Puppet Agent 1.7.1 is available (with a critical security fix). This is a security release of Puppet Agent that addresses a critical vulnerability in PXP Agent as well as several other vulnerabilities.
Please see our security page <https://docs.puppet.com/security/index.html> and these security notices regarding the vulnerabilities fixed in this release: - Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability <https://puppet.com/security/cve/pxp-agent-oct-2016> - Unprivileged Access to Environment Catalogs <https://puppet.com/security/cve/cve-2016-5714> Puppet Agent 1.7.1 also contains updated versions of OpenSSL and Curl to address vulnerabilities recently announced by those projects. This is the second release of the puppet-agent with .deb and .rpm packages signed with our new GPG signing key. Please see our recent announcement <https://puppet.com/blog/updated-puppet-gpg-signing-key> for more information about the new GPG signing key. Full release notes are available here: https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html To install or upgrade puppet-agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html -- Geoff Nichols Puppet Ecosystem - Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBy%3D4OiSo9ORRDW67SU5y72JTGW0zHQrF6jnfyB4ZXzEUA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
