Puppet users - Jan 2013 - Announce: Puppet-Dashboard 1.2.18 Available [ Security Release ]

Puppet Dashboard 1.2.18 is now available.

This release of Puppet Dashboard addresses CVE 2013-0156.  All users
are strongly encouraged to update when possible.

CVE-2013-0156 affects Ruby on Rails, specifically in all versions of
ActionPack. The vulnerability exposes Rails to arbitrary SQL
Injection.

More information on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156

Downloads
=======
RPM packages for are available at https://yum.puppetlabs.com/el or /fedora

Debian packages are available at https://apt.puppetlabs.com

Source can be downloaded from
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.18.tar.gz,
along with the accompanying signature file,
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.18.tar.gz.asc.

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

1.2.18 Security Fixes
===============Matthaus Owens (2):
      6aa4294 Apply suggested workaround for CVE-2013-0156 as
Dashboard does not use xml parameter parsing.
      683edda Update CHANGELOG, VERSION for 1.2.18

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.