Puppet 3.2.4 is now available. 3.2.4 addresses two security vulnerabilties discovered in the 3.x series of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and CVE-2013-4761.
All users of Puppet 3.2.3 and earlier are strongly encouraged to upgrade to 3.2.4. For more information on these vulnerabilities, please visit http://puppetlabs.com/security/cve/cve-2013-4761 and http://puppetlabs.com/security/cve/cve-2013-4956 . Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-3.2.4.tar.gz<https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz> Windows package is available at https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi<https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi> RPMs are available at https://yum.puppetlabs.com/el or /fedora Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/puppet-3.2.4.dmg<https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg> Gems are available via rubygems at https://rubygems.org/downloads/puppet-3.2.4.gem<https://rubygems.org/downloads/puppet-2.7.22.gem> or by using `gem install puppet --version=3.2.4` Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 3.2.4: http://projects.puppetlabs.com/projects/puppet/ ## Changelog ## Andrew Parker (6): 98e3a38 (Maint) Use dirname instead of regexes 4b8d0a1 (Maint) Clean up specs e7e1be1 (#21971) Check for possible directory traversal 6547651 (#21971) Split import and autoloading code paths d689513 (#21971) Create system for safely dealing with path patterns 214d42e (Maint) Reinstate check for manifest dir John Duarte (1): c9473a6 (#21953) Add test to verify module permissions Josh Partlow (5): 3932e78 (#21971) Fix TypeLoader#import_all on Ruby 1.8.7 a0f8a32 (#21971) Fixes PathPattern's usage of Dir.glob for Windows 987c4d5 (#21971) Allow paths that contain .. as part of a name c0234fe (maint) Fix windows test for embedded '..' in path adff11c (maint) Fix module_utils regex tests for module file perms Matthaus Owens (4): 05d20ff (maint) Remove rspec requires from the Rakefile a754bc8 (packaging) Move systemd BuildRequires into conditional 019e443 (maint) Correct type in speeeeling of pl-fedora-18-i386 mock in ext/build_defaults.yaml f55814d (packaging) Update PUPPETVERSION for 3.2.4 Melissa Stone (1): ecb0f92 (Bug #21768) Update puppet for F19 Pieter van de Bruggen (4): fe7b9f0 (#14333) Ensure module permissions are sane. 01c69eb Fixing a missed test for minitar. f8a9eec Ensure that PMT uses the correct group membership. afc9859 Improving testing around PMT module install permissions. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
