Puppet Dashboard 1.2.21 is now available. This release of Puppet Dashboard addresses CVE-2013-0333. All users are strongly encouraged to update when possible.
This vulnerability exposes ActiveSupport to unsafe query generation. More information on the vulnerability can be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333, and in this post: https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo Downloads ======== RPM packages for are available at https://yum.puppetlabs.com/el or /fedora Debian packages are available at https://apt.puppetlabs.com Source can be downloaded from https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.21.tar.gz, along with the accompanying signature file, https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.21.tar.gz.asc. See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet 1.2.21 Security Fixes ================ Michael Koziarski (1): Add an OkJson backend and remove the YAML backend -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
