The following list summarizes the additions, changes, and modifications which were made to Ansible Tower 3.6.7.
Upgraded to a more recent version of nginx to address CVE-2019-20372
Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023
Fixed a security issue that allowed a malicious playbook author to elevate to the awx user from outside the isolated environment (CVE-2021-20253)
For older version of the release notes, as well as other reference materials, refer to the Ansible Tower Release Notes.