This is a maintenance and security release of Puppet Dashboard.
It includes contributions from Erik Dalén, Matthaus Litteken, and
Aaron Patterson.
Security content includes a patch to address CVE-2012-2695,
SQL Injection Vulnerability in Ruby on Rails.
This release is available for download at:
https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.9.tar.gz
Debian packages are available at
https://apt.puppetlabs.com
RPM packages are available at
https://yum.puppetlabs.com
See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
Please report feedback via the Puppet Labs Redmine site, using an
affected version of 1.2.9:
http://projects.puppetlabs.com/projects/dashboard
Documentation is available at:
http://docs.puppetlabs.com/dashboard/index.html
1.2.9 Security Fixes
==Patch to Address SQL Injection Vulnerability in Ruby on Rails
There is a SQL injection vulnerability in Active Record, in ALL
versions. This vulnerability has been assigned the CVE identifier
CVE-2012-2695. Patch content from Aaron Patterson. Additional
information available here:
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/l4L0TEVAz1k
CVE Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695
1.2.9 Bug Fixes
==*Fix the node:classes rake task
Wrong variable name was used so it always exited with NameError
1.2.9 Changelog
==Erik Dalén (1)
d114b09 Fix the node:classes rake task
Matthaus Litteken (1)
8fed1f8 Update contributors in readme
Aaron Patterson (1)
1c7437 Patch activerecord for CVE-2012-2695
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.