Red Hat Ansible Automation Platform 2.4: RHSA-2023:4693-01 Moderate Alert

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es): * automation-eda-controller: token exposed at importing project (CVE-2023-4380) * python3-cryptography/python39-cryptography: memory corruption via immutable objects (CVE-2023-23931) * python3-django/python39-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053) * python3-requests/python39-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes for Event-Driven Ansible: * automation-eda-controller has been updated to 1.0.1 * Fixed Contributor and editor roles cannot set the AWX token (AAP-11573) * Onboarding journey wizard does not request a controller token creation (AAP-11907) * Wrong count of “restarts” field (AAP-12042) * Filtering on any list only works for items in view (AAP-12446) * Missing audit records in a running activations with many firings (AAP-12522) * When a job template fails the event payload is missing key attributes (AAP-12529) * Fix a git token leak when the import project fails. (AAP-12767) * Restart policy in k8s doesn’t restart successful activations that are marked as failed (AAP-12862) * Inconsistent status when disabling/enabling activations (AAP-12896) * run_job_template action fails and the rule is not counted as fired (AAP-12909) * Bulk deletion on rulebook activation list is not consistent (AAP-13093) * Rulebook Activation link is not functioning in Rule Audit Detail Screen (AAP-13182) * Previously project credentials couldn't be updated if there was a change to the credential used in the project, now credentials can be updated in a project with a new or different credential. (AAP-13983)