The following list summarizes the additions, changes, and modifications which were made to Ansible Tower 3.5.6.
Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Tower’s websocket interface (CVE-2020-10698)
Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
For older version of the release notes, as well as other reference materials, refer to the Ansible Tower Release Notes.