Fixed organization admins to no longer be able to modify users by adding them to their organization (CVE-2018-1101)
Fixed Tower to disable usage of Jinja templates in launch-time variables for security reasons (CVE-2018-1104). This release introduces the ALLOW_JINJA_IN_EXTRA_VARS configuration parameter for Tower. This parameter has three values: template to allow usage of Jinja saved directly on a job template definition (the default), never to disable all Jinja usage (recommended), and always to always allow Jinja (strongly discouraged, but an option for prior compatibility). Note that the always option is deprecated, and will be removed in a future Tower release.
Updated memcached to now listen on a local Unix socket instead of a TCP socket
Fixed an issue where certain API endpoints were unreasonably slow when jobs contained large amounts of output
Enhanced Tower to properly show stdout for ad-hoc commands run on other cluster nodes
Fixed an issue where a user, who could modify playbooks, could potentially compromise Tower via an injection of git hooks in SCM repositories (CVE-2017-12148)
Fixed an issue where a specially crafted ad-hoc command could compromise Tower (CVE-2017-12148)
Upgraded the available and bundled versions of RabbitMQ to 3.6.9, which addresses various RabbitMQ CVEs (CVE-2017-4965, CVE-2017-4966, CVE-2017-4967)
Added subpackaging for sever, UI, and setup packages
Added support for Red Hat Insights project type
Added support for explicitly specifying the host descriptor used for RabbitMQ config via rabbitmq_host
Adjusted search on the Job Details screen to match the behavior across Tower
Adjusted Tower logging to log asynchronously
Fixed various and minor UI bugs
Fixed a callback bug which was causing a task_args leak between job events
Fixed an issue where jobs were not able to be sorted by descending ID
Fixed an issue where, when working with Splunk, the log aggregator type shows as Logstash instead of Splunk
Fixed an issue where, when a user has two groups in an inventory (one using a VMware script and one using a custom script), clicking sync on the custom script group caused the sync icon to link to the wrong inventory sync
Fixed a problem where users were not able to put multi-line text in a Text Area-type field in a survey
Fixed a problem where users who had admin access on Workflows, but were not Org level admins, could not add or remove job templates from Workflows
Fixed a problem with job templates that include a multiple choice survey response, where, even when multiple selections are required, the job template ran with an empty array
Fixed a problem where surveys were passing a variable as empty instead of null when they included text or a text area field that had a minimum length >0 and was not filled in
Fixed a problem where Tower jobs hang and do not run when the Splunk server is unresponsive or unavailable
Fixed a problem where users with admin level permissions on projects could not modify project details
Fixed a problem in multiple choice survey inputs where, when selecting a string that had similar characters or words at the beginning or end of the string, a similar but smaller version of that string was rendered as the user’s selection (even though the correct value was still passed to extra-vars on launch)
Fixed an issue around Git project updates failing when the username was specified
Fixed a problem where job templates from mercurial project updates failed to run
Fixed a problem with provisioning callbacks where they failed with ‘400’ responses when extra_vars were passed to the API through curl in the callback
Fixed a problem where running the installer again anytime after successfully creating the rabbitmq user caused the installation program to fail
Fixed an issue where Windows package scan jobs fail when targeting a Windows 2012R2 host
Fixed an issue where users with admin access to Workflow Templates could not modify the workflow
Fixed an issue where a warning was incorrectly displayed for the output of a canceled job
Fixed an issue where Mercurial project revisions were not read correctly for Projects
Fixed an issue where Tower upgrades would fail when applying rabbitmq_user in a cluster
Fixed an issue where certain characters in a Project SCM URL would cause updates to fail
Improved custom inventory scripts support by ensuring that newlines added to the script are not trimmed
Relaxed the SELinux policy dependency to allow Tower to be installed on older Enterprise Linux 7 releases
Updated Ansible Tower so that the host config key is marked as required when provisioning callbacks are selected
Updated Ansible Tower so that PostgreSQL Server is no longer installed on Tower nodes not hosting the database
Updated Ansible Tower so that Tower shows extra_vars for ad-hoc commands in the UI
Added a preflight check for password and pre-3.1.0 active/passive (HA) inventory setups prior to installation
Fixed a problem where, while running a clustered Tower deployment configuration, there were some instances where realtime job event data did not flow through the channel layer
Fixed a problem with searching where an invalid search term was entered and the error dialog continued to persist
Fixed a problem with Slack notifications where they were not emitted if only ‘Failure’ was selected
Fixed a problem where logging out via Tower logout button caused subsequent login attempts to fail
Fixed an issue where, when logging was enabled, a missing logging UUID setting would cause a startup error, making the system unresponsive
Added support for configuring most aspects of Ansible Tower directly from the Tower user interface (and Tower API), rather than editing Tower configuration files
Added support for “Scale-Out” Clusters, which replaces the HA/Redundancy method from prior Tower releases
Added support for Workflows, a chain of job templates executed in order
Added support for sending event and log messages to various logging services (Elastic, Splunk, Sumologic, Loggly, generic REST endpoint)
Added support for a new Tower Search feature which supports GitHub-style “key:value” searching
Added support for Ubuntu 16.04
Added support for a New Project Sync Architecture, where projects are now checked out at job runtime
Added support for setting timeouts on job runs
Added support for internationalization and localization (French and Japanese)
Added support for multi-playbook Workflows
Added /api/v1/settings for Tower managed settings. This corresponds to the in-Tower configuration UI
Added support for windows scan jobs
Added support so that the SCM Revision used is now stored on Job
Added support for API endpoints to now show __search filter fields for broader searching of objects
Added support so that system jobs are now shown in /api/v1/unified_jobs
Added support for the new Ansible vmware_inventory script
Added support for Job stdout downloads, which may generate and cache on the fly
Added support for /api/v1/inventory_updates and /api/v1/project_updates to view those specific job types
Added support for user_capabilities API elements in various places to allow API consumers to know if their user can perform the referenced actions on the object
Added support for set_stats for Workflow jobs to persist data between Workflow job runs, support added in ansible core also
Added support for Tower callbacks so that they can now resolve ansible_host as well as ansible_ssh_host
Added support for Tower callbacks so that they now filter out ansible_ variables on POST
Added support for notifications so that they are emitted on jobs marked as failed by the dead job detector
Added eu-west-2 and ca-central-1 to the list of supported EC2 regions
Added support for format=ansi_download when downloading stdout
Deprecated support for Rackspace inventories
Fixed an issue where manual projects could be launched/updated
Fixed various unicode issues
Fixed various issues dealing with self signed certificates value.
Fixed Jobs so that they now show $encrypted for these variables, where they previously did not
Improved performance for viewing job and job template lists
Improved Tower virtualenv so that it is purged on upgrade
Improved setup playbook so that it is more tolerant of various iptables/firewalld configurations
Improved the optimization of PostgreSQL installation to improve overall performance
Improved database migrations through consolidation to make upgrades/installs faster
Improved hardening for web server configuration (SSL, HSTS)
Removed ZeroMQ and Redis as a communications channel between dependent services in favor of RabbitMQ
Removed /api/v1/jobs/n/job_plays and /api/v1/jobs/n/job_tasks
Removed proot in favor of bubblewrap for process isolation
Removed the ability to make POST requests on the /api/v1/jobs/ endpoint
Removed has_schedules from various endpoints, as it was never populated
Removed support for Red Hat Enterprise Linux 6/CentOS 6 and Ubuntu 12.04
Updated surveys so that a blank value for a survey question default value now passes an empty string as a value
Updated surveys so that previously existing surveys with blank default question values now pass empty strings as an extra variable
Updated Websockets, moving them from socket.io to django channels and are now served under port 443/80 along with the regular web service. Port 8080 is no longer needed.
Updated Job results so that they are now driven by job events and thus provides clickable context
Updated Tower so that it now uses the system time zone by default
Updated Tower requirements for Ansible–Tower now requires Ansible 2.1 or later
Updated Ansible inventory plugins to the latest versions
Updated Web server to NGINX from Apache
Updated survey passwords so that they are now encrypted when stored in the database