Skip to content

v0.63.0

Choose a tag to compare

@dcadolph dcadolph released this 11 Jul 04:37
e3333ac

A security and robustness hardening pass from a full audit.

  • Secret sources are protected against server-side request forgery: a Vault address cannot be pointed at a cloud metadata endpoint to steal instance credentials, and the resolvers no longer follow redirects that could exfiltrate a token.
  • SMTP notifications upgrade to TLS before authenticating, so credentials and mail are never sent in the clear.
  • The last administrator account cannot be demoted or deleted, so an install cannot lock itself out.
  • Secrets carried in a sourced inventory, such as an ansible_password, are now masked in the run log and events.
  • A canceled or timed-out run kills the whole process group, so the helper processes a tool spawns no longer keep running.
  • Two endpoints stopped returning internal error detail, and secret resolution now cancels with the run.