Announce: Puppet 4 available!
205 views
Skip to first unread message
Eric Sorenson
Apr 15, 2015, 2:41:08 PM4/15/15
to puppet...@googlegroups.com
I'm super excited to announce the availability of Puppet 4. It's the first major version of Puppet in almost 2 years, and there are a ton of great changes and improvements. Stephanie Stouck wrote a post that summarizes the release:
Read the release notes and install/upgrade guides carefully, especially if you haven't been tracking the Release Candidates:
Also of note is that the repositories have changed in order to keep incompatible changes from auto-updating onto your systems. Read more about "Puppet Collections", our name for these Linux-distribution-like groups of packages, in Mike Stahnke's blog post:
Please give it a try! If you file bugs, please make sure to flag them with an "Affects Version" of "PUP 4.0.0".
You can see the bugs currently open against the release here: https://tickets.puppetlabs.com/issues/?filter=14021
Eric Sorenson - eric.s...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles
puppet platform // coffee // techno // bicycles
Eric Sorenson - eric.s...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles
puppet platform // coffee // techno // bicycles
Byron Miller
Apr 15, 2015, 9:06:47 PM4/15/15
to puppet...@googlegroups.com
Congrats on delivering Puppet 4.0! Looking forward to giving all the new stuff a spin!
Jo Rhett
Apr 16, 2015, 3:28:25 AM4/16/15
to puppet...@googlegroups.com
I really thought you would upgrade Ruby to handle the exploits-in-the-wild security vulnerability in Ruby before release.
In particular, isn’t Puppet vulnerable to this problem? https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/196E9F51-5EDF-4057-9479-9D1256F94003%40puppetlabs.com.
For more options, visit https://groups.google.com/d/optout.
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
Kylo Ginsberg
Apr 17, 2015, 2:32:17 AM4/17/15
to puppet...@googlegroups.com
On Thu, Apr 16, 2015 at 6:04 AM, Dennis Hoppe <dennis...@debian-solutions.de> wrote:
Hello Eric,what happened to the packages for Debian testing? The release of Debian Jessie is scheduled for 2015-04-25.
We had Jessie in our build pipeline a few weeks ago, but there was some churn in Debian testing packages that caused our builds to fail several nights in a row (sorry, don't remember the details), and we decided to hold off until it was actually released.
It should be very straightforward to add back in once it's released.
Cheers,
Kylo
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3AA8B464-0159-429E-B935-C77B9EA89150%40debian-solutions.de.
PuppetConf 2015 is coming to Portland, Oregon! Join us October 5-9.
Register now to take advantage of the Early Adopter discount —save $349!
Michael Stahnke
Apr 17, 2015, 2:40:29 AM4/17/15
to puppet...@googlegroups.com
On Thu, Apr 16, 2015 at 12:28 AM, Jo Rhett <jrh...@netconsonance.com> wrote:
I really thought you would upgrade Ruby to handle the exploits-in-the-wild security vulnerability in Ruby before release.In particular, isn’t Puppet vulnerable to this problem? https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
Only if you're using a 3rd party CA , which 99.9% of users do not do and using wildcards. It's queued up for a fix, but scored like a 2.8 on CVSS for us, and that was being as conservative as possible on it.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/27F18A3D-876E-4902-BCDD-4BED31ACED10%40netconsonance.com.
Jo Rhett
Apr 17, 2015, 3:10:53 AM4/17/15
to puppet...@googlegroups.com
On Apr 16, 2015, at 11:40 PM, Michael Stahnke <sta...@puppetlabs.com> wrote:
In particular, isn’t Puppet vulnerable to this problem? https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/Only if you're using a 3rd party CA , which 99.9% of users do not do and using wildcards.
So I haven’t the time to setup a test for this, but my reading of the exploit seemed to indicate that problems with trust within an entirely Puppet-managed CA were possible.
Also, my clients tend to be large enterprises, where wildcards are de facto and 3rd party CAs are common. The same large enterprises that can’t deploy something with known CVEs of this nature against it. So this exploit is more likely to affect you, the larger you are.
Peter
Jun 3, 2015, 8:57:29 AM6/3/15
to puppet...@googlegroups.com
Hi Kylo,
Just checking if there was still an issue with the process to build packages for Debian Jessie? Debian was officially released on April 25th.
Thanks,
Peter
Reply all
Reply to author
Forward
0 new messages