v0.63.0
A security and robustness hardening pass from a full audit.
- Secret sources are protected against server-side request forgery: a Vault address cannot be pointed at a cloud metadata endpoint to steal instance credentials, and the resolvers no longer follow redirects that could exfiltrate a token.
- SMTP notifications upgrade to TLS before authenticating, so credentials and mail are never sent in the clear.
- The last administrator account cannot be demoted or deleted, so an install cannot lock itself out.
- Secrets carried in a sourced inventory, such as an ansible_password, are now masked in the run log and events.
- A canceled or timed-out run kills the whole process group, so the helper processes a tool spawns no longer keep running.
- Two endpoints stopped returning internal error detail, and secret resolution now cancels with the run.