The following list summarizes the additions, changes, and modifications which were made to Ansible Tower 3.5.4.
Added a command to generate a new SECRET_KEY and rekey the database
Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
Fixed a file descriptor leak in the Tower service during project updates
Fixed an issue where AUTHORIZATION_CODE_EXPIRE_SECONDS and ACCESS_TOKEN_EXPIRE_SECONDS were not properly honored
Fixed an issue where some timezones in schedules could not be parsed
Fixed isolated execution of playbooks with blanks in the filename
Fixed saving of workflow extra_vars
Updated Ansible Tower to disallow Jinja in inventory hostnames
Updated analytics data collection to match Ansible Tower 3.6
Updated bundled oVirt SDK to version 4.3.0
For older version of the release notes, as well as other reference materials, refer to the Ansible Tower Release Notes.