Announce: Puppet Dashboard 1.2.19 Available
22 views
Skip to first unread message
Moses Mendoza
Jan 15, 2013, 7:59:45 PM1/15/13
to puppet...@googlegroups.com, puppe...@googlegroups.com, puppet-...@googlegroups.com
Puppet Dashboard 1.2.19 is now available.
This release of Puppet Dashboard addresses CVE-2013-0155. All users
are strongly encouraged to update when possible.
This vulnerability exposes ActiveRecord to unsafe query generation.
More information on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in
this post: https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2
Downloads
========
RPM packages for are available at https://yum.puppetlabs.com/el or /fedora
Debian packages are available at https://apt.puppetlabs.com
Source can be downloaded from
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz,
along with the accompanying signature file,
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
1.2.19 Security Fixes
================
Ernie Miller (1):
04c1dba Fix for CVE-2013-0155
This release of Puppet Dashboard addresses CVE-2013-0155. All users
are strongly encouraged to update when possible.
This vulnerability exposes ActiveRecord to unsafe query generation.
More information on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in
this post: https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2
Downloads
========
RPM packages for are available at https://yum.puppetlabs.com/el or /fedora
Debian packages are available at https://apt.puppetlabs.com
Source can be downloaded from
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz,
along with the accompanying signature file,
https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc.
See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
1.2.19 Security Fixes
================
Ernie Miller (1):
04c1dba Fix for CVE-2013-0155
Moses Mendoza
Jan 15, 2013, 9:29:31 PM1/15/13
to puppet...@googlegroups.com, puppe...@googlegroups.com
Hi Ellison,
You're right! Thanks for pointing that out. I failed to update the
VERSION file at the top of dashboard, which gets sourced for that
link. Otherwise, this is indeed 1.2.19:)
Moses
On Tue, Jan 15, 2013 at 6:04 PM, Ellison Marks <gty...@gmail.com> wrote:
> Just updated and noticed that the version number at the top of the page in
> dashboard didn't bump, and it still lists 1.2.18 in
> /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
You're right! Thanks for pointing that out. I failed to update the
VERSION file at the top of dashboard, which gets sourced for that
link. Otherwise, this is indeed 1.2.19:)
Moses
On Tue, Jan 15, 2013 at 6:04 PM, Ellison Marks <gty...@gmail.com> wrote:
> Just updated and noticed that the version number at the top of the page in
> dashboard didn't bump, and it still lists 1.2.18 in
> /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
llowder
Jan 16, 2013, 8:26:53 AM1/16/13
to puppet...@googlegroups.com, puppe...@googlegroups.com
On Wednesday, January 16, 2013 7:22:15 AM UTC-6, bernard...@morpho.com wrote:
I did not understand : there is a new version of the dashboard ? I thought that the dashboard was deprecated and that Puppet Lab will no work on it anymore ...
What is the status please ?
Work on Dashboard by PuppetLabs is ending, as a replacement is created in terms of a standalone ENC and also enhancements to PuppetDB.
However, it is not fully going away, as someone from the community has stepped forward to take over the project. This person has already been given commit access as I recall.
Cordialement,
Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51
#
" This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#
Reply all
Reply to author
Forward
0 new messages