Puppet users - Jan 2013 - Announce: Puppet Dashboard 1.2.19 Available

Puppet Dashboard 1.2.19 is now available.

This release of Puppet Dashboard addresses CVE-2013-0155.  All users
are strongly encouraged to update when possible.

This vulnerability exposes ActiveRecord to unsafe query generation.

More information on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in
this post:
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2

Downloads
=======
RPM packages for are available at https://yum.puppetlabs.com/el or /fedora

Debian packages are available at https://apt.puppetlabs.com

Source can be downloaded from
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz,
along with the accompanying signature file,
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

1.2.19 Security Fixes
===============Ernie Miller (1):
      04c1dba Fix for CVE-2013-0155

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Just updated and noticed that the version number at the top of the page in 
dashboard didn''t bump, and it still lists 1.2.18 in 
/usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.

On Tuesday, January 15, 2013 4:59:45 PM UTC-8, Moses Mendoza
wrote:
>
> Puppet Dashboard 1.2.19 is now available. 
>
> This release of Puppet Dashboard addresses CVE-2013-0155.  All users 
> are strongly encouraged to update when possible. 
>
> This vulnerability exposes ActiveRecord to unsafe query generation. 
>
> More information on the vulnerability can be found here: 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in 
> this post: 
>
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2
>
> Downloads 
> ======== 
>
> RPM packages for are available at https://yum.puppetlabs.com/el or 
> /fedora 
>
> Debian packages are available at https://apt.puppetlabs.com 
>
> Source can be downloaded from 
> https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz, 
>
> along with the accompanying signature file, 
>
>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
>
>
> See the Verifying Puppet Download section at: 
> http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet 
>
> 1.2.19 Security Fixes 
> ================ 
> Ernie Miller (1): 
>       04c1dba Fix for CVE-2013-0155 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Ellison,

You''re right! Thanks for pointing that out. I failed to update the
VERSION file at the top of dashboard, which gets sourced for that
link. Otherwise, this is indeed 1.2.19:)

Moses

On Tue, Jan 15, 2013 at 6:04 PM, Ellison Marks <gtyaoi@gmail.com>
wrote:
> Just updated and noticed that the version number at the top of the page in
> dashboard didn''t bump, and it still lists 1.2.18 in
> /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.
>
>
> On Tuesday, January 15, 2013 4:59:45 PM UTC-8, Moses Mendoza wrote:
>>
>> Puppet Dashboard 1.2.19 is now available.
>>
>> This release of Puppet Dashboard addresses CVE-2013-0155.  All users
>> are strongly encouraged to update when possible.
>>
>> This vulnerability exposes ActiveRecord to unsafe query generation.
>>
>> More information on the vulnerability can be found here:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in
>> this post:
>>
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2
>>
>> Downloads
>> =======>>
>> RPM packages for are available at https://yum.puppetlabs.com/el or
/fedora
>>
>> Debian packages are available at https://apt.puppetlabs.com
>>
>> Source can be downloaded from
>>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz,
>> along with the accompanying signature file,
>>
>>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
>>
>> See the Verifying Puppet Download section at:
>> http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
>>
>> 1.2.19 Security Fixes
>> ===============>> Ernie Miller (1):
>>       04c1dba Fix for CVE-2013-0155
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I did not understand : there is a new version of the dashboard ? I thought that
the dashboard was deprecated and that Puppet Lab will no work on it anymore ...

What is the status please ?

Cordialement,

Bernard Granier
CE Plateforme Système
bernard.granier@morpho.com
01 58 11 32 51


-----Original Message-----
From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On
Behalf Of Moses Mendoza
Sent: Wednesday, January 16, 2013 3:30 AM
To: puppet-users@googlegroups.com; puppet-dev@googlegroups.com
Subject: Re: [Puppet Users] Re: Announce: Puppet Dashboard 1.2.19 Available

Hi Ellison,

You''re right! Thanks for pointing that out. I failed to update the
VERSION file at the top of dashboard, which gets sourced for that link.
Otherwise, this is indeed 1.2.19:)

Moses

On Tue, Jan 15, 2013 at 6:04 PM, Ellison Marks <gtyaoi@gmail.com>
wrote:
> Just updated and noticed that the version number at the top of the 
> page in dashboard didn''t bump, and it still lists 1.2.18 in 
> /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.
>
>
> On Tuesday, January 15, 2013 4:59:45 PM UTC-8, Moses Mendoza wrote:
>>
>> Puppet Dashboard 1.2.19 is now available.
>>
>> This release of Puppet Dashboard addresses CVE-2013-0155.  All users 
>> are strongly encouraged to update when possible.
>>
>> This vulnerability exposes ActiveRecord to unsafe query generation.
>>
>> More information on the vulnerability can be found here:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in 
>> this post:
>> https://groups.google.com/group/rubyonrails-security/browse_thread/th
>> read/73b8d3f8478df5e2
>>
>> Downloads
>> =======>>
>> RPM packages for are available at https://yum.puppetlabs.com/el or 
>> /fedora
>>
>> Debian packages are available at https://apt.puppetlabs.com
>>
>> Source can be downloaded from
>> https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.ta
>> r.gz, along with the accompanying signature file,
>>
>>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
>>
>> See the Verifying Puppet Download section at:
>> http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppe
>> t
>>
>> 1.2.19 Security Fixes
>> ===============>> Ernie Miller (1):
>>       04c1dba Fix for CVE-2013-0155
>
> --
> You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

#
" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are notified
that any dissemination, copying of this e-mail and any attachments thereto or
use of their contents by any means whatsoever is strictly prohibited. If you
have received this e-mail in error, please advise the sender immediately and
delete this e-mail and all attached documents from your computer system."
#

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wednesday, January 16, 2013 7:22:15 AM UTC-6, bernard...@morpho.com 
wrote:
>
> I did not understand : there is a new version of the dashboard ? I thought 
> that the dashboard was deprecated and that Puppet Lab will no work on it 
> anymore ... 
>
> What is the status please ? 
>
>
Work on Dashboard by PuppetLabs is ending, as a replacement is created in 
terms of a standalone ENC and also enhancements to PuppetDB.

However, it is not fully going away, as someone from the community has 
stepped forward to take over the project. This person has already been 
given commit access as I recall.
 
> Cordialement, 
>
> Bernard Granier 
> CE Plateforme Système 
> bernard...@morpho.com <javascript:> 
> 01 58 11 32 51 
>
>
> -----Original Message----- 
> From: puppet...@googlegroups.com <javascript:> [mailto:
> puppet...@googlegroups.com <javascript:>] On Behalf Of Moses Mendoza 
> Sent: Wednesday, January 16, 2013 3:30 AM 
> To: puppet...@googlegroups.com <javascript:>;
puppe...@googlegroups.com<javascript:>
> Subject: Re: [Puppet Users] Re: Announce: Puppet Dashboard 1.2.19 
> Available 
>
> Hi Ellison, 
>
> You''re right! Thanks for pointing that out. I failed to update the
VERSION
> file at the top of dashboard, which gets sourced for that link. Otherwise, 
> this is indeed 1.2.19:) 
>
> Moses 
>
> On Tue, Jan 15, 2013 at 6:04 PM, Ellison Marks
<gty...@gmail.com<javascript:>>
> wrote: 
> > Just updated and noticed that the version number at the top of the 
> > page in dashboard didn''t bump, and it still lists 1.2.18 in 
> > /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum. 
> > 
> > 
> > On Tuesday, January 15, 2013 4:59:45 PM UTC-8, Moses Mendoza wrote: 
> >> 
> >> Puppet Dashboard 1.2.19 is now available. 
> >> 
> >> This release of Puppet Dashboard addresses CVE-2013-0155.  All
users
> >> are strongly encouraged to update when possible. 
> >> 
> >> This vulnerability exposes ActiveRecord to unsafe query
generation.
> >> 
> >> More information on the vulnerability can be found here: 
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and
in
> >> this post: 
> >>
https://groups.google.com/group/rubyonrails-security/browse_thread/th
> >> read/73b8d3f8478df5e2 
> >> 
> >> Downloads 
> >> ======== 
> >> 
> >> RPM packages for are available at https://yum.puppetlabs.com/el or
> >> /fedora 
> >> 
> >> Debian packages are available at https://apt.puppetlabs.com 
> >> 
> >> Source can be downloaded from 
> >>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.ta
> >> r.gz, along with the accompanying signature file, 
> >> 
> >> 
>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
>
> >> 
> >> See the Verifying Puppet Download section at: 
> >>
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppe
> >> t 
> >> 
> >> 1.2.19 Security Fixes 
> >> ================ 
> >> Ernie Miller (1): 
> >>       04c1dba Fix for CVE-2013-0155 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "Puppet Users" group. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ. 
> > To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>
> > To unsubscribe from this group, send email to 
> > puppet-users...@googlegroups.com <javascript:>. 
> > For more options, visit this group at 
> > http://groups.google.com/group/puppet-users?hl=en. 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group. 
> To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>
> To unsubscribe from this group, send email to 
> puppet-users...@googlegroups.com <javascript:>. 
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en. 
>
> # 
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system." 
> # 
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-dev/-/v7S6UBKQmvgJ.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.

Ok thanks for the answer.

Cordialement,

Bernard Granier
CE Plateforme Système
bernard.granier@morpho.com<mailto:bernard.granier@morpho.com>
01 58 11 32 51

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On
Behalf Of llowder
Sent: Wednesday, January 16, 2013 2:27 PM
To: puppet-users@googlegroups.com
Cc: puppet-dev@googlegroups.com
Subject: Re: [Puppet Users] Re: Announce: Puppet Dashboard 1.2.19 Available



On Wednesday, January 16, 2013 7:22:15 AM UTC-6,
bernard...@morpho.com<mailto:bernard...@morpho.com> wrote:
I did not understand : there is a new version of the dashboard ? I thought that
the dashboard was deprecated and that Puppet Lab will no work on it anymore ...

What is the status please ?

Work on Dashboard by PuppetLabs is ending, as a replacement is created in terms
of a standalone ENC and also enhancements to PuppetDB.

However, it is not fully going away, as someone from the community has stepped
forward to take over the project. This person has already been given commit
access as I recall.

Cordialement,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com<javascript:>
01 58 11 32 51


-----Original Message-----
From: puppet...@googlegroups.com<javascript:>
[mailto:puppet...@googlegroups.com<javascript:>] On Behalf Of Moses
Mendoza
Sent: Wednesday, January 16, 2013 3:30 AM
To: puppet...@googlegroups.com<javascript:>;
puppe...@googlegroups.com<javascript:>
Subject: Re: [Puppet Users] Re: Announce: Puppet Dashboard 1.2.19 Available

Hi Ellison,

You''re right! Thanks for pointing that out. I failed to update the
VERSION file at the top of dashboard, which gets sourced for that link.
Otherwise, this is indeed 1.2.19:)

Moses

On Tue, Jan 15, 2013 at 6:04 PM, Ellison Marks
<gty...@gmail.com<javascript:>> wrote:
> Just updated and noticed that the version number at the top of the
> page in dashboard didn''t bump, and it still lists 1.2.18 in
> /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.
>
>
> On Tuesday, January 15, 2013 4:59:45 PM UTC-8, Moses Mendoza wrote:
>>
>> Puppet Dashboard 1.2.19 is now available.
>>
>> This release of Puppet Dashboard addresses CVE-2013-0155.  All users
>> are strongly encouraged to update when possible.
>>
>> This vulnerability exposes ActiveRecord to unsafe query generation.
>>
>> More information on the vulnerability can be found here:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in
>> this post:
>> https://groups.google.com/group/rubyonrails-security/browse_thread/th
>> read/73b8d3f8478df5e2
>>
>> Downloads
>> =======>>
>> RPM packages for are available at https://yum.puppetlabs.com/el or
>> /fedora
>>
>> Debian packages are available at https://apt.puppetlabs.com
>>
>> Source can be downloaded from
>> https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.ta
>> r.gz, along with the accompanying signature file,
>>
>>
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
>>
>> See the Verifying Puppet Download section at:
>> http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppe
>> t
>>
>> 1.2.19 Security Fixes
>> ===============>> Ernie Miller (1):
>>       04c1dba Fix for CVE-2013-0155
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ.
> To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com<javascript:>.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
To unsubscribe from this group, send email to
puppet-users...@googlegroups.com<javascript:>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

#
" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are notified
that any dissemination, copying of this e-mail and any attachments thereto or
use of their contents by any means whatsoever is strictly prohibited. If you
have received this e-mail in error, please advise the sender immediately and
delete this e-mail and all attached documents from your computer system."
#
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/v7S6UBKQmvgJ.
To post to this group, send email to
puppet-users@googlegroups.com<mailto:puppet-users@googlegroups.com>.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com<mailto:puppet-users+unsubscribe@googlegroups.com>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
#
" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are notified
that any dissemination, copying of this e-mail and any attachments thereto or
use of their contents by any means whatsoever is strictly prohibited. If you
have received this e-mail in error, please advise the sender immediately and
delete this e-mail and all attached documents from your computer system."
#

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.