On Thu, Apr 16, 2015 at 12:28 AM, Jo Rhett <[email protected]> wrote:
> I really thought you would upgrade Ruby to handle the exploits-in-the-wild > security vulnerability in Ruby before release. > https://www.ruby-lang.org/en/news/2015/04/13/ruby-2-1-6-released/ > > In particular, isn’t Puppet vulnerable to this problem? > https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ > Only if you're using a 3rd party CA , which 99.9% of users do not do and using wildcards. It's queued up for a fix, but scored like a 2.8 on CVSS for us, and that was being as conservative as possible on it. > > On Apr 15, 2015, at 11:40 AM, Eric Sorenson <[email protected]> > wrote: > > I'm super excited to announce the availability of Puppet 4. It's the first > major version of Puppet in almost 2 years, and there are a ton of great > changes and improvements. Stephanie Stouck wrote a post that summarizes the > release: > > https://puppetlabs.com/blog/say-hello-open-source-puppet-4 > > Read the release notes and install/upgrade guides carefully, especially if > you haven't been tracking the Release Candidates: > > http://docs.puppetlabs.com/puppet/4.0/reference/index.html > > Also of note is that the repositories have changed in order to keep > incompatible changes from auto-updating onto your systems. Read more about > "Puppet Collections", our name for these Linux-distribution-like groups of > packages, in Mike Stahnke's blog post: > > https://puppetlabs.com/blog/welcome-puppet-collections > > Please give it a try! If you file bugs, please make sure to flag them with > an "Affects Version" of "PUP 4.0.0". > You can see the bugs currently open against the release here: > https://tickets.puppetlabs.com/issues/?filter=14021 > > Eric Sorenson - [email protected] - freenode #puppet: eric0 > puppet platform // coffee // techno // bicycles > > > Eric Sorenson - [email protected] - freenode #puppet: eric0 > puppet platform // coffee // techno // bicycles > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/196E9F51-5EDF-4057-9479-9D1256F94003%40puppetlabs.com > <https://groups.google.com/d/msgid/puppet-users/196E9F51-5EDF-4057-9479-9D1256F94003%40puppetlabs.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- > Jo Rhett > +1 (415) 999-1798 > Skype: jorhett > Net Consonance : net philanthropy to improve open source and > internet projects. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/27F18A3D-876E-4902-BCDD-4BED31ACED10%40netconsonance.com > <https://groups.google.com/d/msgid/puppet-users/27F18A3D-876E-4902-BCDD-4BED31ACED10%40netconsonance.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMto7LLE1%3DQEY1SB4MnbGNuWpfCbgoJrNWaC00PjdwcGHcTvyw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
