Unless you've elected to use legacy storeconfigs (with activerecord), you are correct, your system should not be vulnerable.
stahnma On Mon, Feb 4, 2013 at 6:15 AM, Kodiak Firesmith <[email protected]> wrote: > Hello fellow Puppet users! > > I'm trying to perform due diligence to make sure that our Puppet > installations aren't affected by all the RoR vulns in the news recently. > (http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/) > (http://www.informationweek.com/security/vulnerabilities/critical-ruby-on-rails-issue-threatens-2/240145891) > > I've been watching the PuppetLabs security > (https://puppetlabs.com/security/) page, and the RedHat CVE DB > (https://access.redhat.com/security/cve/) and haven't seen anything that > appears to directly affect a typical Puppet3 installation on RHEL 6 running > the latest RHEL6-supported Ruby (1.8.7.352-7). > > Is it safe to say that my platform is not affected? > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
