Announce: Puppet Server 2.1.1 and 1.1.1 available!

[Jeremy Barlow]

We're pleased to announce that Puppet Server 2.1.1 and 1.1.1 are both now available!

Both of these releases are backwards compatible bug fix and security releases in their respective Semantic Versioning major versions.  This email is a combined announcement for 2.1.1 and 1.1.1.

Puppet Server 2.1.1

This release updates the included JRuby from 1.7.20 to 1.7.20.1 and its embedded Rubygems from 2.4.6 to 2.4.8 to address CVE-2015-4020.  CVE-2015-4020 is related to wildcard matching of hostnames in the Rubygems client and is also closely related to CVE-2015-3900.  More information on CVE-2015-3900 is available at

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html. 

This release also includes some changes needed for forward compatibility with "Native Facter" (Facter 3) which will be included in a forthcoming puppet-agent release.

In addition, the following bugs have been resolved in Puppet Server 2.1.1:

• SERVER-297 - Consolidate environment variable handling behaviors
• SERVER-646 - /certificate_status(es) implementation is too strict about Content-Type
• SERVER-692 - Use hard-coded defaults for master-*-dir settings not specified in puppetserver.conf
• SERVER-723 - Error responses to some CA requests mangle Content-Type
• SERVER-759 - Legacy routes service breaks usage of CA-disabled service

See the complete release notes for details about these changes:

https://docs.puppetlabs.com/puppetserver/2.1/release_notes.html

For a list of all changes in this release, check out the JIRA page:

https://tickets.puppetlabs.com/browse/SERVER/fixforversion/13612

Puppet Server 1.1.1

This release updates the included JRuby from 1.7.20 to 1.7.20.1 and its embedded Rubygems from 2.4.6 to 2.4.8 to address CVE-2015-4020.  CVE-2015-4020 is related to wildcard matching of hostnames in the Rubygems client and is also closely related to CVE-2015-3900.  More information on CVE-2015-3900 is available at

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html. 

In addition, the following issues have been resolved in Puppet Server 1.1.1:

• SERVER-646 - /certificate_status(es) implementation is too strict about Content-Type
• SERVER-721 - Consolidate environment variable handling behaviors
• SERVER-723 - Error responses to some CA requests mangle Content-Type

See the complete release notes for details about these changes:

https://docs.puppetlabs.com/puppetserver/1.1/release_notes.html

For a list of all changes in this release, check out the JIRA page:

https://tickets.puppetlabs.com/browse/SERVER/fixforversion/13613

EOF