New release v2.17.11rc1 (#84981)

match file name to package_manager detection of dnf5

(cherry picked from commit 6fc592df9b)

.azure-pipelines/azure-pipelines.yml

@@ -31,7 +31,7 @@ variables:
   - name: fetchDepth
     value: 500
   - name: defaultContainer
-    value: quay.io/ansible/azure-pipelines-test-container:7.0.0
+    value: quay.io/ansible/azure-pipelines-test-container:6.0.0
 
 pool: Standard
 
@@ -54,12 +54,12 @@ stages:
           nameFormat: Python {0}
           testFormat: units/{0}
           targets:
+            - test: 3.7
+            - test: 3.8
             - test: 3.9
             - test: '3.10'
             - test: 3.11
             - test: 3.12
-            - test: 3.13
-            - test: 3.14
   - stage: Windows
     dependsOn: []
     jobs:
@@ -68,50 +68,39 @@ stages:
           nameFormat: Server {0}
           testFormat: windows/{0}/1
           targets:
-            - name: 2016 WinRM HTTP
-              test: 2016/winrm/http
-            - name: 2019 WinRM HTTPS
-              test: 2019/winrm/https
-            - name: 2022 WinRM HTTPS
-              test: 2022/winrm/https
-            - name: 2022 PSRP HTTP
-              test: 2022/psrp/http
-            - name: 2022 SSH Key
-              test: 2022/ssh/key
-            - name: 2025 PSRP HTTP
-              test: 2025/psrp/http
-            - name: 2025 SSH Key
-              test: 2025/ssh/key
+            - test: 2016
+            - test: 2019
+            - test: 2022
   - stage: Remote
     dependsOn: []
     jobs:
       - template: templates/matrix.yml  # context/target
         parameters:
           targets:
-            - name: macOS 15.3
-              test: macos/15.3
-            - name: RHEL 9.6 py39
-              test: rhel/9.6@3.9
-            - name: RHEL 9.6 py312
-              test: rhel/9.6@3.12
-            - name: RHEL 10.0
-              test: rhel/10.0
-            - name: FreeBSD 13.5
-              test: freebsd/13.5
-            - name: FreeBSD 14.3
-              test: freebsd/14.3
+            - name: macOS 14.3
+              test: macos/14.3
+            - name: RHEL 9.3 py39
+              test: rhel/9.3@3.9
+            - name: RHEL 9.3 py311
+              test: rhel/9.3@3.11
+            - name: FreeBSD 13.3
+              test: freebsd/13.3
+            - name: FreeBSD 14.0
+              test: freebsd/14.0
           groups:
             - 1
             - 2
       - template: templates/matrix.yml  # context/controller
         parameters:
           targets:
-            - name: macOS 15.3
-              test: macos/15.3
-            - name: RHEL 9.6
-              test: rhel/9.6
-            - name: RHEL 10.0
-              test: rhel/10.0
+            - name: macOS 14.3
+              test: macos/14.3
+            - name: RHEL 9.3
+              test: rhel/9.3
+            - name: FreeBSD 13.3
+              test: freebsd/13.3
+            - name: FreeBSD 14.0
+              test: freebsd/14.0
           groups:
             - 3
             - 4
@@ -119,58 +108,48 @@ stages:
       - template: templates/matrix.yml  # context/controller (ansible-test container management)
         parameters:
           targets:
-            - name: Alpine 3.22
-              test: alpine/3.22
-            - name: Fedora 42
-              test: fedora/42
-            - name: RHEL 9.6
-              test: rhel/9.6
-            - name: RHEL 10.0
-              test: rhel/10.0
-            - name: Ubuntu 24.04
-              test: ubuntu/24.04
+            - name: Alpine 3.19
+              test: alpine/3.19
+            - name: Fedora 39
+              test: fedora/39
+            - name: RHEL 9.3
+              test: rhel/9.3
+            - name: Ubuntu 22.04
+              test: ubuntu/22.04
           groups:
             - 6
   - stage: Docker
     dependsOn: []
     jobs:
-      - template: templates/matrix.yml  # context/target
+      - template: templates/matrix.yml
         parameters:
           testFormat: linux/{0}
           targets:
-            - name: Alpine 3.22
-              test: alpine322
-            - name: Fedora 42
-              test: fedora42
+            - name: Alpine 3.19
+              test: alpine319
+            - name: Fedora 39
+              test: fedora39
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
-            - name: Ubuntu 24.04
-              test: ubuntu2404
           groups:
             - 1
             - 2
-      - template: templates/matrix.yml  # context/controller
+      - template: templates/matrix.yml
         parameters:
           testFormat: linux/{0}
           targets:
-            - name: Alpine 3.22
-              test: alpine322
-            - name: Fedora 42
-              test: fedora42
-            - name: Ubuntu 24.04
-              test: ubuntu2404
+            - name: Alpine 3.19
+              test: alpine319
+            - name: Fedora 39
+              test: fedora39
+            - name: Ubuntu 22.04
+              test: ubuntu2204
           groups:
             - 3
             - 4
             - 5
-      - template: templates/matrix.yml  # context/target (dnf-oldest, dnf-latest)
-        parameters:
-          testFormat: linux/{0}
-          targets:
-            - name: Fedora 42
-              test: fedora42
-          groups:
-            - 7
   - stage: Galaxy
     dependsOn: []
     jobs:
@@ -179,9 +158,9 @@ stages:
           nameFormat: Python {0}
           testFormat: galaxy/{0}/1
           targets:
+            - test: '3.10'
+            - test: 3.11
             - test: 3.12
-            - test: 3.13
-            - test: 3.14
   - stage: Generic
     dependsOn: []
     jobs:
@@ -190,9 +169,9 @@ stages:
           nameFormat: Python {0}
           testFormat: generic/{0}/1
           targets:
+            - test: '3.10'
+            - test: 3.11
             - test: 3.12
-            - test: 3.13
-            - test: 3.14
   - stage: Incidental_Windows
     displayName: Incidental Windows
     dependsOn: []
@@ -202,20 +181,18 @@ stages:
           nameFormat: Server {0}
           testFormat: i/windows/{0}
           targets:
-            - name: 2016 WinRM HTTP
-              test: 2016/winrm/http
-            - name: 2019 WinRM HTTPS
-              test: 2019/winrm/https
-            - name: 2022 WinRM HTTPS
-              test: 2022/winrm/https
-            - name: 2022 PSRP HTTP
-              test: 2022/psrp/http
-            - name: 2022 SSH Key
-              test: 2022/ssh/key
-            - name: 2025 PSRP HTTP
-              test: 2025/psrp/http
-            - name: 2025 SSH Key
-              test: 2025/ssh/key
+            - test: 2016
+            - test: 2019
+            - test: 2022
+  - stage: Incidental
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: i/{0}/1
+          targets:
+            - name: IOS Python
+              test: ios/csr1000v/
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
@@ -227,5 +204,6 @@ stages:
       - Galaxy
       - Generic
       - Incidental_Windows
+      - Incidental
     jobs:
       - template: templates/coverage.yml

.azure-pipelines/commands/generic.sh

@@ -13,9 +13,6 @@ else
     target="shippable/generic/"
 fi
 
-stage="${S:-prod}"
-
 # shellcheck disable=SC2086
 ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    --remote-terminate always --remote-stage "${stage}" \
     --docker default --python "${python}"

.azure-pipelines/commands/incidental/ios.sh

@@ -0,0 +1 @@
+network.sh

.azure-pipelines/commands/incidental/network.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -o pipefail -eux
+
+declare -a args
+IFS='/:' read -ra args <<< "$1"
+
+platform="${args[0]}"
+version="${args[1]}"
+python_version="${args[2]}"
+
+target="shippable/${platform}/incidental/"
+
+stage="${S:-prod}"
+provider="${P:-default}"
+
+# python versions to test in order
+# all versions run full tests
+IFS=' ' read -r -a python_versions <<< \
+    "$(PYTHONPATH="${PWD}/test/lib" python -c 'from ansible_test._internal import constants; print(" ".join(constants.CONTROLLER_PYTHON_VERSIONS))')"
+
+if [ "${python_version}" ]; then
+    # limit tests to a single python version
+    python_versions=("${python_version}")
+fi
+
+for python_version in "${python_versions[@]}"; do
+    # terminate remote instances on the final python version tested
+    if [ "${python_version}" = "${python_versions[-1]}" ]; then
+        terminate="always"
+    else
+        terminate="never"
+    fi
+
+    # shellcheck disable=SC2086
+    ansible-test network-integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
+        --platform "${platform}/${version}" \
+        --docker default --python "${python_version}" \
+        --remote-terminate "${terminate}" --remote-stage "${stage}" --remote-provider "${provider}"
+done

.azure-pipelines/commands/incidental/windows.sh

@@ -6,8 +6,6 @@ declare -a args
 IFS='/:' read -ra args <<< "$1"
 
 version="${args[1]}"
-connection="${args[2]}"
-connection_setting="${args[3]}"
 
 target="shippable/windows/incidental/"
 
@@ -28,7 +26,11 @@ if [ -s /tmp/windows.txt ] || [ "${CHANGED:+$CHANGED}" == "" ]; then
     echo "Detected changes requiring integration tests specific to Windows:"
     cat /tmp/windows.txt
 
-    echo "Running Windows integration tests for the version ${version}."
+    echo "Running Windows integration tests for multiple versions concurrently."
+
+    platforms=(
+        --windows "${version}"
+    )
 else
     echo "No changes requiring integration tests specific to Windows were detected."
     echo "Running Windows integration tests for a single version only: ${single_version}"
@@ -37,10 +39,14 @@ else
         echo "Skipping this job since it is for: ${version}"
         exit 0
     fi
+
+    platforms=(
+        --windows "${version}"
+    )
 fi
 
 # shellcheck disable=SC2086
 ansible-test windows-integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    --controller "docker:default,python=${python_default}" \
-    --target "remote:windows/${version},connection=${connection}+${connection_setting},provider=${provider}" \
-    --remote-terminate always --remote-stage "${stage}"
+    "${platforms[@]}" \
+    --docker default --python "${python_default}" \
+    --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}"

.azure-pipelines/commands/windows.sh

@@ -6,9 +6,7 @@ declare -a args
 IFS='/:' read -ra args <<< "$1"
 
 version="${args[1]}"
-connection="${args[2]}"
-connection_setting="${args[3]}"
-group="${args[4]}"
+group="${args[2]}"
 
 target="shippable/windows/group${group}/"
 
@@ -33,7 +31,11 @@ if [ -s /tmp/windows.txt ] || [ "${CHANGED:+$CHANGED}" == "" ]; then
     echo "Detected changes requiring integration tests specific to Windows:"
     cat /tmp/windows.txt
 
-    echo "Running Windows integration tests for the version ${version}."
+    echo "Running Windows integration tests for multiple versions concurrently."
+
+    platforms=(
+        --windows "${version}"
+    )
 else
     echo "No changes requiring integration tests specific to Windows were detected."
     echo "Running Windows integration tests for a single version only: ${single_version}"
@@ -42,13 +44,17 @@ else
         echo "Skipping this job since it is for: ${version}"
         exit 0
     fi
+
+    platforms=(
+        --windows "${version}"
+    )
 fi
 
-for py_version in "${python_versions[@]}"; do
+for version in "${python_versions[@]}"; do
     changed_all_target="all"
     changed_all_mode="default"
 
-    if [ "${py_version}" == "${python_default}" ]; then
+    if [ "${version}" == "${python_default}" ]; then
         # smoketest tests
         if [ "${CHANGED}" ]; then
             # with change detection enabled run tests for anything changed
@@ -74,7 +80,7 @@ for py_version in "${python_versions[@]}"; do
     fi
 
     # terminate remote instances on the final python version tested
-    if [ "${py_version}" = "${python_versions[-1]}" ]; then
+    if [ "${version}" = "${python_versions[-1]}" ]; then
         terminate="always"
     else
         terminate="never"
@@ -82,8 +88,7 @@ for py_version in "${python_versions[@]}"; do
 
     # shellcheck disable=SC2086
     ansible-test windows-integration --color -v --retry-on-error "${ci}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-        --changed-all-target "${changed_all_target}" --changed-all-mode "${changed_all_mode}" \
-        --controller "docker:default,python=${py_version}" \
-        --target "remote:windows/${version},connection=${connection}+${connection_setting},provider=${provider}" \
-        --remote-terminate "${terminate}" --remote-stage "${stage}"
+        "${platforms[@]}" --changed-all-target "${changed_all_target}" --changed-all-mode "${changed_all_mode}" \
+        --docker default --python "${version}" \
+        --remote-terminate "${terminate}" --remote-stage "${stage}" --remote-provider "${provider}"
 done

.azure-pipelines/scripts/dependencies/.pip-tools.toml

@@ -1,6 +0,0 @@
-[tool.pip-tools]
-allow-unsafe = true  # weird outdated default
-annotation-style = "line"  # put the source tracking comments inline
-generate-hashes = false  # pip bug https://github.com/pypa/pip/issues/9243
-resolver = "backtracking"  # modern depresolver
-strip-extras = true  # so that output files are true pip constraints

.azure-pipelines/scripts/dependencies/codecov.in

@@ -1 +0,0 @@
-codecov-cli

.azure-pipelines/scripts/dependencies/codecov.txt

@@ -1,18 +0,0 @@
-#
-# This file is autogenerated by pip-compile with Python 3.13
-# by the following command:
-#
-#    pip-compile --allow-unsafe --annotation-style=line --output-file=codecov.txt --strip-extras codecov.in
-#
-certifi==2025.8.3         # via requests, sentry-sdk
-charset-normalizer==3.4.3  # via requests
-click==8.2.1              # via codecov-cli
-codecov-cli==11.2.3       # via -r codecov.in
-idna==3.10                # via requests
-ijson==3.4.0              # via codecov-cli
-pyyaml==6.0.2             # via codecov-cli
-requests==2.32.5          # via responses
-responses==0.21.0         # via codecov-cli
-sentry-sdk==2.38.0        # via codecov-cli
-test-results-parser==0.5.4  # via codecov-cli
-urllib3==2.5.0            # via requests, responses, sentry-sdk

.azure-pipelines/scripts/publish-codecov.py

@@ -9,15 +9,11 @@ from __future__ import annotations
 import argparse
 import dataclasses
 import pathlib
-import shlex
+import shutil
 import subprocess
 import tempfile
 import typing as t
-import venv
-
-
-SCRIPTS_DIR = pathlib.Path(__file__).parent.resolve()
-DEPS_DIR = SCRIPTS_DIR / 'dependencies'
+import urllib.request
 
 
 @dataclasses.dataclass(frozen=True)
@@ -47,49 +43,6 @@ def parse_args() -> Args:
     return Args(**kwargs)
 
 
-def run(
-    *args: str | pathlib.Path,
-    dry_run: bool = False,
-) -> None:
-    """
-    Log and run given command.
-
-    The command is not actually executed if ``dry_run`` is truthy.
-    """
-    cmd = [str(arg) for arg in args]
-
-    dry_prefix = '[would run] ' if dry_run else ''
-    print(f'==> {dry_prefix}{shlex.join(cmd)}', flush=True)
-
-    if not dry_run:
-        subprocess.run(cmd, check=True)
-
-
-def install_codecov(dest: pathlib.Path, dry_run: bool = False) -> pathlib.Path:
-    """Populate a transitively pinned venv with ``codecov-cli``."""
-    requirement_file = DEPS_DIR / 'codecov.in'
-    constraint_file = requirement_file.with_suffix('.txt')
-
-    venv_dir = dest / 'venv'
-    python_bin = venv_dir / 'bin' / 'python'
-    codecov_bin = venv_dir / 'bin' / 'codecovcli'
-
-    venv.create(venv_dir, with_pip=True)
-
-    run(
-        python_bin,
-        '-m',
-        'pip',
-        'install',
-        f'--constraint={constraint_file!s}',
-        f'--requirement={requirement_file!s}',
-        '--disable-pip-version-check',
-        dry_run=dry_run,
-    )
-
-    return codecov_bin
-
-
 def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
     processed = []
     for file in directory.joinpath('reports').glob('coverage*.xml'):
@@ -104,67 +57,45 @@ def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
     return tuple(processed)
 
 
-def upload_files(codecov_bin: pathlib.Path, config_file: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
+def upload_files(codecov_bin: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
     for file in files:
         cmd = [
-            codecov_bin,
-            '--disable-telem',
-            '--codecov-yml-path',
-            config_file,
-            'upload-process',
-            '--disable-search',
-            '--disable-file-fixes',
-            '--plugin',
-            'noop',
-            '--name',
-            file.name,
-            '--file',
-            file.path,
+            str(codecov_bin),
+            '--name', file.name,
+            '--file', str(file.path),
         ]
-
         for flag in file.flags:
-            cmd.extend(['--flag', flag])
+            cmd.extend(['--flags', flag])
 
         if dry_run:
-            cmd.append('--dry-run')
+            print(f'DRY-RUN: Would run command: {cmd}')
+            continue
 
-        run(*cmd)
+        subprocess.run(cmd, check=True)
 
 
-def report_upload_completion(
-    codecov_bin: pathlib.Path,
-    config_file: pathlib.Path,
-    dry_run: bool = False,
-) -> None:
-    """Notify Codecov backend that all reports we wanted are in."""
-    cmd = [
-        codecov_bin,
-        '--disable-telem',
-        f'--codecov-yml-path={config_file}',
-        'send-notifications',
-    ]
+def download_file(url: str, dest: pathlib.Path, flags: int, dry_run: bool = False) -> None:
+    if dry_run:
+        print(f'DRY-RUN: Would download {url} to {dest} and set mode to {flags:o}')
+        return
 
-    run(*cmd, dry_run=dry_run)
+    with urllib.request.urlopen(url) as resp:
+        with dest.open('w+b') as f:
+            # Read data in chunks rather than all at once
+            shutil.copyfileobj(resp, f, 64 * 1024)
 
+    dest.chmod(flags)
 
-def main() -> None:
-    args = parse_args()
 
+def main():
+    args = parse_args()
+    url = 'https://ci-files.testing.ansible.com/codecov/linux/codecov'
     with tempfile.TemporaryDirectory(prefix='codecov-') as tmpdir:
-        config_file = pathlib.Path(tmpdir) / 'config.yml'
-        # Refs:
-        # * https://docs.codecov.com/docs/codecovyml-reference#codecovnotifymanual_trigger
-        # * https://docs.codecov.com/docs/notifications#preventing-notifications-until-youre-ready-to-send-notifications
-        config_file.write_text('codecov:\n  notify:\n    manual_trigger: true')
-
-        codecov_bin = install_codecov(
-            pathlib.Path(tmpdir),
-            dry_run=args.dry_run,
-        )
+        codecov_bin = pathlib.Path(tmpdir) / 'codecov'
+        download_file(url, codecov_bin, 0o755, args.dry_run)
+
         files = process_files(args.path)
-        upload_files(codecov_bin, config_file, files, args.dry_run)
-        # Ref: https://docs.codecov.com/docs/cli-options#send-notifications
-        report_upload_completion(codecov_bin, config_file, args.dry_run)
+        upload_files(codecov_bin, files, args.dry_run)
 
 
 if __name__ == '__main__':

.azure-pipelines/scripts/report-coverage.sh

@@ -12,6 +12,6 @@ if ! ansible-test --help >/dev/null 2>&1; then
     pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
 fi
 
-# Generate stubs using docker.
-# The use of docker is mandatory when Powershell code is present.
-ansible-test coverage xml --group-by command --stub --docker --color -v
+# Generate stubs using docker (if supported) otherwise fall back to using a virtual environment instead.
+# The use of docker is required when Powershell code is present, but Ansible 2.12 was the first version to support --docker with coverage.
+ansible-test coverage xml --group-by command --stub --docker --color -v || ansible-test coverage xml --group-by command --stub --venv --color -v

.azure-pipelines/templates/coverage.yml

@@ -7,7 +7,6 @@ jobs:
   - job: Coverage
     displayName: Code Coverage
     container: $[ variables.defaultContainer ]
-    timeoutInMinutes: 10
     workspace:
       clean: all
     steps:

.azure-pipelines/templates/test.yml

@@ -12,7 +12,6 @@ jobs:
     - job: test_${{ replace(replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_'), '@', '_') }}
       displayName: ${{ job.name }}
       container: $[ variables.defaultContainer ]
-      timeoutInMinutes: 65
       workspace:
         clean: all
       steps:

.claude/commands/review.md

@@ -1,55 +0,0 @@
----
-description: Review an Ansible PR following the project's standardized process from CLAUDE.md
-argument-hint: <pr_number>
-allowed-tools: [TodoWrite, Bash(gh pr view:*), Bash(gh pr diff:*), Bash(gh pr checkout:*), Bash(gh pr checks:*), Read, Grep, Glob, Search]
----
-
-PR Review Command
-=================
-
-Review an Ansible PR following the project's standardized process from `CLAUDE.md`.
-
-Usage
------
-
-```bash
-/review <pr_number>
-```
-
-Arguments
----------
-
-- `pr_number` (required): The GitHub PR number to review
-
-Implementation
---------------
-
-This command implements the PR Review Guidelines documented in the `PR Review Guidelines` section of CLAUDE.md.
-
-Review Process Steps
---------------------
-
-The command follows these numbered steps from CLAUDE.md:
-
-1. **Create TodoWrite list** for systematic review tracking
-2. **Get PR details**: `gh pr view <number>` to understand scope, motivation and the desired outcome
-3. **Get PR diff**: `gh pr diff <number>` to see all changes
-4. **Check required components FIRST**:
-   - Verify changelog fragment exists in `changelogs/fragments/`
-   - Verify changelog uses correct section (check `changelogs/config.yaml`)
-   - Verify tests exist and specifically cover the changed code paths
-   - Unit tests should be pytest style, and functional rather than tightly coupled to mocking
-   - Integration tests required for almost all plugin changes
-5. **Checkout PR branch**: `gh pr checkout <number>` to examine code holistically
-6. **Review existing feedback**: `gh pr view <number> --comments` for all comments and previous reviews
-7. **Verify all issues addressed**: Ensure bot failures, reviewer requests, and discussion points are resolved
-8. **Call out unresolved feedback**: Explicitly mention any discussions/requests that remain unaddressed
-
-Critical Review Elements
-------------------------
-
-- **Licensing**: Verify GPLv3/BSD-2-Clause compatibility for any new dependencies
-- **Test scope**: Tests must exercise actual changed code, not just add random coverage
-- **Changelog validation**: Fragment structure follows sections defined in `changelogs/config.yaml`
-
-Each step is tracked in TodoWrite for visibility and systematic completion. A review round should not exceed 20 feedback items.

.git-blame-ignore-revs

@@ -2,5 +2,3 @@
 # Bulk PowerShell sanity fixes
 6def4a3180fe03981ba64c6d8db28fed3bb39c0c
 716631189cb5a3f66b3add98f39e64e98bc17bf7
-# Bulk update of strings from triple single quotes to triple double quotes
-a0495fc31497798a7a833ba7406a9729e1528dd8

.github/CONTRIBUTING.md

@@ -4,14 +4,9 @@ Hi! Nice to see you here!
 
 ## QUESTIONS ?
 
-If you have questions about anything related to Ansible, get in touch with us!
-See [Communicating with the Ansible community](https://docs.ansible.com/ansible/devel/community/communication.html) to find out how.
+Please see the [Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for information on how to ask questions on the [mailing lists](https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information) and IRC.
 
-The [Community Guide](https://docs.ansible.com/ansible/devel/community/index.html) also explains how to contribute
-and interact with the project, including how to submit bug reports and code to Ansible.
-
-Please note that the GitHub issue tracker is not the best place to ask questions for several reasons.
-You'll get more helpful, and quicker, responses in the forum.
+The GitHub issue tracker is not the best place for questions for various reasons, but both IRC and the mailing list are very helpful places for those things, as the community page explains best.
 
 ## CONTRIBUTING ?
 
@@ -19,18 +14,15 @@ By contributing to this project you agree to the [Developer Certificate of Origi
 
 The Ansible project is licensed under the [GPL-3.0](COPYING) or later. Some portions of the code fall under other licenses as noted in individual files.
 
-The Ansible project accepts contributions through GitHub pull requests.
-Please review the [Community Guide](https://docs.ansible.com/ansible/devel/community/index.html) for more information on contributing to Ansible.
+The Ansible project accepts contributions through GitHub pull requests. Please review the [Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for more information on contributing to Ansible.
 
 ## BUG TO REPORT ?
 
-First and foremost, also check the [Community Guide](https://docs.ansible.com/ansible/devel/community/index.html).
+First and foremost, also check the [Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).
 
-You can report bugs or make enhancement requests at
-the [Ansible GitHub issue page](http://github.com/ansible/ansible/issues/new/choose) by filling out the issue template that will be presented.
+You can report bugs or make enhancement requests at the [Ansible GitHub issue page](http://github.com/ansible/ansible/issues/new/choose) by filling out the issue template that will be presented.
 
-Also please make sure you are testing on the latest released version of Ansible or the development branch.
-See the [Installation Guide](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) for details.
+Also please make sure you are testing on the latest released version of Ansible or the development branch; see the [Installation Guide](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) for details.
 
 Thanks!
 

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -19,14 +19,13 @@ body:
       Also test if the latest release and devel branch are affected too.
 
 
-      **Tip:** If you are seeking community support, please see
-      [Communicating with the Ansible community][communication] to
-      get in touch and ask questions.
+      **Tip:** If you are seeking community support, please consider
+      [starting a mailing list thread or chatting in IRC][ML||IRC].
 
 
 
-      [communication]:
-      https://docs.ansible.com/ansible/devel/community/communication.html
+      [ML||IRC]:
+      https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--bug_report.yml#mailing-list-information
 
       [issue search]: ../search?q=is%3Aissue&type=issues
 
@@ -47,7 +46,23 @@ body:
 - type: dropdown
   attributes:
     label: Issue Type
-    description: This is a marker for our automatic bot. Do not change it.
+    description: >
+      Please select the single available option in the drop-down.
+
+      <details>
+        <summary>
+          <em>Why?</em>
+        </summary>
+
+        We would do it by ourselves but unfortunatelly, the curent
+        edition of GitHub Issue Forms Alpha does not support this yet 🤷
+
+
+        _We will make it easier in the future, once GitHub
+        supports dropdown defaults. Promise!_
+
+      </details>
+    # FIXME: Once GitHub allows defining the default choice, update this
     options:
     - Bug Report
   validations:
@@ -105,8 +120,7 @@ body:
     label: Configuration
     description: >-
       Paste verbatim output from `ansible-config dump --only-changed -t all` below, under the prompt line.
-      Remember to redact secret values. You can easily filter Galaxy server secrets using grep,
-      for example `ansible-config dump --only-changed -t all | grep -Ev 'token|password|client_secret'`.
+      (if using a version older than ansible-core 2.12 you should omit the '-t all')
       Please don't wrap it with triple backticks — your
       whole input will be turned into a code snippet automatically.
     render: console
@@ -137,7 +151,7 @@ body:
   attributes:
     label: Steps to Reproduce
     description: |
-      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also provide any playbooks, configs and commands you used.
+      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also pased any playbooks, configs and commands you used.
 
       **HINT:** You can paste https://gist.github.com links for larger files.
     value: |
@@ -244,7 +258,7 @@ body:
     description: |
       Read the [Ansible Code of Conduct][CoC] first.
 
-      [CoC]: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--bug_report.yml
+      [CoC]: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--bug_report.yml
     options:
     - label: I agree to follow the Ansible Code of Conduct
       required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -2,7 +2,7 @@
 blank_issues_enabled: false  # default: true
 contact_links:
 - name: 🔐 Security bug report 🔥
-  url: https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser
+  url: https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser
   about: |
     Please learn how to report security vulnerabilities here.
 
@@ -11,15 +11,15 @@ contact_links:
     a prompt response.
 
     For more information, see
-    https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html
+    https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
 - name: 📝 Ansible Code of Conduct
-  url: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
+  url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
   about: ❤ Be nice to other members of the community. ☮ Behave.
-- name: 💬 Talk to the community
-  url: https://docs.ansible.com/ansible/devel/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#forum
+- name: 💬 Talks to the community
+  url: https://docs.ansible.com/ansible/latest/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#mailing-list-information
   about: Please ask and answer usage questions here
 - name: ⚡ Working groups
-  url: https://forum.ansible.com/g?utm_medium=github&utm_source=issue_template_chooser
+  url: https://github.com/ansible/community/wiki
   about: Interested in improving a specific area? Become a part of a working group!
 - name: 💼 For Enterprise
   url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser

.github/ISSUE_TEMPLATE/documentation_report.yml

@@ -22,14 +22,12 @@ body:
       Also test if the latest release and devel branch are affected too.
 
 
-      **Tip:** If you are seeking community support, please see
-      [Communicating with the Ansible community][communication] to
-      get in touch and ask questions.
+      **Tip:** If you are seeking community support, please consider
+      [starting a mailing list thread or chatting in IRC][ML||IRC].
 
 
-
-      [communication]:
-      https://docs.ansible.com/ansible/devel/community/communication.html
+      [ML||IRC]:
+      https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--documentation_report.yml#mailing-list-information
 
       [issue search]: ../search?q=is%3Aissue&type=issues
 
@@ -84,7 +82,20 @@ body:
 - type: dropdown
   attributes:
     label: Issue Type
-    description: This is a marker for our automatic bot. Do not change it.
+    description: >
+      Please select the single available option in the drop-down.
+
+      <details>
+        <summary>
+          <em>Why?</em>
+        </summary>
+
+
+        _We will make it easier in the future, once GitHub
+        supports dropdown defaults. Promise!_
+
+      </details>
+    # FIXME: Once GitHub allows defining the default choice, update this
     options:
     - Documentation Report
   validations:
@@ -130,8 +141,6 @@ body:
     label: Configuration
     description: >-
       Paste verbatim output from `ansible-config dump --only-changed -t all` below, under the prompt line.
-      Remember to redact secret values. You can easily filter Galaxy server secrets using grep,
-      for example `ansible-config dump --only-changed -t all | grep -Ev 'token|password|client_secret'`.
       (if using a version older than ansible-core 2.12 you should omit the '-t all')
       Please don't wrap it with triple backticks — your
       whole input will be turned into a code snippet automatically.
@@ -196,7 +205,7 @@ body:
     description: |
       Read the [Ansible Code of Conduct][CoC] first.
 
-      [CoC]: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--documentation_report.yml
+      [CoC]: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--documentation_report.yml
     options:
     - label: I agree to follow the Ansible Code of Conduct
       required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -21,7 +21,8 @@ body:
 
       If unsure, consider filing a [new proposal] instead outlining your
       use-cases, the research and implementation considerations. Then,
-      start a discussion in the [Ansible forum][forum].
+      start a discussion on one of the public [IRC meetings] we have just
+      for this.
 
 
       <details>
@@ -43,22 +44,21 @@ body:
       Also test if the devel branch does not already implement this.
 
 
-      **Tip:** If you are seeking community support, please see
-      [Communicating with the Ansible community][communication] to
-      get in touch and ask questions.
+      **Tip:** If you are seeking community support, please consider
+      [starting a mailing list thread or chatting in IRC][ML||IRC].
 
 
 
       [contribute to collections]:
       https://docs.ansible.com/ansible-core/devel/community/contributing_maintained_collections.html?utm_medium=github&utm_source=issue_form--feature_request.yml
 
-      [communication]:
-      https://docs.ansible.com/ansible/devel/community/communication.html
+      [IRC meetings]:
+        https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--feature_request.yml#irc-meetings
 
       [issue search]: ../search?q=is%3Aissue&type=issues
 
-      [forum help]:
-      https://forum.ansible.com/c/help/6
+      [ML||IRC]:
+      https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--feature_request.yml#mailing-list-information
 
       [new proposal]: ../../proposals/issues/new
 
@@ -101,7 +101,23 @@ body:
 - type: dropdown
   attributes:
     label: Issue Type
-    description: This is a marker for our automatic bot. Do not change it.
+    description: >
+      Please select the single available option in the drop-down.
+
+      <details>
+        <summary>
+          <em>Why?</em>
+        </summary>
+
+        We would do it by ourselves but unfortunatelly, the curent
+        edition of GitHub Issue Forms Alpha does not support this yet 🤷
+
+
+        _We will make it easier in the future, once GitHub
+        supports dropdown defaults. Promise!_
+
+      </details>
+    # FIXME: Once GitHub allows defining the default choice, update this
     options:
     - Feature Idea
   validations:
@@ -169,7 +185,7 @@ body:
     description: |
       Read the [Ansible Code of Conduct][CoC] first.
 
-      [CoC]: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--feature_request.yml
+      [CoC]: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--feature_request.yml
     options:
     - label: I agree to follow the Ansible Code of Conduct
       required: true

.github/ISSUE_TEMPLATE/internal_issue.md

@@ -1,10 +0,0 @@
----
-name: Internal Issue
-about: Free-form issue creation for core maintainer use only.
-title: ''
-labels: [core-internal]
-assignees: ''
----
-
-
-@ansibot bot_skip

.github/ISSUE_TEMPLATE/pre_release.yml

@@ -1,42 +0,0 @@
-name: Pre-Release Bug Report
-description: File a bug report against a pre-release version
-labels:
-  - bug
-  - pre_release
-assignees:
-  - nitzmahone
-  - mattclay
-body:
-  - type: markdown
-    attributes:
-      value: |
-        ## Bug Report
-  - type: textarea
-    attributes:
-      label: Ansible Version
-      description: Paste the full output from `ansible --version` below.
-      render: console
-      placeholder: $ ansible --version
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Summary
-      description: Describe the issue with any relevant steps to reproduce.
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: <!-- Bot instructions (ignore this) -->
-      options:
-        - |
-          <!--
-          ### Component Name
-          bin/ansible
-          ### Issue Type
-          Bug Report
-          ### Configuration
-          ### OS / Environment
-          -->
-    validations:
-      required: true

.github/PULL_REQUEST_TEMPLATE/Bug fix.md

@@ -2,8 +2,19 @@
 
 <!--- Describe the change below, including rationale and design decisions -->
 
-<!--- Add "Fixes #1234" or steps to reproduce the problem if there is no corresponding issue -->
+<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
 
 ##### ISSUE TYPE
 
 - Bugfix Pull Request
+
+##### ADDITIONAL INFORMATION
+
+<!--- Include additional information to help people understand the change here -->
+<!--- A step-by-step reproduction of the problem is helpful if there is no related issue -->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+
+```paste below
+
+```

.github/PULL_REQUEST_TEMPLATE/Documentation change.md

@@ -2,8 +2,18 @@
 
 <!--- Describe the change below, including rationale -->
 
-<!--- Add "Fixes #1234" if there is a corresponding issue -->
+<!--- HINT: Include "Closes #nnn" if you are fixing an existing issue -->
 
 ##### ISSUE TYPE
 
 - Docs Pull Request
+
+##### ADDITIONAL INFORMATION
+
+<!--- Include additional information to help people understand the change here -->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+
+```paste below
+
+```

.github/PULL_REQUEST_TEMPLATE/New feature.md

@@ -2,8 +2,18 @@
 
 <!--- Describe the change below, including rationale and design decisions -->
 
-<!--- Add "Fixes #1234" if there is a corresponding issue -->
+<!--- HINT: Include "Resolves #nnn" if you are fixing an existing issue -->
 
 ##### ISSUE TYPE
 
 - Feature Pull Request
+
+##### ADDITIONAL INFORMATION
+
+<!--- Include additional information to help people understand the change here -->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+
+```paste below
+
+```

.github/PULL_REQUEST_TEMPLATE/Tests.md

@@ -2,8 +2,19 @@
 
 <!--- Describe the change below, including rationale and design decisions -->
 
-<!--- Add "Fixes #1234" if there is a corresponding issue -->
+<!--- HINT: Include "Closes #nnn" if you are fixing an existing issue -->
 
 ##### ISSUE TYPE
 
 - Test Pull Request
+
+##### ADDITIONAL INFORMATION
+
+<!--- Include additional information to help people understand the change here -->
+<!--- A step-by-step reproduction of the problem is helpful if there is no related issue -->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+
+```paste below
+
+```

.github/PULL_REQUEST_TEMPLATE/Unclear purpose or motivation.md

@@ -2,7 +2,7 @@
 
 <!--- Describe the change below, including rationale and design decisions -->
 
-<!--- Add "Fixes #1234" or steps to reproduce the problem if there is no corresponding issue -->
+<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
 
 ##### ISSUE TYPE
 
@@ -12,3 +12,14 @@
 - Docs Pull Request
 - Feature Pull Request
 - Test Pull Request
+
+##### ADDITIONAL INFORMATION
+
+<!--- Include additional information to help people understand the change here -->
+<!--- A step-by-step reproduction of the problem is helpful if there is no related issue -->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+
+```paste below
+
+```

.github/RELEASE_NAMES.txt

@@ -1,6 +1,3 @@
-2.20.0  Good Times Bad Times
-2.19.0  What Is and What Should Never Be
-2.18.0  Fool in the Rain
 2.17.0  Gallows Pole
 2.16.0  All My Love
 2.15.0  Ten Years Gone

.gitignore

@@ -92,14 +92,9 @@ Vagrantfile
 /lib/ansible_base.egg-info/
 # First used in the `devel` branch during Ansible 2.11 development.
 /lib/ansible_core.egg-info/
-# First used in the `devel` branch during Ansible 2.18 development.
-/ansible_core.egg-info/
 # vendored lib dir
 lib/ansible/_vendor/*
 !lib/ansible/_vendor/__init__.py
-# PowerShell signed hashlist
-lib/ansible/config/powershell_signatures.psd1
-*.authenticode
 # test stuff
 /test/integration/cloud-config-*.*
 !/test/integration/cloud-config-*.*.template
@@ -127,5 +122,3 @@ test/units/.coverage.*
 /SYMLINK_CACHE.json
 changelogs/.plugin-cache.yaml
 .ansible-test-timeout.json
-# Agents
-CLAUDE.local.md

AGENTS.md

@@ -1,321 +0,0 @@
-# AGENTS.md
-
-This file provides guidance to Claude Code (claude.ai/code) and other compatible agentic tools when working with code in this repository.
-
-**Note:** This file is for AI assistant use only. For human developers, see the [Ansible Developer Guide](https://docs.ansible.com/ansible-core/devel/dev_guide/index.html).
-
-## ⚠️ IMPORTANT: Always Start Here
-
-**BEFORE starting any PR review or development task:**
-
-1. **Read this file first** - Don't work from memory or assumptions
-2. **Use TodoWrite** to create a task list and track progress systematically
-3. **Follow the numbered steps** in the relevant process sections
-4. **Reference Quick Reference** for correct commands and patterns
-
-## ⚠️ CRITICAL: Licensing Requirements
-
-**NEVER suggest, recommend, or approve code that violates these requirements:**
-
-- **ansible-core**: All code must be **GPLv3 compatible**
-- **lib/ansible/module_utils/**: Defaults to **BSD-2-Clause** (more permissive)
-- **External dependencies**: Only recommend libraries compatible with these licenses
-- **PR reviews**: Always verify any new dependencies or suggested libraries are license-compatible
-- **When in doubt**: Ask about licensing compatibility rather than assuming
-
-**This is non-negotiable** - licensing violations can create serious legal issues for the project.
-
-## Quick Reference
-
-Most commonly used commands and patterns:
-
-```bash
-# Testing
-ansible-test sanity -v --docker default                   # Run all sanity tests
-ansible-test sanity -v --docker default --test <test>     # Run specific sanity test
-ansible-test units -v --docker default                    # Run unit tests
-ansible-test integration -v --docker ubuntu2404           # Run integration tests
-
-# PR Review and CI
-gh pr view <number>                                       # Get PR details
-gh pr view <number> --comments                            # Check for ansibot CI failures
-gh pr checks <number>                                     # Get Azure Pipelines URLs
-gh pr checkout <number>                                   # Switch to PR branch
-gh pr diff <number>                                       # See all changes
-```
-
-**Container Selection:**
-
-- Sanity/Unit tests: `--docker default`
-- Integration tests: `--docker ubuntu2204`, `--docker ubuntu2404`, etc. (NOT default/base)
-
-**Critical Reminders:**
-
-- **Licensing**: See [Licensing Requirements](#️-critical-licensing-requirements) - GPLv3/BSD-2-Clause only
-
-## Development Environment Setup
-
-Ansible development typically uses an editable install after forking and cloning:
-
-```bash
-# After forking and cloning the repository
-pip install -e .
-```
-
-**Note:** ansible-core and all CLIs (including ansible-test) require a POSIX OS. On Windows, use WSL (Windows Subsystem for Linux).
-
-## Testing and CI
-
-### Basic Testing Commands
-
-```bash
-# Run sanity tests - these are linting/static analysis (pylint, mypy, pep8, etc.)
-ansible-test sanity -v --docker default
-
-# List available sanity tests
-ansible-test sanity --list-tests
-
-# Run specific sanity tests
-ansible-test sanity -v --docker default --test pep8 --test pylint
-
-# Run sanity on specific files (paths relative to repo root)
-ansible-test sanity -v --docker default lib/ansible/modules/command.py
-
-# Run unit tests (recommended with Docker)
-ansible-test units -v --docker default
-
-# Run specific unit test (paths relative to repo root, targets in test/units/)
-ansible-test units -v --docker default test/units/modules/test_command.py
-
-# Run integration tests (choose appropriate container - NOT base/default)
-ansible-test integration -v --docker ubuntu2404
-
-# Run specific integration target (directory name in test/integration/targets/)
-ansible-test integration -v --docker ubuntu2404 setup_remote_tmp_dir
-
-# Run with coverage
-ansible-test units -v --docker default --coverage
-
-# Alternative: use --venv if Docker/Podman unavailable (less reliable for units/integration)
-ansible-test sanity -v --venv
-```
-
-Available Docker containers for testing can be found in `./test/lib/ansible_test/_data/completion/docker.txt`.
-The `base` and `default` containers are for sanity/unit tests only. For integration tests, use distro-specific
-containers, depending on the modules being tested.
-
-**Test isolation options:**
-
-- `--docker` (supports Docker or Podman) - preferred for reliable, isolated testing
-- `--venv` - fallback when containers unavailable, but unit tests may be unreliable due to host environment differences
-
-### Helping Developers with CI Failures
-
-When developers submit PRs and encounter CI failures, use these approaches to help diagnose and resolve issues:
-
-**1. Check for ansibot comments:**
-
-```bash
-# Get all PR comments to find ansibot CI failure reports
-gh pr view <number> --comments
-```
-
-Look for comments from `ansibot` that contain:
-- Test failure details with specific error messages
-- File paths and line numbers for failures
-- Links to sanity test documentation (e.g., `[explain](https://docs.ansible.com/...`)
-
-**2. Get CI check status and URLs:**
-
-```bash
-# See all CI check results with Azure Pipelines URLs
-gh pr checks <number>
-```
-
-This shows:
-- Overall CI status (pass/fail) with timing
-- Direct links to Azure DevOps build results
-- Individual job results (Sanity Test 1/2, Docker tests, Units, etc.)
-
-**3. Common CI failure patterns:**
-
-- **Sanity failures**: Usually have specific fixes (trailing whitespace, import errors, etc.)
-- **Integration test failures**: May require platform-specific containers or test adjustments
-- **Unit test failures**: Often indicate actual code issues that need debugging
-
-**4. CI failure analysis workflow:**
-
-1. Check ansibot comments first for immediate error details
-2. Use `gh pr checks <number>` to get Azure Pipelines URLs for detailed logs
-3. Focus on failed jobs (marked as `fail`) and examine their specific error output
-4. For sanity test failures, the error messages usually indicate exactly what needs to be fixed
-5. For test failures, run the same tests locally using `ansible-test` to reproduce and debug
-
-## PR Review Guidelines
-
-### PR Review Checklist
-
-Use this checklist for EVERY PR review:
-
-```text
-□ Created TodoWrite list for review steps
-□ Step 1: Get PR details with gh pr view <number>
-□ Step 2: Get PR diff with gh pr diff <number>
-□ Step 3: Check required components (changelog, tests)
-□ Step 4: Checkout PR branch with gh pr checkout <number>
-□ Step 5: Review existing feedback with gh pr view <number> --comments
-□ Step 6: Verify all issues addressed
-□ Step 7: Call out any unresolved feedback
-□ Mark each TodoWrite item as completed when done
-```
-
-When assisting with PR reviews, verify:
-
-### Required Components
-
-- Changelog fragment exists in `changelogs/fragments/`
-- Appropriate tests are included and cover the changed code
-  - Unit tests should be pytest style, and functional rather than tightly coupled to mocking
-  - Integration tests required for almost all plugin changes (tests the public API)
-  - Tests should exercise the actual changed code, not just add random coverage
-
-### Review Process
-
-Follow these steps in order for thorough PR reviews:
-
-1. **Get PR details**: Use `gh pr view <number>` to understand the PR scope and description
-2. **Get PR diff**: Use `gh pr diff <number>` to see all changes
-3. **Check required components FIRST**:
-   - Verify changelog fragment exists and uses correct section (check `changelogs/config.yaml` for valid sections)
-   - Verify tests exist and specifically cover the changed code paths
-4. **Checkout PR branch**: Use `gh pr checkout <number>` to examine code holistically with changes applied
-5. **Review existing feedback**: Use `gh pr view <number> --comments` to see all comments and previous review feedback
-6. **Verify all issues addressed**: Ensure all bot failures, reviewer requests, and discussion points are resolved
-7. **Call out any unresolved review feedback**: Explicitly mention any discussions or requests that remain unaddressed
-
-### Common Review Issues to Check
-
-- **Changelog section errors**: Verify changelog uses valid section from `changelogs/config.yaml`. Fragment structure follows sections defined there.
-- **Test scope**: Ensure tests exercise the actual changed code, not just add random coverage.
-  Integration tests required for almost all plugin changes (tests the public API).
-  Tests should be functional rather than tightly coupled to mocking.
-
-### Review Task Management
-
-- Use TodoWrite tool to track review steps for complex PRs
-- Mark tasks as in_progress when actively working on them
-- Complete tasks immediately after finishing each step
-- This provides visibility to users about review progress
-
-### Review Tools
-
-- `gh pr view <number>` - Get PR details and description
-- `gh pr view <number> --comments` - See all comments and review feedback
-- `gh pr diff <number>` - Get complete diff of changes
-- `gh pr checkout <number>` - Switch to PR branch for holistic examination
-- `Read` tool - Examine specific changed files in detail
-- `Grep` tool - Search for related code patterns or test coverage (uses ripgrep/rg)
-
-## Development Guidelines
-
-### Code Style Notes
-
-- Line limit is 160 characters (not 80)
-- E402 (module level import not at top) is ignored
-- In `lib/ansible/modules/`, imports must come after DOCUMENTATION, EXAMPLES, and RETURN definitions
-- Don't add obvious comments about code
-- Use native type hints with `from __future__ import annotations` (converts to strings at runtime)
-- Don't document module parameters in docstrings - migrate to type hints instead
-- **No trailing whitespace**: Always clean up trailing spaces on lines, especially when editing existing files
-
-### Python Version Support
-
-- Controller code: support range defined in `pyproject.toml`
-- Modules/module_utils: minimum version in `lib/ansible/module_utils/basic.py` (`_PY_MIN`) up to max from `pyproject.toml`
-- Modules support a wider Python version range than controller code
-
-### Dependencies and Imports
-
-- Prefer Python stdlib over external dependencies
-- Use existing code from within the Ansible project
-- `lib/ansible/modules/` can only import from `lib/ansible/module_utils/` (modules are packaged for remote execution)
-- `lib/ansible/module_utils/` cannot import from outside itself
-
-## Documentation Standards
-
-### Module and Plugin Documentation
-
-- Modules and plugins require DOCUMENTATION, EXAMPLES, and RETURN blocks as static YAML string variables
-- These blocks cannot be dynamically generated - they are parsed via AST/token parsing
-- Alternative: "sidecar" documentation as `.yml` files with same stem name adjacent to plugin files
-- All modules should have a `main()` function and `if __name__ == '__main__':` block
-- Use `version_added` fields in documentation following existing version format patterns
-
-### Changelog Requirements
-
-- Changes require entries in `changelogs/fragments/` as YAML files
-- Create a new fragment file per PR (never reuse existing fragments to avoid merge conflicts)
-- Fragment structure follows sections defined in `changelogs/config.yaml` under the `sections` key
-- Naming: `{issue_number}-{short-description}.yml` or `{component}-{description}.yml` if no issue
-- Format: `- {component} - {description} ({optional URL to GH issue})`
-- Content supports Sphinx markup (use double backticks for code references)
-
-## Repository Management
-
-### Plugin Development
-
-- New plugins should go into collections, not ansible-core
-- ansible-core rarely accepts new plugins; core team makes these decisions
-
-### Branch and Release Management
-
-- All PRs target the `devel` branch
-- Use GitHub templates when creating issues/PRs (`.github/ISSUE_TEMPLATE/` and `.github/PULL_REQUEST_TEMPLATE/`)
-- For issues: fill out the `component` field with project root relative file path
-- For PRs: adjust the issue type in the template as listed in `.github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md`
-- Validate issues are fixed in `devel` before reporting against stable releases
-- Bug fixes: backported to latest stable only
-- Critical bug fixes: backported to latest and previous stable
-- Security issues: contact security@ansible.com privately, not via GitHub
-
-### Backwards Compatibility
-
-- Backwards compatibility is prioritized over most other concerns
-- Deprecation cycle: 4 releases (deprecation + 2 releases + removal)
-- Use `Display.deprecated` or `AnsibleModule.deprecate` with version from `lib/ansible/release.py` plus 3
-- Example: deprecating in 2.19 means removal in 2.22
-
-## Code Structure Reference
-
-### Core Structure
-
-- `lib/ansible/` - Main Ansible library code
-  - `cli/` - Command-line interface implementations (ansible, ansible-playbook, etc.)
-  - `executor/` - Task execution engine and strategies (includes PowerShell support in `powershell/`)
-  - `inventory/` - Inventory management and parsing
-  - `modules/` - Core modules (built-in automation modules)
-  - `module_utils/` - Shared utilities for modules (includes C# in `csharp/` and PowerShell in `powershell/`)
-  - `plugins/` - Plugin framework (filters, tests, lookups, etc.)
-  - `vars/` - Variable management
-  - `config/` - Configuration handling
-  - `collections/` - Ansible Collections framework
-
-### Key Components
-
-- **CLI Layer**: Entry points in `lib/ansible/cli/` handle command parsing and dispatch
-- **Executor**: `lib/ansible/executor/` contains the core execution engine that runs tasks and plays
-- **Module System**: Modules in `lib/ansible/modules/` are the units of work; they're executed remotely
-- **Plugin Architecture**: `lib/ansible/plugins/` provides extensibility through filters, tests, lookups, etc.
-- **Inventory**: `lib/ansible/inventory/` manages host and group definitions
-- **Collections**: Modern packaging format for distributing Ansible content
-
-### Testing Infrastructure
-
-- `test/units/` - Unit tests mirroring the lib structure
-- `test/integration/` - Integration tests organized by target (named after plugin/functionality being tested)
-  - Some targets have `context/controller` or `context/target` in their `aliases` file when not easily inferable
-  - Only modules run on target hosts; all other plugins execute locally in the ansible process
-- `test/lib/` - Test utilities and frameworks
-- `ansible-test` - Unified testing tool for all test types
-
-For CI failure debugging, see [Helping Developers with CI Failures](#helping-developers-with-ci-failures).

CLAUDE.md

@@ -1,3 +0,0 @@
-- @AGENTS.md
-- @~/.claude/ansible.md
-- @CLAUDE.local.md

MANIFEST.in

@@ -1,10 +1,11 @@
 include COPYING
+include bin/*
 include changelogs/CHANGELOG*.rst
 include changelogs/changelog.yaml
 include licenses/*.txt
 include requirements.txt
 recursive-include packaging *.py *.j2
 recursive-include test/integration *
-recursive-include test/sanity *.in *.json *.py *.txt *.ini
+recursive-include test/sanity *.in *.json *.py *.txt
 recursive-include test/support *.py *.ps1 *.psm1 *.cs *.md
 recursive-include test/units *

README.md

@@ -1,9 +1,9 @@
 [![PyPI version](https://img.shields.io/pypi/v/ansible-core.svg)](https://pypi.org/project/ansible-core)
 [![Docs badge](https://img.shields.io/badge/docs-latest-brightgreen.svg)](https://docs.ansible.com/ansible/latest/)
-[![Chat badge](https://img.shields.io/badge/chat-IRC-brightgreen.svg)](https://docs.ansible.com/ansible/devel/community/communication.html)
+[![Chat badge](https://img.shields.io/badge/chat-IRC-brightgreen.svg)](https://docs.ansible.com/ansible/latest/community/communication.html)
 [![Build Status](https://dev.azure.com/ansible/ansible/_apis/build/status/CI?branchName=devel)](https://dev.azure.com/ansible/ansible/_build/latest?definitionId=20&branchName=devel)
-[![Ansible Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg)](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html)
-[![Ansible mailing lists](https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg)](https://docs.ansible.com/ansible/devel/community/communication.html#mailing-list-information)
+[![Ansible Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
+[![Ansible mailing lists](https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg)](https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information)
 [![Repository License](https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg)](COPYING)
 [![Ansible CII Best Practices certification](https://bestpractices.coreinfrastructure.org/projects/2372/badge)](https://bestpractices.coreinfrastructure.org/projects/2372)
 
@@ -40,33 +40,21 @@ features and fixes, directly. Although it is reasonably stable, you are more lik
 breaking changes when running the `devel` branch. We recommend getting involved
 in the Ansible community if you want to run the `devel` branch.
 
-## Communication
+## Get Involved
 
-Join the Ansible forum to ask questions, get help, and interact with the
-community.
-
-* [Get Help](https://forum.ansible.com/c/help/6): Find help or share your Ansible knowledge to help others.
-  Use tags to filter and subscribe to posts, such as the following:
-  * Posts tagged with [ansible](https://forum.ansible.com/tag/ansible)
-  * Posts tagged with [ansible-core](https://forum.ansible.com/tag/ansible-core)
-  * Posts tagged with [playbook](https://forum.ansible.com/tag/playbook)
-* [Social Spaces](https://forum.ansible.com/c/chat/4): Meet and interact with fellow enthusiasts.
-* [News & Announcements](https://forum.ansible.com/c/news/5): Track project-wide announcements including social events.
-* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): Get release announcements and important changes.
-
-For more ways to get in touch, see [Communicating with the Ansible community](https://docs.ansible.com/ansible/devel/community/communication.html).
-
-## Contribute to Ansible
-
-* Check out the [Contributor's Guide](./.github/CONTRIBUTING.md).
-* Read [Community Information](https://docs.ansible.com/ansible/devel/community) for all
+* Read [Community Information](https://docs.ansible.com/ansible/latest/community) for all
   kinds of ways to contribute to and interact with the project,
-  including how to submit bug reports and code to Ansible.
+  including mailing list information and how to submit bug reports and
+  code to Ansible.
+* Join a [Working Group](https://docs.ansible.com/ansible/devel/community/communication.html#working-groups),
+  an organized community devoted to a specific technology domain or platform.
 * Submit a proposed code update through a pull request to the `devel` branch.
 * Talk to us before making larger changes
   to avoid duplicate efforts. This not only helps everyone
   know what is going on, but it also helps save time and effort if we decide
   some changes are needed.
+* For a list of email lists, IRC channels and Working Groups, see the
+  [Communication page](https://docs.ansible.com/ansible/devel/community/communication.html)
 
 ## Coding Guidelines
 
@@ -79,7 +67,7 @@ We document our Coding Guidelines in the [Developer Guide](https://docs.ansible.
 
 * The `devel` branch corresponds to the release actively under development.
 * The `stable-2.X` branches correspond to stable releases.
-* Create a branch based on `devel` and set up a [dev environment](https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_general.html#common-environment-setup) if you want to open a PR.
+* Create a branch based on `devel` and set up a [dev environment](https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#common-environment-setup) if you want to open a PR.
 * See the [Ansible release and maintenance](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html) page for information about active branches.
 
 ## Roadmap

bin/ansible-connection

@@ -0,0 +1 @@
+../lib/ansible/cli/scripts/ansible_connection_cli_stub.py

changelogs/CHANGELOG-v2.17.rst

@@ -0,0 +1,520 @@
+==============================================
+ansible-core 2.17 "Gallows Pole" Release Notes
+==============================================
+
+.. contents:: Topics
+
+v2.17.11rc1
+===========
+
+Release Summary
+---------------
+
+| Release Date: 2025-04-14
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Bugfixes
+--------
+
+- build - Pin ``wheel`` in ``pyproject.toml`` to ensure compatibility with supported ``setuptools`` versions.
+- gather_facts action, will now add setup when 'smart' appears with other modules in the FACTS_MODULES setting (#84750).
+
+v2.17.10
+========
+
+Release Summary
+---------------
+
+| Release Date: 2025-03-25
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Bugfixes
+--------
+
+- Windows - add support for running on system where WDAC is in audit mode with ``Dynamic Code Security`` enabled.
+
+v2.17.9
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2025-02-24
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Minor Changes
+-------------
+
+- ansible-test - Automatically retry HTTP GET/PUT/DELETE requests on exceptions.
+- ansible-test - Use Python's ``urllib`` instead of ``curl`` for HTTP requests.
+
+Bugfixes
+--------
+
+- include_vars - fixed erroneous warning if an unreserved variable name contains a single character that matches a reserved variable. (https://github.com/ansible/ansible/issues/84623)
+
+v2.17.8
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2025-01-27
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Bugfixes
+--------
+
+- Ansible will now also warn when reserved keywords are set via a module (set_fact, include_vars, etc).
+- Ansible.Basic - Fix ``required_if`` check when the option value to check is unset or set to null.
+- Use consistent multiprocessing context for action write locks
+- ansible-test - Fix up coverage reporting to properly translate the temporary path of integration test modules to the expected static test module path.
+- ansible-vault will now correctly handle `--prompt`, previously it would issue an error about stdin if no 2nd argument was passed
+- copy action now prevents user from setting internal options.
+- gather_facts action now defaults to `ansible.legacy.setup` if `smart` was set, no network OS was found and no other alias for `setup` was present.
+- gather_facts action will now issues errors and warnings as appropriate if a network OS is detected but no facts modules are defined for it.
+- ssh - connection options were incorrectly templated during ``reset_connection`` tasks (https://github.com/ansible/ansible/pull/84238).
+
+v2.17.7
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-12-02
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Minor Changes
+-------------
+
+- remove extraneous selinux import (https://github.com/ansible/ansible/issues/83657).
+
+Security Fixes
+--------------
+
+- Templating will not prefer AnsibleUnsafe when a variable is referenced via hostvars - CVE-2024-11079
+
+Bugfixes
+--------
+
+- Fix returning 'unreachable' for the overall task result. This prevents false positives when a looped task has unignored unreachable items (https://github.com/ansible/ansible/issues/84019).
+- ansible-test - Fix traceback that occurs after an interactive command fails.
+- dnf5 - fix installing a package using ``state=latest`` when a binary of the same name as the package is already installed (https://github.com/ansible/ansible/issues/84259)
+- dnf5 - matching on a binary can be achieved only by specifying a full path (https://github.com/ansible/ansible/issues/84334)
+
+v2.17.6
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-11-04
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Minor Changes
+-------------
+
+- ansible-test - Improve container runtime probe error handling. When unexpected probe output is encountered, an error with more useful debugging information is provided.
+
+Security Fixes
+--------------
+
+- include_vars action - Ensure that result masking is correctly requested when vault-encrypted files are read. (CVE-2024-8775)
+- task result processing - Ensure that action-sourced result masking (``_ansible_no_log=True``) is preserved. (CVE-2024-8775)
+- user action won't allow ssh-keygen, chown and chmod to run on existing ssh public key file, avoiding traversal on existing symlinks (CVE-2024-9902).
+
+Bugfixes
+--------
+
+- Fix disabling SSL verification when installing collections and roles from git repositories. If ``--ignore-certs`` isn't provided, the value for the ``GALAXY_IGNORE_CERTS`` configuration option will be used (https://github.com/ansible/ansible/issues/83326).
+- Improve performance on large inventories by reducing the number of implicit meta tasks.
+- Use the requested error message in the ansible.module_utils.facts.timeout timeout function instead of hardcoding one.
+- ansible-test - Enable the ``sys.unraisablehook`` work-around for the ``pylint`` sanity test on Python 3.11. Previously the work-around was only enabled for Python 3.12 and later. However, the same issue has been discovered on Python 3.11.
+- debconf - set empty password values (https://github.com/ansible/ansible/issues/83214).
+- facts - skip if distribution file path is directory, instead of raising error (https://github.com/ansible/ansible/issues/84006).
+- user action will now require O(force) to overwrite the public part of an ssh key when generating ssh keys, as was already the case for the private part.
+- user module now avoids changing ownership of files symlinked in provided home dir skeleton
+
+v2.17.5
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-10-07
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Bugfixes
+--------
+
+- Add descriptions for ``ansible-galaxy install --help` and ``ansible-galaxy role|collection install --help``.
+- Errors now preserve stacked error messages even when YAML is involved.
+- ``ansible-galaxy install --help`` - Fix the usage text and document that the requirements file passed to ``-r`` can include collections and roles.
+- copy - mtime/atime not updated. Fix now update mtime/atime(https://github.com/ansible/ansible/issues/83013)
+- delay keyword is now a float, matching the underlying 'time' API and user expectations.
+- dnf5 - re-introduce the ``state: installed`` alias to ``state: present`` (https://github.com/ansible/ansible/issues/83960)
+- module_utils atomic_move (used by most file based modules), now correctly handles permission copy and setting mtime correctly across all paths
+
+v2.17.4
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-09-09
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Bugfixes
+--------
+
+- Fix ``SemanticVersion.parse()`` to store the version string so that ``__repr__`` reports it instead of ``None`` (https://github.com/ansible/ansible/pull/83831).
+- Fix an issue where registered variable was not available for templating in ``loop_control.label`` on skipped looped tasks (https://github.com/ansible/ansible/issues/83619)
+- Fix for ``meta`` tasks breaking host/fork affinity with ``host_pinned`` strategy (https://github.com/ansible/ansible/issues/83294)
+- Fix using the current task's directory for looking up relative paths within roles (https://github.com/ansible/ansible/issues/82695).
+- atomic_move - fix using the setgid bit on the parent directory when creating files (https://github.com/ansible/ansible/issues/46742, https://github.com/ansible/ansible/issues/67177).
+- connection plugins using the 'extras' option feature would need variables to match the plugin's loaded name, sometimes requiring fqcn, which is not the same as the documented/declared/expected variables. Now we fall back to the 'basename' of the fqcn, but plugin authors can still set the expected value directly.
+- csvfile lookup - give an error when no search term is provided using modern config syntax (https://github.com/ansible/ansible/issues/83689).
+- include_tasks - Display location when attempting to load a task list where ``include_*`` did not specify any value - https://github.com/ansible/ansible/issues/83874
+- powershell - Improve CLIXML decoding to decode all control characters and unicode characters that are encoded as surrogate pairs.
+- psrp - Fix bug when attempting to fetch a file path that contains special glob characters like ``[]``
+- runtime-metadata sanity test - do not crash on deprecations if ``galaxy.yml`` contains an empty ``version`` field (https://github.com/ansible/ansible/pull/83831).
+- ssh - Fix bug when attempting to fetch a file path with characters that should be quoted when using the ``piped`` transfer method
+
+v2.17.3
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-08-12
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Minor Changes
+-------------
+
+- ansible-test - Improve the error message shown when an unknown ``--remote`` or ``--docker`` option is given.
+- ansible-test - Removed the ``vyos/1.1.8`` network remote as it is no longer functional.
+
+Bugfixes
+--------
+
+- Warning now includes filename and line number of variable when specifying a list of dictionaries for vars (https://github.com/ansible/ansible/issues/82528).
+- config, restored the ability to set module compression via a variable
+- debconf - fix normalization of value representation for boolean vtypes in new packages (https://github.com/ansible/ansible/issues/83594)
+- linear strategy: fix handlers included via ``include_tasks`` handler to be executed in lockstep (https://github.com/ansible/ansible/issues/83019)
+
+v2.17.2
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-07-15
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Bugfixes
+--------
+
+- Fix a traceback when an environment variable contains certain special characters (https://github.com/ansible/ansible/issues/83498)
+- dnf - reverted incomplete fix from 2.17.2rc1 (https://github.com/ansible/ansible/pull/83504)
+- dnf, dnf5 - fix for installing a set of packages by specifying them using a wildcard character (https://github.com/ansible/ansible/issues/83373)
+- linear strategy now provides a properly templated task name to the v2_runner_on_started callback event.
+- package_facts - ignore warnings sent by apk on stderr (https://github.com/ansible/ansible/issues/83501).
+- replace - Updated before/after example (https://github.com/ansible/ansible/issues/83390).
+- templating hostvars under native jinja will not cause serialization errors anymore.
+
+v2.17.1
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-06-17
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Minor Changes
+-------------
+
+- ansible-test - Update ``pypi-test-container`` to version 3.1.0.
+
+Bugfixes
+--------
+
+- Fix rapid memory usage growth when notifying handlers using the ``listen`` keyword (https://github.com/ansible/ansible/issues/83392)
+- Fix the task attribute ``resolved_action`` to show the FQCN instead of ``None`` when ``action`` or ``local_action`` is used in the playbook.
+- Fix using ``module_defaults`` with ``local_action``/``action`` (https://github.com/ansible/ansible/issues/81905).
+- fixed unit test test_borken_cowsay to address mock not been properly applied when existing unix system already have cowsay installed.
+- powershell - Implement more robust deletion mechanism for C# code compilation temporary files. This should avoid scenarios where the underlying temporary directory may be temporarily locked by antivirus tools or other IO problems. A failure to delete one of these temporary directories will result in a warning rather than an outright failure.
+- shell plugin - properly quote all needed components of shell commands (https://github.com/ansible/ansible/issues/82535)
+
+v2.17.0
+=======
+
+Release Summary
+---------------
+
+| Release Date: 2024-05-20
+| `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__
+
+Major Changes
+-------------
+
+- urls.py - Removed support for Python 2
+
+Minor Changes
+-------------
+
+- Add ``dump`` and ``passno`` mount information to facts component (https://github.com/ansible/ansible/issues/80478)
+- Added MIRACLE LINUX 9.2 in RedHat OS Family.
+- Interpreter Discovery - Remove hardcoded references to specific python interpreters to use for certain distro versions, and modify logic for python3 to become the default.
+- Use Python's built-in ``functools.update_wrapper`` instead an inline copy from Python 3.7.
+- User can now set ansible.log to record higher verbosity than what is specified for display via new configuration item LOG_VERBOSITY.
+- ``DEFAULT_PRIVATE_ROLE_VARS`` is now overridden by explicit setting of ``public`` for ``include_roles`` and ``import_roles``.
+- ``ansible-galaxy role|collection init`` - accept ``--extra-vars`` to supplement/override the variables ``ansible-galaxy`` injects for templating ``.j2`` files in the skeleton.
+- ``import_role`` action now also gets a ``public`` option that controls variable exports,  default depending on ``DEFAULT_PRIVATE_ROLE_VARS`` (if using defaults equates to ``public=True``).
+- added configuration item ``TARGET_LOG_INFO`` that allows the user/author to add an information string to the log output on targets.
+- ansible-doc - treat double newlines in documentation strings as paragraph breaks. This is useful to create multi-paragraph notes in module/plugin documentation (https://github.com/ansible/ansible/pull/82465).
+- ansible-doc output has been revamped to make it more visually pleasing when going to a terminal, also more concise, use -v to show extra information.
+- ansible-galaxy - Started normalizing build directory with a trailing separator when building collections, internally. (https://github.com/ansible/ansible/pull/81619).
+- ansible-galaxy dependency resolution messages have changed the unexplained 'virtual' collection for the specific type ('scm', 'dir', etc) that is more user friendly
+- ansible-test - Add Alpine 3.19 container.
+- ansible-test - Add Alpine 3.19 to remotes.
+- ansible-test - Add Fedora 39 container.
+- ansible-test - Add Fedora 39 remote.
+- ansible-test - Add a work-around for permission denied errors when using ``pytest >= 8`` on multi-user systems with an installed version of ``ansible-test``.
+- ansible-test - Add support for RHEL 9.3 remotes.
+- ansible-test - Added a macOS 14.3 remote VM.
+- ansible-test - Bump the ``nios-test-container`` from version 2.0.0 to version 3.0.0.
+- ansible-test - Containers and remotes managed by ansible-test will have their Python ``EXTERNALLY-MANAGED`` marker (PEP668) removed. This provides backwards compatibility for existing tests running in newer environments which mark their Python as externally managed. A future version of ansible-test may change this behavior, requiring tests to be adapted to such environments.
+- ansible-test - Make Python 3.12 the default version used in the ``base`` and ``default`` containers.
+- ansible-test - Remove Alpine 3(.18) container.
+- ansible-test - Remove Alpine 3.18 from remotes.
+- ansible-test - Remove Fedora 38 remote support.
+- ansible-test - Remove Fedora 38 test container.
+- ansible-test - Remove rhel/9.2 test remote
+- ansible-test - Remove the FreeBSD 13.2 remote.
+- ansible-test - Removed fallback to ``virtualenv`` when ``-m venv`` is non-functional.
+- ansible-test - Removed test remotes: macos/13.2
+- ansible-test - Removed the ``no-basestring`` sanity test. The test is no longer necessary now that Python 3 is required.
+- ansible-test - Removed the ``no-dict-iteritems``, ``no-dict-iterkeys`` and ``no-dict-itervalues`` sanity tests. The tests are no longer necessary since Python 3 is required.
+- ansible-test - Removed the ``no-main-display`` sanity test. The unwanted pattern is unlikely to occur, since the test has existed since Ansible 2.8.
+- ansible-test - Removed the ``no-unicode-literals`` sanity test. The test is unnecessary now that Python 3 is required and the ``unicode_literals`` feature has no effect.
+- ansible-test - Special handling for installation of ``cryptography`` has been removed, as it is no longer necessary.
+- ansible-test - The ``shellcheck`` sanity test no longer disables the ``SC2164`` check. In most cases, seeing this error means the script is missing ``set -e``.
+- ansible-test - The ``unidiomatic-typecheck`` rule has been enabled in the ``pylint`` sanity test.
+- ansible-test - The ``unidiomatic-typecheck`` rule has been removed from the ``validate-modules`` sanity test.
+- ansible-test - Update the base and default containers to use Ubuntu 22.04 for the base image. This also updates PowerShell to version 7.4.0 with .NET 8.0.0 and ShellCheck to version 0.8.0.
+- ansible-test - Updated the CloudStack test container to version 1.7.0.
+- ansible-test - Updated the distro test containers to version 6.3.0 to include coverage 7.3.2 for Python 3.8+. The alpine3 container is now based on 3.18 instead of 3.17 and includes Python 3.11 instead of Python 3.10.
+- ansible-test - Updated the distro test containers to version 7.1.0.
+- ansible-test - When ansible-test installs requirements, it now instructs pip to allow installs on externally managed environments as defined by PEP 668. This only occurs in ephemeral environments managed by ansible-test, such as containers, or when the `--requirements` option is used.
+- ansible-test - When invoking ``sleep`` in containers during container setup, the ``env`` command is used to avoid invoking the shell builtin, if present.
+- ansible-test - document block name now included in error message for YAML parsing errors (https://github.com/ansible/ansible/issues/82353).
+- ansible-test - sanity test allows ``EXAMPLES`` to be multi-document YAML (https://github.com/ansible/ansible/issues/82353).
+- ansible-test now has FreeBSD 13.3 and 14.0 support
+- ansible.builtin.user - Remove user not found warning (https://github.com/ansible/ansible/issues/80267)
+- apt_repository.py - use api.launchpad.net endpoint instead of launchpad.net/api
+- async tasks can now also support check mode at the same time.
+- async_status now supports check mode.
+- constructed inventory plugin - Adding a note that only group_vars of explicit groups are loaded (https://github.com/ansible/ansible/pull/82580).
+- csvfile - add a keycol parameter to specify in which column to search.
+- dnf - add the ``best`` option
+- dnf5 - add the ``best`` option
+- filter plugin - Add the count and mandatory_count parameters in the regex_replace filter
+- find - add a encoding parameter to specify which encoding of the files to be searched.
+- git module - gpg_allowlist name was added in 2.17 and we will eventually deprecate the gpg_whitelist alias.
+- import_role - allow subdirectories with ``_from`` options for parity with ``include_role`` (https://github.com/ansible/ansible/issues/82584).
+- module argument spec - Allow module authors to include arbitrary additional context in the argument spec, by making use of a new top level key called ``context``. This key should be a dict type. This allows for users to customize what they place in the argument spec, without having to ignore sanity tests that validate the schema.
+- modules - Add the ability for an action plugin to call ``self._execute_module(*, ignore_unknown_opts=True)`` to execute a module with options that may not be supported for the version being called. This tells the module basic wrapper to ignore validating the options provided match the arg spec.
+- package action now has a configuration that overrides the detected package manager, it is still overridden itself by the use option.
+- py3compat - Remove ``ansible.utils.py3compat`` as it is no longer necessary
+- removed the unused argument ``create_new_password`` from ``CLI.build_vault_ids`` (https://github.com/ansible/ansible/pull/82066).
+- urls - Add support for TLS 1.3 post handshake certificate authentication - https://github.com/ansible/ansible/issues/81782
+- urls - reduce complexity of ``Request.open``
+- user - accept yescrypt hash as user password
+- validate-modules tests now correctly handles ``choices`` in dictionary format.
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.
+
+Deprecated Features
+-------------------
+
+- Old style vars plugins which use the entrypoints `get_host_vars` or `get_group_vars` are deprecated. The plugin should be updated to inherit from `BaseVarsPlugin` and define a `get_vars` method as the entrypoint.
+- The 'required' parameter in 'ansible.module_utils.common.process.get_bin_path' API is deprecated (https://github.com/ansible/ansible/issues/82464).
+- ``module_utils`` - importing the following convenience helpers from ``ansible.module_utils.basic`` has been deprecated: ``get_exception``, ``literal_eval``, ``_literal_eval``, ``datetime``, ``signal``, ``types``, ``chain``, ``repeat``, ``PY2``, ``PY3``, ``b``, ``binary_type``, ``integer_types``, ``iteritems``, ``string_types``, ``test_type``, ``map`` and ``shlex_quote``.
+- ansible-doc - role entrypoint attributes are deprecated and eventually will no longer be shown in ansible-doc from ansible-core 2.20 on (https://github.com/ansible/ansible/issues/82639, https://github.com/ansible/ansible/pull/82678).
+- paramiko connection plugin, configuration items in the global scope are being deprecated and will be removed in favor or the existing same options in the plugin itself. Users should not need to change anything (how to configure them are the same) but plugin authors using the global constants should move to using the plugin's get_option().
+
+Removed Features (previously deprecated)
+----------------------------------------
+
+- Remove deprecated APIs from ansible-docs (https://github.com/ansible/ansible/issues/81716).
+- Remove deprecated JINJA2_NATIVE_WARNING environment variable (https://github.com/ansible/ansible/issues/81714)
+- Remove deprecated ``scp_if_ssh`` from ssh connection plugin (https://github.com/ansible/ansible/issues/81715).
+- Remove deprecated crypt support from ansible.utils.encrypt (https://github.com/ansible/ansible/issues/81717)
+- Removed Python 2.7 and Python 3.6 as a supported remote version. Python 3.7+ is now required for target execution.
+- With the removal of Python 2 support, the yum module and yum action plugin are removed and redirected to ``dnf``.
+
+Security Fixes
+--------------
+
+- ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690)
+- ansible-galaxy - Prevent roles from using symlinks to overwrite files outside of the installation directory (CVE-2023-5115)
+- templating - Address issues where internal templating can cause unsafe variables to lose their unsafe designation (CVE-2023-5764)
+
+Bugfixes
+--------
+
+- Add a version ceiling constraint for pypsrp to avoid potential breaking changes in the 1.0.0 release.
+- All core lookups now use set_option(s) even when doing their own custom parsing. This ensures that the options are always the proper type.
+- Allow for searching handler subdir for included task via include_role (https://github.com/ansible/ansible/issues/81722)
+- AnsibleModule.atomic_move - fix preserving extended ACLs of the destination when it exists (https://github.com/ansible/ansible/issues/72929).
+- Cache host_group_vars after instantiating it once and limit the amount of repetitive work it needs to do every time it runs.
+- Call PluginLoader.all() once for vars plugins, and load vars plugins that run automatically or are enabled specifically by name subsequently.
+- Consolidate systemd detection logic into one place (https://github.com/ansible/ansible/issues/80975).
+- Consolidated the list of internal static vars, centralized them as constant and completed from some missing entries.
+- Do not print undefined error message twice (https://github.com/ansible/ansible/issues/78703).
+- Enable file cache for vaulted files during vars lookup to fix a strong performance penalty in huge and complex playbboks.
+- Fix NEVRA parsing of package names that include digit(s) in them (https://github.com/ansible/ansible/issues/76463, https://github.com/ansible/ansible/issues/81018)
+- Fix ``force_handlers`` not working with ``any_errors_fatal`` (https://github.com/ansible/ansible/issues/36308)
+- Fix ``run_once`` being incorrectly interpreted on handlers (https://github.com/ansible/ansible/issues/81666)
+- Fix an issue when setting a plugin name from an unsafe source resulted in ``ValueError: unmarshallable object`` (https://github.com/ansible/ansible/issues/82708)
+- Fix check for missing _sub_plugin attribute in older connection plugins (https://github.com/ansible/ansible/pull/82954)
+- Fix condition for unquoting configuration strings from ini files (https://github.com/ansible/ansible/issues/82387).
+- Fix for when ``any_errors_fatal`` was ignored if error occurred in a block with always (https://github.com/ansible/ansible/issues/31543)
+- Fix handlers not being executed in lockstep using the linear strategy in some cases (https://github.com/ansible/ansible/issues/82307)
+- Fix handling missing urls in ansible.module_utils.urls.fetch_file for Python 3.
+- Fix issue where an ``include_tasks`` handler in a role was not able to locate a file in ``tasks/`` when ``tasks_from`` was used as a role entry point and ``main.yml`` was not present (https://github.com/ansible/ansible/issues/82241)
+- Fix issues when tasks withing nested blocks wouldn't run when ``force_handlers`` is set (https://github.com/ansible/ansible/issues/81533)
+- Fix loading vars_plugins in roles (https://github.com/ansible/ansible/issues/82239).
+- Fix notifying role handlers by listen keyword topics with the "role_name : " prefix (https://github.com/ansible/ansible/issues/82849).
+- Fix setting proper locale for git executable when running on non english systems, ensuring git output can always be parsed.
+- Fix tasks in always section not being executed for nested blocks with ``any_errors_fatal`` (https://github.com/ansible/ansible/issues/73246)
+- Fixes permission for cache json file from 600 to 644 (https://github.com/ansible/ansible/issues/82683).
+- Give the tombstone error for ``include`` pre-fork like other tombstoned action/module plugins.
+- Harden python templates for respawn and ansiballz around str literal quoting
+- Include the task location when a module or action plugin is deprecated (https://github.com/ansible/ansible/issues/82450).
+- Interpreter discovery - Add ``Amzn`` to ``OS_FAMILY_MAP`` for correct family fallback for interpreter discovery (https://github.com/ansible/ansible/issues/80882).
+- Mirror the behavior of dnf on the command line when handling NEVRAs with omitted epoch (https://github.com/ansible/ansible/issues/71808)
+- Plugin loader does not dedupe nor cache filter/test plugins by file basename, but full path name.
+- Properly template tags in parent blocks (https://github.com/ansible/ansible/issues/81053)
+- Provide additional information about the alternative plugin in the deprecation message (https://github.com/ansible/ansible/issues/80561).
+- Remove the galaxy_info field ``platforms`` from the role templates (https://github.com/ansible/ansible/issues/82453).
+- Restoring the ability of filters/tests can have same file base name but different tests/filters defined inside.
+- Reword the error message when the module fails to parse parameters in JSON format (https://github.com/ansible/ansible/issues/81188).
+- Reword warning if the reserved keyword _ansible_ used as a module parameter (https://github.com/ansible/ansible/issues/82514).
+- Run all handlers with the same ``listen`` topic, even when notified from another handler (https://github.com/ansible/ansible/issues/82363).
+- Slight optimization to hostvars (instantiate template only once per host, vs per call to var).
+- Stopped misleadingly advertising ``async`` mode support in the ``reboot`` module (https://github.com/ansible/ansible/issues/71517).
+- ``ansible-galaxy role import`` - fix using the ``role_name`` in a standalone role's ``galaxy_info`` metadata by disabling automatic removal of the ``ansible-role-`` prefix. This matches the behavior of the Galaxy UI which also no longer implicitly removes the ``ansible-role-`` prefix. Use the ``--role-name`` option or add a ``role_name`` to the ``galaxy_info`` dictionary in the role's ``meta/main.yml`` to use an alternate role name.
+- ``ansible-test sanity --test runtime-metadata`` - add ``action_plugin`` as a valid field for modules in the schema (https://github.com/ansible/ansible/pull/82562).
+- ``ansible.module_utils.service`` - ensure binary data transmission in ``daemonize()``
+- ``any_errors_fatal`` should fail all hosts and rescue all of them when a ``rescue`` section is specified (https://github.com/ansible/ansible/issues/80981)
+- ``include_role`` - properly execute ``v2_playbook_on_include`` and ``v2_runner_on_failed`` callbacks as well as increase ``ok`` and ``failed`` stats in the play recap, when appropriate (https://github.com/ansible/ansible/issues/77336)
+- allow_duplicates - fix evaluating if the current role allows duplicates instead of using the initial value from the duplicate's cached role.
+- ansible-config init will now dedupe ini entries from plugins.
+- ansible-config will now properly template defaults before dumping them.
+- ansible-doc - fixed "inicates" typo in output
+- ansible-doc - format top-level descriptions with multiple paragraphs as multiple paragraphs, instead of concatenating them (https://github.com/ansible/ansible/pull/83155).
+- ansible-galaxy - Deprecate use of the Galaxy v2 API (https://github.com/ansible/ansible/issues/81781)
+- ansible-galaxy - Provide a better error message when using a requirements file with an invalid format - https://github.com/ansible/ansible/issues/81901
+- ansible-galaxy - Resolve issue with the dataclass used for galaxy.yml manifest caused by using future annotations
+- ansible-galaxy - ensure path to ansible collection when installing or downloading doesn't have a backslash (https://github.com/ansible/ansible/pull/79705).
+- ansible-galaxy - started allowing the use of pre-releases for collections that do not have any stable versions published. (https://github.com/ansible/ansible/pull/81606)
+- ansible-galaxy - started allowing the use of pre-releases for dependencies on any level of the dependency tree that specifically demand exact pre-release versions of collections and not version ranges. (https://github.com/ansible/ansible/pull/81606)
+- ansible-galaxy error on dependency resolution will not error itself due to 'virtual' collections not having a name/namespace.
+- ansible-galaxy info - fix reporting no role found when lookup_role_by_name returns None.
+- ansible-galaxy role import - exit with 1 when the import fails (https://github.com/ansible/ansible/issues/82175).
+- ansible-galaxy role install - fix installing roles from Galaxy that have version ``None`` (https://github.com/ansible/ansible/issues/81832).
+- ansible-galaxy role install - fix symlinks (https://github.com/ansible/ansible/issues/82702, https://github.com/ansible/ansible/issues/81965).
+- ansible-galaxy role install - normalize tarfile paths and symlinks using ``ansible.utils.path.unfrackpath`` and consider them valid as long as the realpath is in the tarfile's role directory (https://github.com/ansible/ansible/issues/81965).
+- ansible-inventory - index available_hosts for major performance boost when dumping large inventories
+- ansible-pull now will expand relative paths for the ``-d|--directory`` option is now expanded before use.
+- ansible-pull will now correctly handle become and connection password file options for ansible-playbook.
+- ansible-test - Add a ``pylint`` plugin to work around a known issue on Python 3.12.
+- ansible-test - Explicitly supply ``ControlPath=none`` when setting up port forwarding over SSH to address the scenario where the local ssh configuration uses ``ControlPath`` for all hosts, and would prevent ports to be forwarded after the initial connection to the host.
+- ansible-test - Fix parsing of cgroup entries which contain a ``:`` in the path (https://github.com/ansible/ansible/issues/81977).
+- ansible-test - Include missing ``pylint`` requirements for Python 3.10.
+- ansible-test - Properly detect docker host when using ``ssh://`` protocol for connecting to the docker daemon.
+- ansible-test - The ``libexpat`` package is automatically upgraded during remote bootstrapping to maintain compatibility with newer Python packages.
+- ansible-test - The ``validate-modules`` sanity test no longer attempts to process files with unrecognized extensions as Python (resolves https://github.com/ansible/ansible/issues/82604).
+- ansible-test - Update ``pylint`` to version 3.0.1.
+- ansible-test ansible-doc sanity test - do not remove underscores from plugin names in collections before calling ``ansible-doc`` (https://github.com/ansible/ansible/pull/82574).
+- ansible-test validate-modules sanity test - do not treat leading underscores for plugin names in collections as an attempted deprecation (https://github.com/ansible/ansible/pull/82575).
+- ansible-test — Python 3.8–3.12 will use ``coverage`` v7.3.2.
+- ansible.builtin.apt - calling clean = true does not properly clean certain cache files such as /var/cache/apt/pkgcache.bin and /var/cache/apt/pkgcache.bin (https://github.com/ansible/ansible/issues/82611)
+- ansible.builtin.uri - the module was ignoring the ``force`` parameter and always requesting a cached copy (via the ``If-Modified-Since`` header) when downloading to an existing local file. Disable caching when ``force`` is ``true``, as documented (https://github.com/ansible/ansible/issues/82166).
+- ansible_managed restored it's 'templatability' by ensuring the possible injection routes are cut off earlier in the process.
+- apt - honor install_recommends and dpkg_options while installing python3-apt library (https://github.com/ansible/ansible/issues/40608).
+- apt - install recommended packages when installing package via deb file (https://github.com/ansible/ansible/issues/29726).
+- apt_repository - do not modify repo files if the file is a symlink (https://github.com/ansible/ansible/issues/49809).
+- apt_repository - update PPA URL to point to https URL (https://github.com/ansible/ansible/issues/82463).
+- assemble - fixed missing parameter 'content' in _get_diff_data API (https://github.com/ansible/ansible/issues/82359).
+- async - Fix bug that stopped running async task in ``--check`` when ``check_mode: False`` was set as a task attribute - https://github.com/ansible/ansible/issues/82811
+- blockinfile - when ``create=true`` is used with a filename without path, the module crashed (https://github.com/ansible/ansible/pull/81638).
+- check if there are attributes to set before attempting to set them (https://github.com/ansible/ansible/issues/76727)
+- copy action now also generates temprary files as hidden ('.' prefixed) to avoid accidental pickup by running services that glob by extension.
+- copy action now ensures that tempfiles use the same suffix as destination, to allow for ``validate`` to work with utilities that check extensions.
+- deb822_repository - handle idempotency if the order of parameters is changed (https://github.com/ansible/ansible/issues/82454).
+- debconf - allow user to specify a list for value when vtype is multiselect (https://github.com/ansible/ansible/issues/81345).
+- delegate_to when set to an empty or undefined variable will now give a proper error.
+- distribution.py - Recognize ALP-Dolomite as part of the SUSE OS family in Ansible, fixing its previous misidentification (https://github.com/ansible/ansible/pull/82496).
+- distro - bump bundled distro version from 1.6.0 to 1.8.0 (https://github.com/ansible/ansible/issues/81713).
+- dnf - fix an issue when cached RPMs were left in the cache directory even when the keepcache setting was unset (https://github.com/ansible/ansible/issues/81954)
+- dnf - fix an issue when installing a package by specifying a file it provides could result in installing a different package providing the same file than the package already installed resulting in resolution failure (https://github.com/ansible/ansible/issues/82461)
+- dnf - properly set gpg check options on enabled repositories according to the ``disable_gpg_check`` option (https://github.com/ansible/ansible/issues/80110)
+- dnf - properly skip unavailable packages when ``skip_broken`` is enabled (https://github.com/ansible/ansible/issues/80590)
+- dnf - the ``nobest`` option only overrides the distribution default when explicitly used, and is used for all supported operations (https://github.com/ansible/ansible/issues/82616)
+- dnf5 - replace removed API calls
+- dnf5 - respect ``allow_downgrade`` when installing packages directly from rpm files
+- dnf5 - the ``nobest`` option only overrides the distribution default when used
+- dwim functions for lookups should be better at detectging role context even in abscense of tasks/main.
+- ensure we have logger before we log when we have increased verbosity.
+- expect - fix argument spec error using timeout=null (https://github.com/ansible/ansible/issues/80982).
+- fact gathering on linux now handles thread count by using rounding vs dropping decimals, it should give slightly more accurate numbers.
+- facts - add a generic detection for VMware in product name.
+- facts - detect VMware ESXi 8.0 virtualization by product name VMware20,1
+- fetch - Do not calculate the file size for Windows fetch targets to improve performance.
+- fetch - add error message when using ``dest`` with a trailing slash that becomes a local directory - https://github.com/ansible/ansible/issues/82878
+- find - do not fail on Permission errors (https://github.com/ansible/ansible/issues/82027).
+- first_found lookup now always returns a full (absolute) and normalized path
+- first_found lookup now always takes into account k=v options
+- flush_handlers - properly handle a handler failure in a nested block when ``force_handlers`` is set (http://github.com/ansible/ansible/issues/81532)
+- galaxy - skip verification for unwanted Python compiled bytecode files (https://github.com/ansible/ansible/issues/81628).
+- handle exception raised while validating with elements='int' and value is not within choices (https://github.com/ansible/ansible/issues/82776).
+- include_tasks - include `ansible_loop_var` and `ansible_index_var` in a loop (https://github.com/ansible/ansible/issues/82655).
+- include_vars - fix calculating ``depth`` relative to the root and ensure all files are included (https://github.com/ansible/ansible/issues/80987).
+- interpreter_discovery - handle AnsibleError exception raised while interpreter discovery (https://github.com/ansible/ansible/issues/78264).
+- iptables - add option choices 'src,src' and 'dst,dst' in match_set_flags (https://github.com/ansible/ansible/issues/81281).
+- iptables - set jump to DSCP when set_dscp_mark or set_dscp_mark_class is set (https://github.com/ansible/ansible/issues/77077).
+- known_hosts - Fix issue with `@cert-authority` entries in known_hosts incorrectly being removed.
+- module no_log will no longer affect top level booleans, for example ``no_log_module_parameter='a'`` will no longer hide ``changed=False`` as a 'no log value' (matches 'a').
+- moved assemble, raw, copy, fetch, reboot, script and wait_for_connection to query task instead of play_context ensuring they get the lastest and most correct data.
+- reboot action now handles connections with 'timeout' vs only 'connection_timeout' settings.
+- role params now have higher precedence than host facts again, matching documentation, this had unintentionally changed in 2.15.
+- roles, code cleanup and performance optimization of dependencies, now cached,  and ``public`` setting is now determined once, at role instantiation.
+- roles, the ``static`` property is now correctly set, this will fix issues with ``public`` and ``DEFAULT_PRIVATE_ROLE_VARS`` controls on exporting vars.
+- set_option method for plugins to update config now properly passes through type casting and validation.
+- ssh - add tests for the SSH connection plugin.
+- support url-encoded credentials in URLs like http://x%40:%40@example.com (https://github.com/ansible/ansible/pull/82552)
+- syslog - Handle ValueError exception raised when sending Null Characters to syslog with Python 3.12.
+- systemd_services - update documentation regarding required_one_of and required_by parameters (https://github.com/ansible/ansible/issues/82914).
+- template - Fix error when templating an unsafe string which corresponds to an invalid type in Python (https://github.com/ansible/ansible/issues/82600).
+- template action will also inherit the behavior from copy (as it uses it internally).
+- templating - ensure syntax errors originating from a template being compiled into Python code object result in a failure (https://github.com/ansible/ansible/issues/82606)
+- unarchive - add support for 8 character permission strings for zip archives (https://github.com/ansible/ansible/pull/81705).
+- unarchive - force unarchive if symlink target changes (https://github.com/ansible/ansible/issues/30420).
+- unarchive modules now uses zipinfo options without relying on implementation defaults, making it more compatible with all OS/distributions.
+- unsafe data - Address an incompatibility when iterating or getting a single index from ``AnsibleUnsafeBytes``
+- unsafe data - Address an incompatibility with ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes`` when pickling with ``protocol=0``
+- unsafe data - Enable directly using ``AnsibleUnsafeText`` with Python ``pathlib`` (https://github.com/ansible/ansible/issues/82414)
+- uri - update the documentation for follow_redirects.
+- uri action plugin now skipped during check mode (not supported) instead of even trying to execute the module, which already skipped, this does not really change the result, but returns much faster.
+- vars - handle exception while combining VarsWithSources and dict (https://github.com/ansible/ansible/issues/81659).
+- wait_for should not handle 'non mmapable files' again.
+- winrm - Better handle send input failures when communicating with hosts under load
+- winrm - Do not raise another exception during cleanup when a task is timed out - https://github.com/ansible/ansible/issues/81095
+- winrm - does not hang when attempting to get process output when stdin write failed

changelogs/fragments/2.17.0_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-05-20
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.0b1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-04-08
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.0rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-04-29
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.0rc2_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-05-13
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.10_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-03-25
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.10rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-03-17
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.11rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-04-14
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-06-17
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.1rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-06-10
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.2_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-07-15
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.2rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-07-08
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.2rc2_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-07-09
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.3_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-08-12
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.3rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-08-05
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.4_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-09-09
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.4rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-09-03
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.5_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-10-07
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.5rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-09-30
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.6_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-11-04
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.6rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-10-29
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.7_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-12-02
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.7rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2024-11-25
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.8_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-01-27
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.8rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-01-20
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.9_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-02-24
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/2.17.9rc1_summary.yaml

@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2025-02-17
+   | `Porting Guide <https://docs.ansible.com/ansible-core/2.17/porting_guides/porting_guide_core_2.17.html>`__

changelogs/fragments/46742-atomic_move-fix-setgid.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - atomic_move - fix using the setgid bit on the parent directory when creating files (https://github.com/ansible/ansible/issues/46742, https://github.com/ansible/ansible/issues/67177).

changelogs/fragments/49809_apt_repository.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+- apt_repository - do not modify repo files if the file is a symlink (https://github.com/ansible/ansible/issues/49809).

changelogs/fragments/76727-chattr-fix-for-backups-of-symlinks.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - check if there are attributes to set before attempting to set them (https://github.com/ansible/ansible/issues/76727)

changelogs/fragments/77077_iptables.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+- iptables - set jump to DSCP when set_dscp_mark or set_dscp_mark_class is set (https://github.com/ansible/ansible/issues/77077).

changelogs/fragments/77336-include_role-callbacks-stats.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - "``include_role`` - properly execute ``v2_playbook_on_include`` and ``v2_runner_on_failed`` callbacks as well as increase ``ok`` and ``failed`` stats in the play recap, when appropriate (https://github.com/ansible/ansible/issues/77336)"

changelogs/fragments/78703_undefined.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Do not print undefined error message twice (https://github.com/ansible/ansible/issues/78703).

changelogs/fragments/79705-fix-ensure-path-to-collection-argument-doesnt-have-backslash.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - ansible-galaxy - ensure path to ansible collection when installing or downloading doesn't have a backslash (https://github.com/ansible/ansible/pull/79705).

changelogs/fragments/79945-host_group_vars-improvements.yml

@@ -0,0 +1,5 @@
+bugfixes:
+  - Cache host_group_vars after instantiating it once and limit the amount of repetitive work it needs to do every time it runs.
+  - Call PluginLoader.all() once for vars plugins, and load vars plugins that run automatically or are enabled specifically by name subsequently.
+deprecated_features:
+  - Old style vars plugins which use the entrypoints `get_host_vars` or `get_group_vars` are deprecated. The plugin should be updated to inherit from `BaseVarsPlugin` and define a `get_vars` method as the entrypoint.

changelogs/fragments/80110-repos-gpgcheck.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - dnf - properly set gpg check options on enabled repositories according to the ``disable_gpg_check`` option (https://github.com/ansible/ansible/issues/80110)

changelogs/fragments/80267-ansible_builtin_user-remove-user-not-found-warning.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - ansible.builtin.user - Remove user not found warning (https://github.com/ansible/ansible/issues/80267)

changelogs/fragments/80478-extend-mount-info.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - "Add ``dump`` and ``passno`` mount information to facts component (https://github.com/ansible/ansible/issues/80478)"

changelogs/fragments/80561.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+- Provide additional information about the alternative plugin in the deprecation message (https://github.com/ansible/ansible/issues/80561).

changelogs/fragments/80590-dnf-skip_broken-unavailable-pkgs.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - dnf - properly skip unavailable packages when ``skip_broken`` is enabled (https://github.com/ansible/ansible/issues/80590)

changelogs/fragments/80882-Amazon-os-family-compat.yaml

@@ -0,0 +1,2 @@
+bugfixes:
+- Interpreter discovery - Add ``Amzn`` to ``OS_FAMILY_MAP`` for correct family fallback for interpreter discovery (https://github.com/ansible/ansible/issues/80882).

changelogs/fragments/80975-systemd-detect.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Consolidate systemd detection logic into one place (https://github.com/ansible/ansible/issues/80975).

changelogs/fragments/80995-include-all-var-files.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- include_vars - fix calculating ``depth`` relative to the root and ensure all files are included (https://github.com/ansible/ansible/issues/80987).

changelogs/fragments/81053-templated-tags-inheritance.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - Properly template tags in parent blocks (https://github.com/ansible/ansible/issues/81053)

changelogs/fragments/81188_better_error.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Reword the error message when the module fails to parse parameters in JSON format (https://github.com/ansible/ansible/issues/81188).

changelogs/fragments/81532-fix-nested-flush_handlers.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - flush_handlers - properly handle a handler failure in a nested block when ``force_handlers`` is set (http://github.com/ansible/ansible/issues/81532)

changelogs/fragments/81584-daemonize-follow-up-fixes.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - "``ansible.module_utils.service`` - ensure binary data transmission in ``daemonize()``"

changelogs/fragments/81606-ansible-galaxy-collection-pre-releases.yml

@@ -0,0 +1,16 @@
+---
+
+bugfixes:
+- >-
+  ansible-galaxy - started allowing the use of pre-releases
+  for dependencies on any level of the dependency tree that
+  specifically demand exact pre-release versions of
+  collections and not version ranges.
+  (https://github.com/ansible/ansible/pull/81606)
+- >-
+  ansible-galaxy - started allowing the use of pre-releases
+  for collections that do not have any stable versions
+  published.
+  (https://github.com/ansible/ansible/pull/81606)
+
+...

changelogs/fragments/81628_galaxy_verify.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+- galaxy - skip verification for unwanted Python compiled bytecode files (https://github.com/ansible/ansible/issues/81628).

changelogs/fragments/81638-blockinfile.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - "blockinfile - when ``create=true`` is used with a filename without path, the module crashed (https://github.com/ansible/ansible/pull/81638)."

changelogs/fragments/81659_varswithsources.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+- vars - handle exception while combining VarsWithSources and dict (https://github.com/ansible/ansible/issues/81659).

changelogs/fragments/81666-handlers-run_once.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - Fix ``run_once`` being incorrectly interpreted on handlers (https://github.com/ansible/ansible/issues/81666)

changelogs/fragments/81699-zip-permission.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - unarchive - add support for 8 character permission strings for zip archives (https://github.com/ansible/ansible/pull/81705).

changelogs/fragments/81713-distro.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - distro - bump bundled distro version from 1.6.0 to 1.8.0 (https://github.com/ansible/ansible/issues/81713).

changelogs/fragments/81714-remove-deprecated-jinja2_native_warning.yml

@@ -0,0 +1,2 @@
+removed_features:
+  - Remove deprecated JINJA2_NATIVE_WARNING environment variable (https://github.com/ansible/ansible/issues/81714)

changelogs/fragments/81716-ansible-doc.yml

@@ -0,0 +1,3 @@
+---
+removed_features:
+  - Remove deprecated APIs from ansible-docs (https://github.com/ansible/ansible/issues/81716).

changelogs/fragments/81717-remove-deprecated-crypt-support.yml

@@ -0,0 +1,2 @@
+removed_features:
+  - Remove deprecated crypt support from ansible.utils.encrypt (https://github.com/ansible/ansible/issues/81717)

changelogs/fragments/81722-handler-subdir-include_tasks.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - Allow for searching handler subdir for included task via include_role (https://github.com/ansible/ansible/issues/81722)

changelogs/fragments/81732-cloudstack-test-container-1.7.0.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - ansible-test - Updated the CloudStack test container to version 1.7.0.

changelogs/fragments/81775-add-regex_replace-parameters.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - filter plugin - Add the count and mandatory_count parameters in the regex_replace filter

changelogs/fragments/81901-galaxy-requirements-format.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- ansible-galaxy - Provide a better error message when using a requirements file with an invalid format - https://github.com/ansible/ansible/issues/81901

changelogs/fragments/81931-locale-related-parsing-error-git.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fix setting proper locale for git executable when running on non english systems, ensuring git output can always be parsed.

changelogs/fragments/81954-dnf-keepcache.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - "dnf - fix an issue when cached RPMs were left in the cache directory even when the keepcache setting was unset (https://github.com/ansible/ansible/issues/81954)"

changelogs/fragments/81978-launchpad-api-endpoint.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - apt_repository.py - use api.launchpad.net endpoint instead of launchpad.net/api

changelogs/fragments/81995-enable_file_cache.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - Enable file cache for vaulted files during vars lookup to fix a strong performance penalty in huge and complex playbboks.