(RHSA-2021:0780) Important: Red Hat Ansible Tower 3.8.2-1 - Container security and bug fix update

Security Fix(es):

• Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
• Upgraded to a more recent version of Django to address CVE-2021-3281.
• Upgraded to a more recent version of autobahn to address CVE-2020-35678.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
• Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
• Fixed several issues related to how Tower rotates its log files.
• Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
• Fixed a bug which can cause unanticipated delays in certain playbook output.
• Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
• Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
• Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
• Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
• Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail.