Log Message:
ansible: updated to 2.9.5

v2.9.5
======

Minor Changes
- add one note to help ansible user to understand the requirements to
- ovirt_disk: remove default value because the parameter is required when disk \ 
is attached to vm
- ovirt_vm add comunentaion about how to import ova
- powershell (shell plugin) - Fix `join_path` to support UNC paths

Deprecated Features
- aws_az_info (aws_az_facts) - Fixed deprecation warning so that it triggers \ 
when run as aws_az_facts.  Bumped removal version to 2.14

Bugfixes
- AnsibleModule.run_command() - set ``close_fds`` to ``False`` on Python 2 if \ 
``pass_fds`` are passed to ``run_command()``. Since ``subprocess.Popen()`` on \ 
Python 2 does not have the ``pass_fds`` option, there is no way to exclude a \ 
specific list of file descriptors from being closed.

- Fix multiple issues with nxos_interfaces states
- Module arguments in suboptions which were marked as deprecated with \ 
``removed_in_version`` did not result in a warning.
- Redact GitLab Project variables which might include sensetive information such \ 
as password, api_keys and other project related details.
- Working implementation for editing Cisco IOS \ 
macros(https://github.com/ansible/ansible/pull/55220)
- ansible-test - Use ``virtualenv`` versions before 20 on provisioned macOS \ 
instances to remain compatible with an older pip install.
- ansible-test now limits Jinja2 installs to version 2.10 and earlier on Python 2.6
- ansible-test windows coverage - Ensure coverage reports are UTF-8 encoded \ 
without a BOM
- bump the minimum openstacksdk version when os_network uses the dns_domain argument
- display - remove extra new line after warnings
- dnf - Fix idempotence of `state: installed`
- docker_container - passing ``test: [NONE]`` now actually disables the image's \ 
healthcheck, as documented.
- docker_swarm_service - passing ``test: [NONE]`` now actually disables the \ 
image's healthcheck, as documented.
- file - change ``_diff_peek`` in argument spec to be the correct type, which is \ 
``bool``
- galaxy - Fix an AttributeError on ansible-galaxy install with an empty \ 
requirements.yml
- group - The group module was not correctly detecting whether a local group is \ 
existing or not with local set to yes if the same group exists in a non local \ 
group repository e.g. LDAP.

- include_vars - fix stack trace when passing ``dirs`` in an ad-hoc command
- ios_* - Fix bug where IPV6 was duplicated for replace state
- ios_banner - Modified the regular expression check to be non greedy when \ 
multiple banners are present.
- jenkins_job module: xml config encoding bugfix on python3
- mysql_user - fix support privileges with underscore
- mysql_variable - fix the module doesn't support variables name with dot
- nxos_facts: Don't throw an error if faninfo is not reported.
- nxos_telemetry - Fix fact gathering for sensor-groups
- openssl_publickey - fix a module crash caused when pyOpenSSL is not installed
- ovirt - add suport for search with space
- ovirt_job: add job when job is already existing and is in state finished
- ovirt_network: add check to control when creating network
- pacman - fix module crash with ``IndexError: list index out of range``
- pamd - Bugfix for attribute error when removing the first or last line
- pmrun plugin - The success command string was no longer quoted. This caused \ 
unusual use-cases like ``become_flags=su - root -c`` to fail.
- podman connection plugin - fix to handle the new default copy pause rootless \ 
containers from upstream
- pure - fix incorrect user_string setting in module_utils file
- redhat_subscription - do not set the default quantity to ``1`` when no \ 
quantity is provided
- synchronize - fix password authentication on Python 2
- systemd - don't require systemd to be running to enable/disable or mask/unmask \ 
units
- throttle: the linear strategy didn't always stuck with the throttle limit
- user - update module to support silencing ``no_log`` warnings in the future
- wait_for_connection - with pipelining enabled, interpreter discovery would \ 
fail if the first connection attempt was not successful

v2.9.4
======

Bugfixes
- yum - fix bug that caused ``enablerepo`` to not be honored when used with \ 
disablerepo all wildcard/glob

v2.9.3
======

Minor Changes
- Fixed typos in various modules regarding argument_spec data types.
- dnf - Properly handle module AppStreams that don't define stream
- docker_container.py - update a containers restart_policy without restarting \ 
the container
- docker_stack - Added ``stdout``, ``stderr``, and ``rc`` to return values.
- zabbix_* - underlying python module now required in version zabbix-api==0.5.4

Bugfixes
- **SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and \ 
performs actions related to that. However, there is no user input validation \ 
done while performing actions. A malicious user could provide a crafted zone \ 
name which allows executing commands into the server manipulating the module \ 
behaviour. Adding user input validation as per Solaris Zone documentation fixes \ 
this issue.
- ActionBase - Add new ``cleanup`` method that is explicitly run by the \ 
``TaskExecutor`` to ensure that the shell plugins ``tmpdir`` is always removed. \ 
This change means that individual action plugins need not be responsible for \ 
removing the temporary directory, which ensures that we don't have code paths \ 
that accidentally leave behind the temporary directory.
- CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is \ 
used for destination name and performs actions related to that on the device \ 
using the value of remote_file which is of string type However, there is no user \ 
input validation done while performing actions. A malicious code could crafts \ 
the filename parameter to take advantage by performing an OS command injection. \ 
This fix validates the option value if it is legitimate file path or not.
- Fix bandwidth calculation in nxos_ospf_vrf for Python 3
- Fix for network_cli become method to be compatible with collections
- Fix how the neighbour password was being defaulted
- Fix idempotence issue in nxos_lag_interfaces with Python 3
- Fix issue where nxos_l3_interfaces was not rendering 'dhcp' in facts
- Fix issue where nxos_user unintentionally creates user with two different roles
- Fix issue where purge breaks with empty aggregate
- Fix issue with callbacks ``set_options`` method that was not called with \ 
collections
- Fix multiple issues with how nxos_vlans Resource Module behaves
- Fix nxos_hsrp throwing a KeyError for `auth_enc`
- Fix nxos_vxlan_vtep_vni rendering duplicate peer-ip commands
- Fix ordering of the commands sent in nxos_snmp_community
- Fix regular expression to allow dots in username
- Fixes in network action plugins load from collections using module prefix
- Fixes in network action plugins to work in network connection plugin and \ 
modules in collection
- Make netconf plugin configurable to set ncclient device handler name in \ 
netconf plugin
- Netconf modules are sending a bad rpc call for IOS-XR
- Use correct datastore in multi-datacenter environment while using vmware_deploy_ovf
- When cloning vm from the template it assigned Blank template to it and when \ 
rerun playbook it failed.
- ansible-galaxy - Expand the ``User-Agent`` to include more information and add \ 
it to more calls to Galaxy endpoints.
- ansible-galaxy - Treat the ``GALAXY_SERVER_LIST`` config entry that is defined \ 
but with no values as an empty list
- ansible-test no longer tries to install ``coverage`` 5.0+ since those versions \ 
are unsupported
- ansible-test no longer tries to install ``setuptools`` 45+ on Python 2.x since \ 
those versions are unsupported
- ansible-test now ignores warnings when comparing pip versions before and after \ 
integration tests run
- ansible-test now properly recognizes modules and module_utils in collections \ 
when using the ``blacklist`` plugin for the ``pylint`` sanity test
- collection_loader - sort Windows modules below other plugin types so the \ 
correct builtin plugin inside a role is selected
- cyberarkpassword - fix invalid attribute access
- display logging - Fix issue where 3rd party modules will print tracebacks when \ 
attempting to log information when ``ANSIBLE_LOG_PATH`` is set - \ 
https://github.com/ansible/ansible/issues/65249
- display logging - Fixed up the logging formatter to use the proper prefixes \ 
for ``u=user`` and ``p=process``
- display logging - Re-added the ``name`` attribute to the log formatter so that \ 
the source of the log can be seen
- dnf module - Ensure the modules exit_json['msg'] response is always string, \ 
not sometimes a tuple.
- docker_container - wait for removal of container if docker API returns early
- docker_image - fix validation of build options.
- docker_image - improve file handling when loading images from disk.
- docker_login - fix error handling when ``username`` or ``password`` is not \ 
specified when ``state`` is ``present``.
- docker_network - fix idempotency for multiple IPAM configs of the same IP version
- docker_network - validate IPAM config subnet CIDR notation on module setup and \ 
not during idempotence checking.
- docker_swarm_service - fix task always reporting as changed when using \ 
``healthcheck.start_period``.
- ec2_group - Fix regression with revoking security groups in EC2 Classic Load \ 
Balancers.
- ec2_group_info, ec2_vol_info, ec2_vol_info - Fixed RuntimeErrors on Python3.8 \ 
when iterating filter dictionaries.
- elb_application_lb, elb_network_lb - fixed errors during listener rule \ 
comparison which caused broken JSON, and which caused some values not being \ 
compared correctly.
- elb_application_lb, elb_network_lb - idempotence check for rules now compares \ 
all values order-independently, instead of just comparing the first value if \ 
multiple are specified.
- fact gathering - Display warnings and deprecation messages that are created \ 
during the fact gathering phase
- gitlab_runner - fix idempotency for shared runner
- mysql - dont mask ``mysql_connect`` function errors from modules
- openssl_certificate - ``provider`` option was documented as required, but it \ 
was not checked whether it was provided. It is now only required when ``state`` \ 
is ``present``.
- ovirt_network: correct external_provider logic - first try to import when not \ 
found try to create it
- pacman - Fix pacman output parsing on localized environment.
- paramiko - catch and handle exception to prevent stack trace when running in \ 
FIPS mode
- postgresql_privs - fix sorting lists with None elements for python3
- postgresql_schema - use query parameters with cursor object
- postgresql_sequence - use query parameters with cursor object
- postgresql_set - use query parameters with cursor object
- postgresql_slot - use query parameters with cursor object
- roles - Ensure that ``allow_duplicates: true`` enables to run single role \ 
multiple times
- terraform - adding support for absolute paths additionally to the relative \ 
path within project_path
- terraform module - fixes usage for providers not supporting workspaces
- user - fix comparison on macOS so module does not improperly report a change
- user - on systems using busybox, honor the ``on_changed`` parameter to prevent \ 
unnecessary password changing
- win_uri win_get_url - Fix the behaviour of ``follow_redirects: safe`` to \ 
actual redirect on ``GET`` and ``HEAD`` requests - \ 
https://github.com/ansible/ansible/issues/65556
- yum - performance bugfix, the YumBase object was being  instantiated multiple \ 
times unnecessarily, which lead to considerable overhead when operating against \ 
large sets of packages.

New Plugins

Netconf
- ce - Use ce netconf plugin to run netconf commands on Huawei Cloudengine platform
- default - Use default netconf plugin to run standard netconf commands as per RFC
- iosxr - Use iosxr netconf plugin to run netconf commands on Cisco IOSXR platform
- junos - Use junos netconf plugin to run netconf commands on Juniper JUNOS platform
- sros - Use Nokia SROS netconf plugin to run netconf commands on Nokia SROS platform