Compose v2.27.1
What's Changed

  • Add new navigation menu to open Compose app configuration in Docker Desktop (11834)


  • Allow a local .env file to override compose.yaml sibling .env (11824)
  • Fix --resolve-image-digests (11825)
  • Fix opentelemetry (11845)


  • Add documentation for --menu up option and COMPOSE_MENU environment var (11800)
  • Backport OpenBSD patches (11832)
  • Per endpoint driver opts (11815)
  • Add gui/composeview as part of available commands (11851)
  • Drop COMPOSE_EXPERIMENTAL_OTEL as docker/cli has opentelemetry in [(11850)](#11850


  • Bump compose-go to v2.1.1 (11815)
  • Bump docker to v26.1.1 (11794)
  • Bump docker to v26.1.2 (11811)
  • Bump Docker engine and cli to v26.1.3 (11826)
  • Build(deps): bump from 0.19.0 to 0.20.0 (11798)
  • Build(deps): bump from 0.1.1 to 0.2.0 (11814)
  • Build(deps): bump from 0.14.0 to 0.14.1 (11847)
  • Build(deps): bump from 1.7.16 to 1.7.17 (11833)

Gitlab 16.10.6
Fixed (1 change):
- [Ensure BLPOP/BRPOP returns nil instead of raising ReadTimeoutError](gitlab-org/security/gitlab@78c11d44cf01757221da8bb01f6fbdefb352f619)

Security (6 changes):
- [Prevent PDF.js from evaluating scripts](gitlab-org/security/gitlab@db5b63e4a26889f09f72b582b7777909efd4cd4d) ([merge request](gitlab-org/security/gitlab!4071))
- [Caching test_report api response to reduce calculations](gitlab-org/security/gitlab@8b67dde95712b74c3ff0ae9d8bc73d7cd0a350cf) ([merge request](gitlab-org/security/gitlab!4030))
- [Fail create commit status on pipeline_id / sha mismatch](gitlab-org/security/gitlab@36c5070a2ad812f52747241321aaae81345aaee0) ([merge request](gitlab-org/security/gitlab!4033))
- [Use UntrustedRegexp for gollum pattern](gitlab-org/security/gitlab@3fee24aca41a5db9135e8f3003335d1754beb636) ([merge request](gitlab-org/security/gitlab!4041))
- [Patch @gitlab/web-ide to fix XSS webWorkerExtensionHostIframe.html](gitlab-org/security/gitlab@29cc8769daee74938155dd7e3b5a2f3a3bda5b71) ([merge request](gitlab-org/security/gitlab!4057))
- [Add text limit to ci_runners text fields](gitlab-org/security/gitlab@5af28a81f6c11d9627f1a359a7c3a7d85e7fb4d9) ([merge request](gitlab-org/security/gitlab!4037))

Gitlab v16.11.3
Fixed (2 changes):
- [Ensure BLPOP/BRPOP returns nil instead of raising ReadTimeoutError](gitlab-org/security/gitlab@53de79ac43f81963a15be27b94bc67f7bbf036b6)
- [Fix Sidekiq migration timeout](gitlab-org/security/gitlab@32cf49a634b4cb15f065c3e112a693ea30dadda5)

Security (7 changes):
- [Prevent PDF.js from evaluating scripts](gitlab-org/security/gitlab@b5f9843d9b54ca45817c16cbb706697bf9d44d81) ([merge request](gitlab-org/security/gitlab!4070))
- [Caching test_report api response to reduce calculations](gitlab-org/security/gitlab@63299beda6e61653070c279ad6838a99a29dc33f) ([merge request](gitlab-org/security/gitlab!4027))
- [Restrict access to Secure artifacts to developer role](gitlab-org/security/gitlab@63855780157d740d1c8e731b90eecae4d5f1c8c2) ([merge request](gitlab-org/security/gitlab!4045))
- [Fail create commit status on pipeline_id / sha mismatch](gitlab-org/security/gitlab@a1a4f80bee205fedfd3da27978bed810afe78555) ([merge request](gitlab-org/security/gitlab!4032))
- [Use UntrustedRegexp for gollum pattern](gitlab-org/security/gitlab@fafda23db9f0c34408b155ddc089872b55e1fd8b) ([merge request](gitlab-org/security/gitlab!4040))
- [Patch @gitlab/web-ide to fix XSS webWorkerExtensionHostIframe.html](gitlab-org/security/gitlab@7b2acad244d55455a0bba1fd8cbad28b22704756) ([merge request](gitlab-org/security/gitlab!4056))
- [Add text limit to ci_runners text fields](gitlab-org/security/gitlab@d78c5995f6651e54ed97340a1446822d185f02f5) ([merge request](gitlab-org/security/gitlab!4036))

Gitlab v17.0.1
Fixed (2 changes):
- [Don't fail so loudly if default work item type is invalid](gitlab-org/security/gitlab@c0817a7654e3fb68e1cc89e19599fd16ff63f121)
- [Ensure BLPOP/BRPOP returns nil instead of raising ReadTimeoutError](gitlab-org/security/gitlab@9a0c5c69aa9d54aaae8ceb1698c7fbae0aa74694)

Security (7 changes):
- [Prevent PDF.js from evaluating scripts](gitlab-org/security/gitlab@2820f31998ca2dcf61eb4b6893b615cebb503b07) ([merge request](gitlab-org/security/gitlab!4069))
- [Caching test_report api response to reduce calculations](gitlab-org/security/gitlab@b64b0178e955d5091dfaf47b632af266165a5a2e) ([merge request](gitlab-org/security/gitlab!4051))
- [Restrict access to Secure artifacts to developer role](gitlab-org/security/gitlab@5dd7b7377e0d33dd635fedca66e4aefd5bdf7c7e) ([merge request](gitlab-org/security/gitlab!4053))
- [Fail create commit status on pipeline_id / sha mismatch](gitlab-org/security/gitlab@460dd3c803da58973d2a4597581c42f4f82e76cc) ([merge request](gitlab-org/security/gitlab!4049))
- [Use UntrustedRegexp for gollum pattern](gitlab-org/security/gitlab@b5499fca0fa5ac226f97665168562a9f93465525) ([merge request](gitlab-org/security/gitlab!4039))
- [Patch @gitlab/web-ide to fix XSS webWorkerExtensionHostIframe.html](gitlab-org/security/gitlab@c848b946ee4867332692d15e6c27e8efaf37ae53) ([merge request](gitlab-org/security/gitlab!4055))
- [Add text limit to ci_runners text fields](gitlab-org/security/gitlab@20cf74de115473a32bb3c1e3d52e3c7b8f31b3f9) ([merge request](gitlab-org/security/gitlab!4050))

Jenkinsci/Jenkins  2.459
1. Upgrade Commons FileUpload from 1.5 to 2.0.0-M2. Users of the miniorange-saml-sp plugin should upgrade to a compatible version in lockstep with upgrading Jenkins core. (Apache Commons 2.0.0-M2 release notes))
2. Provide header parts as a tag library. (pull 9223))
3. Avoid jumping layout due to tooltips. (issue 73158))
4. Allow PKCS 12 certificates to be added to the credentials store again (issue 73166))
5. Restore No changes label when there are no changes in a build (issue 73168))
6. Handle svg cleanup via an xml document to avoid broken symbols. (issue 73156))
7. Rename CloudSet query parameter type to cloudDescriptorName to avoid conflicts in Cloud implementations. (issue 72622))
8. Treat lines of text (issue 73090))
9. Add new CSS classes to avoid conflicts with CSS classes from bootstrap. (issue 73114))
10. Developer: Add debugging information to remote classloaders. (pull 9277)

View all OpenUpdate editions >