First published: Wed Apr 22 2020(Updated: )
<li> Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity</li> <li> Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)</li> <li> Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)</li> <li> Fixed event hostnames to be recorded for playbooks run on isolated nodes</li> <li> Fixed a PostgreSQL issue that caused upgrade failures in certain situations</li> <li> Fixed the search for Source Control credentials in the Tower user interface</li> <li> Fixed a performance issue to no longer delay the output of project updates for certain users</li> <li> Fixed the installations to no longer fail with admin passwords that contain certain special characters</li> <li> Fixed the start time to correctly set for approval notifications</li> <li> Fixed an inconsistency in gathered inventory analytics</li> <li> Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)</li> <li> Updated single sign-on integration to address several upcoming GitHub API deprecations</li> <li> Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109</li> <li> Updated translations</li>
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Ansible |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHBA-2020:1540 is classified as moderate.
To fix RHBA-2020:1540, users should apply the latest updates provided by the vendor.
RHBA-2020:1540 affects the Ansible Tower software.
RHBA-2020:1540 addresses instance capacity reporting metrics and RBAC access issues in Ansible Tower.
No specific workaround is provided for RHBA-2020:1540; updating is recommended.