25.0.0

What's Changed

Notable Items

• Official support for Ascender Ledger Pro 1.0. This release is certified to work with the upcoming Ascender Ledger Pro 1.0 release.
• Fix long standing bug where systems with more than 1500 packages would fail to upload data to Ledger due to rsyslog protocol limitations.
• Support for Same Site Cookies to support secure connectivity.
• Fix multiple framework CVE's and deprecation's as documented below.
• Adding the Install UUID to all External Logging to uniquely identify Ascender servers inside of an Ascender Ledger Pro install.
• Forwarding of bearer token Authorization headers when Externally logging to Ascender Ledger Pro.

Upstream Patches

• Commits pulled from upstream minus a few minor changes as we are on an older version of python (utilize
  importlib_metadata instead of importlib.metadata)
  Upstream
  ansible/awx@e68370f
  ansible/awx@3edaaeb
• Add option for SAMESITE:
  Resolves #48
  Patch from Upstream -> ansible/awx#15100

Other

• Migrate away from pkg_resources as it's deprecated -> This resolves the pkg_resources deprecation warnings.
• Move to using an image mirror
• Replace the deprecated usage of "docker-compose" with "docker compose"
• Updates rsyslog to use the imptcp input module over the legacy socket input module. It does this to avoid Messages with too long errors (Errno 90) that occur with large packet sizes. Fixes [https://github.com//issues/51]
• Add Install UUID and URL to log data

Security Fixes

• CVE-2024-11831
• CVE-2025-26699
• CVE-2025-27516
• CVE-2025-27789
• CVE-2025-26699
• CVE-2025-27516
• CVE-2025-27152
• CVE-2024-12797
• CVE-2025-26791

Full Changelog: 24.0.4...25.0.0