Puppet 2.7.22 is now available. 2.7.22 addresses a security vulnerability discovered in the 2.7.x series of Puppet. This vulnerability has been assigned Mitre CVE number CVE-2013-3567.
All users of Puppet 2.7.21 and earlier who cannot upgrade to the current version of Puppet, 3.2.2, are strongly encouraged to upgrade to 2.7.22. For more information on this vulnerability, please visit http://puppetlabs.com/security/cve/cve-2013-3567. Thanks to Ben Murphy, for discovering and responsibly disclosing the vulnerability. Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz Windows package is available at https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi RPMs are available at https://yum.puppetlabs.com/el or /fedora Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg Gems are available via rubygems at https://rubygems.org/downloads/puppet-2.7.22.gem or by using `gem install puppet --version=2.7.22` See the Verifying Puppet Download section at: https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 2.7.22: http://projects.puppetlabs.com/projects/puppet/ ## Changelog ## Justin Stoller (1): fea3cb6 Improve CVE 2013 1654 SSLv2 Downgrade Master test Matthaus Owens (3): 96be982 (packaging) Update build_defaults to remove EOL platforms (natty, f15, f16). 7f40007 (packaging) Update debian build-depends to be ruby1.8 so that the shebang is correct after install and ruby1.9.1 isn't used on newer debians. e160e99 (packaging) Update CHANGELOG, PUPPETVERSION for 2.7.22 Moses Mendoza (1): ba8c021 [packaging] Update mocks for rpmbuilder mock format Patrick Carlisle (7): 788fdaf Don't keep Gemfile.lock checked in. 535da9b Add acceptance test for report processing 2333fa4 Add vendoring system into puppet ee741eb Fix installation of vendored libs e8c30cb Vendor safe_yaml 0.9.2 5926d1a (#20584) Only deserialize expected objects from YAML fd758ad Remove acceptance test for yaml parsing that was no longer valid -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
