Subject: [ansible-devel] New Ansible releases 2.8.4, 2.7.13, and 2.6.19

Hi all- we're happy to announce that the general releases of Ansible
2.8.4, 2.7.13, and 2.6.19 are now available!
How do you get it?

$ pip install ansible==2.8.4 --user
$ pip install ansible==2.7.13 --user
$ pip install ansible==2.6.19 --user

The tar.gz of the releases can be found here:

* 2.8.4
  SHA256: a0153e2de3619b7e307df179cd91a3c3804cf1fe048273fe4ea5238b76679ff1
* 2.7.13
  SHA256: 339c87a1bf9e8555ce1e1c1a9452d8ed1df240944ec1a3fc2e813e6c7d70aeae
* 2.6.19
  SHA256: dbcfc9ddf620d05e1147b4c713738045a67c32be7260b11cbdbd84e92b77ca06
What's new in 2.8.4, 2.7.13, and 2.6.19

2.7.13 and 2.6.19 are security releases containing a fix for
CVE-2019-10206.  2.8.4 is a maintenance release containing numerous
bugfixes in addition to a fix for CVE-2019-10206 and CVE-2019-10217
(the latter does not affect 2.7.13 and 2.6.19).

CVEs fixed:
* CVE-2019-10206:  Avoid templating passwords from the command prompt
as templating may reveal secret information.
* CVE-2019-10217: Add no_log to credential fields in gcp_* modules so
that these modules do not display credentials on stdout or save them
to log iles.

The full changelogs for these releases are at:

* 2.8.4
* 2.7.13
* 2.6.19
What's the schedule for future maintenance releases?

Future maintenance releases of 2.8.4 will occur approximately every 3
weeks.  So expect
the next one around 2019-09-05.

2.7.x and 2.6.x are released on an as needed basis for critical and
security bugfixes respectively.

Porting Help

We've published a porting guide at to
help migrate your content to 2.8.
If you discover any errors or if any of your working playbooks break when you
upgrade to 2.8.4, please use the following link to report the regression:

In your issue, be sure to mention the Ansible version that works and the one
that doesn't.


-Toshio Kuratomi