Updated Named URLs to allow for testing the presence or absence of objects (CVE-2020-14337)
Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)
Fixed Tower Server Side Request Forgery on Webhooks (CVE-2020-14328)
Fixed Tower sensitive data exposure on labels (CVE-2020-14329)
Added local caching for downloaded roles and collections so they are not re-downloaded on nodes where they have already been updated
Fixed Towerβs task scheduler to no longer deadlock for clustered installations with large numbers of nodes
Fixed the Credential Type definitions to no longer allow superusers to run unsafe Python code
Fixed credential lookups from CyberArk AIM to no longer fail unexpectedly
Fixed upgrades from 3.5 to 3.6 on RHEL8 in order for PostgreSQL client libraries to be upgraded on Tower nodes, which fixes the backup/restore function
Fixed backup/restore for PostgreSQL usernames that include capital letters
Fixed manually added host variables to no longer be removed on VMWare vCenter inventory syncs
Fixed Red Hat Satellite inventory syncs to allow Tower to properly respect the verify_ssl flag