Matthaus Owens
2013-Jan-29 01:18 UTC
[Puppet Users] Announce: Puppet Dashboard 1.2.21 available [ security release ]
Puppet Dashboard 1.2.21 is now available.
This release of Puppet Dashboard addresses CVE-2013-0333. All users
are strongly encouraged to update when possible.
This vulnerability exposes ActiveSupport to unsafe query generation.
More information on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333, and in
this post: https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo
Downloads
=======
RPM packages for are available at https://yum.puppetlabs.com/el or /fedora
Debian packages are available at https://apt.puppetlabs.com
Source can be downloaded from
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.21.tar.gz,
along with the accompanying signature file,
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.21.tar.gz.asc.
See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
1.2.21 Security Fixes
===============Michael Koziarski (1):
Add an OkJson backend and remove the YAML backend
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.