We have released Puppet agent 1.10.1. This is a security release that includes bug fixes for several components. For a complete list of component updates, see the Puppet agent release notes: https://docs.puppet.com/puppet/4.10/release_notes_agent.html#puppet-agent-1101
In versions prior to Puppet agent 1.10.1, an authenticated agent could make a catalog request with facts encoded in YAML. The Puppet master did not properly validate and reject the request, resulting in the server loading arbitrary objects, which could lead to remote code execution. You should update to the latest version to resolve this security issue. You can read about this in the CVE announcement: https://puppet.com/security/cve/cve-2017-2292 Or the Puppet release notes: https://docs.puppet.com/puppet/4.10/release_notes.html#puppet-4101 -- Jorie Tappa Technical Writer @ Puppet -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CALjrZazfb9VS%2BBDYL77zcB98ixK9E1KynuuzKxnjWj5qZz8gRw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
