ansible-os-hardening

v10.6.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 8d Configuration Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ansible ansible-collection collection devsec hardening linux

+9 more

mysql-hardening nginx nginx-hardening os-hardening playbook protection role ssh-hardening sysctl

Affected surfaces

auth rbac

Summary

AI summary

Updates https://github.com/apps/renovate, https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening, and https://github.com/schurzi across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Restrict ptrace attach to privileged users. Restrict ptrace attach to privileged users. Source: llm_adapter@2026-05-26 Confidence: high	—
Feature	Medium	Update APT package cache before installing any package. Update APT package cache before installing any package. Source: llm_adapter@2026-05-26 Confidence: high	—
Feature	Medium	Update supported OS versions to Fedora 42/43/44 and Ubuntu 22.04/24.04/26.04. Update supported OS versions to Fedora 42/43/44 and Ubuntu 22.04/24.04/26.04. Source: llm_adapter@2026-05-26 Confidence: high	—
Dependency
Dependency	Low	Update dependency ansible-core to v2.21.0. Update dependency ansible-core to v2.21.0. Source: llm_adapter@2026-05-26 Confidence: high	—
Dependency	Low	Update actions/labeler action to v6.1.0. Update actions/labeler action to v6.1.0. Source: llm_adapter@2026-05-26 Confidence: high	—
Dependency	Low	Update dev-sec/.github digest to 2cd0028. Update dev-sec/.github digest to 2cd0028. Source: llm_adapter@2026-05-26 Confidence: high	—
Dependency	Low	Update ansible/ansible-lint digest to 5fac056. Update ansible/ansible-lint digest to 5fac056. Source: llm_adapter@2026-05-26 Confidence: high	—
Dependency	Low	Update dependency molecule to v26. Update dependency molecule to v26. Source: llm_adapter@2026-05-26 Confidence: high	—

Full changelog

Changelog

10.6.0 (2026-05-26)

Full Changelog

Implemented enhancements:

Update APT package cache before installing any package in case freshly installed system. #945
Restrict ptrace attach to privileged users #949 [os_hardening] (schurzi)
Update supported OS versions to current Fedora (42/43/44) and Ubuntu (22.04/24.04/26.04) #946 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)

Merged pull requests:

Update dependency ansible-core to v2.21.0 #948 (renovate[bot])
Update actions/labeler action to v6.1.0 #947 (renovate[bot])
Update dev-sec/.github digest to 2cd0028 #943 (renovate[bot])
Update ansible/ansible-lint digest to 5fac056 #942 (renovate[bot])
Update dependency molecule to v26 #935 (renovate[bot])
Update dependency ansible-core to v2.20.5 #910 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ansible-os-hardening

Get notified when new releases ship.

About ansible-os-hardening

Ansible role for OS hardening

All releases →

ansible-os-hardening

Summary

Changes in this release

Changelog

10.6.0 (2026-05-26)

Related context

Related tools