Refer to the latest Product Documentation for Red Hat Ansible Automation Platform for the complete Automation Platform documentation.
For automation controller versions 4.4 and older, refer to the Automation Controller documentation archive.
Automation Controller Fixes
Replaced K8s API version for deployment kind to apps/v1
(AAP-21807)
Fixed controller restores to no longer overwrite the PostgreSQL secret of the original deployment (AAP-18740)
Fixed wsrelay to no longer cause controller task container to restart in an OCP deployment (AAP-21308)
Fixed schedule prompted variables and survey answers to no longer reset on edit when changing one of the basic form fields (AAP-20967)
Fixed Ansible Automation Platform to no longer terminate some jobs while running large deployments (AAP-19565)
Fixed dispatcher to appropriately terminate child processes when dispatcher terminates (AAP-21049)
Fixed upgrade from Ansible Tower 3.8.6 to AAP 2.4 to no longer fail upon database schema migration (AAP-19738)
Fixed the update execution environment image to no longer fail jobs that use the previous image (AAP-21733)
Removed string validation using comparisons of English literals for comparison, replacing validation with error/op codes as a universal approach to validation and comparison (AAP-21721)
Security Fixes
Addressed the Jinja2 issue of HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) (AAP-19433)
Addressed the aiohttp
issue with the follow_symlinks
directory traversal vulnerability (CVE-2024-23334) (AAP-20064)
Addressed the aiohttp
issue with HTTP request smuggling (CVE-2024-23829) (AAP-20073)
Addressed the Django issue with denial-of-service
in intcomma
template filter (CVE-2024-24680) (AAP-20057)
Addressed the GitPython
issue with the blind local file inclusion (CVE-2023-41040) (AAP-17710)
Addressed the Axios issue of exposing confidential data stored in cookies (CVE-2023-45857) (AAP-21240)
Addressed the twisted
issue of disordered HTTP pipeline response in twisted.web
(CVE-2023-46137) (AAP-17652)
Addressed aiohttp
issues with HTTP parser with header parsing (CVE-2023-47627) (AAP-18266)
Addressed the cryptography
issue with NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) (AAP-19154)
These releases were combined with version 4.5.5.
Fixed the host_name
table associated with running a job template to populate properly with the hostname of the host from the job output (AAP-20131)
Enabled Hashi Vault LDAP and Userpass authentication (AAP-19842)
Fixed jobs stuck in pending state after connection to database recover (AAP-19618)
Added secure flag option for userLoggedIn cookie if SESSION_COOKIE_SECURE
is set to True
(AAP-19602)
Fixed twilio_backend.py
to send SMS to multiple destinations (AAP-19284)
Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (AAP-19069)
Fixed a TypeError in the Logging Settings Edit form of the automation controller user interface to no longer render the form inputs inaccessible (AAP-18960)
Fixed Delinea (previously: Thycotic) DevOps Secrets Vault credential plugin to work with python-dsv-sdk>=1.0.4 (AAP-18701)
Updated urllib3 to prevent cookie request header to be exposed during cross-origin redirects (AAP-17518) (CVE-2023-43804)
Updated schedule Prompt on launch fields to persist while editing (AAP-13859)
Fixed a concurrency bug that lead to WebSockets to be disconnected and the UI not being refreshed on the cluster node (AAP-18748)
Updated the “credential_type” parameter as required for the credential module (AAP-18186)
Reduced database connections in automation controller (AAP-11222)
Added hop node support for Openshift-based deployments to give users more ways to route traffic from control nodes to remote execution nodes (AAP-6078)