Announce: Puppet 3.1.1 Available [ Security Release ]

Showing 1-1 of 1 messages
Announce: Puppet 3.1.1 Available [ Security Release ] Moses Mendoza 3/12/13 10:33 AM
Puppet 3.1.1 is now available. 3.1.1 addresses several security
vulnerabilities discovered in the 3.x line of Puppet. These
vulnerabilities have been assigned Mitre CVE numbers CVE-2013-1640,
CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655 and
CVE-2013-2275.

All users of Puppet 3.1.0 and earlier are strongly encouraged to
upgrade to 3.1.1.

For more information on these vulnerabilities, please visit
http://puppetlabs.com/security, or visit
http://puppetlabs.com/security/cve/cve-2013-1640,
http://puppetlabs.com/security/cve/cve-2013-1652,
http://puppetlabs.com/security/cve/cve-2013-1653,
http://puppetlabs.com/security/cve/cve-2013-1654,
http://puppetlabs.com/security/cve/cve-2013-1655, and
http://puppetlabs.com/security/cve/cve-2013-2275.

Downloads are available at:
 * Source https://downloads.puppetlabs.com/puppet/puppet-3.1.1.tar.gz

Windows package is available at
https://downloads.puppetlabs.com/windows/puppet-3.1.1.msi

RPMs are available at https://yum.puppetlabs.com/el or /fedora

Debs are available at https://apt.puppetlabs.com

Mac package is available at
https://downloads.puppetlabs.com/mac/puppet-3.1.1.dmg

Gems are available via rubygems at
https://rubygems.org/downloads/puppet-3.1.1.gem or by using `gem
install puppet --version=3.1.1`

See the Verifying Puppet Download section at:
https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Please report feedback via the Puppet Labs Redmine site, using an
affected puppet version of 3.1.1:
http://projects.puppetlabs.com/projects/puppet/

## Changelog ##

Andrew Parker (3):
      3b0178f (#14093) Cleanup tests for template functionality
      4ca17d9 (#14093) Remove unsafe attributes from TemplateWrapper
      f1d0731 (#14093) Restore access to the filename in the template

Jeff McCune (2):
      52be043 (#19151) Reject SSLv2 SSL handshakes and ciphers
      b9023b0 (#19531) (CVE-2013-2275) Only allow report save from the
node matching the certname

Josh Cooper (7):
      f63ed48 Fix module tool acceptance test
      c42e608 Run openssl from windows when trying to downgrade master
      8d199b2 Remove unnecessary rubygems require
      3e493e1 Don't assume puppetbindir is defined
      166bf79 Display SSL messages so we can match our regex
      0328aaf Don't require openssl client to return 0 on failure
      406725d Don't assume master supports SSLv2

Justin Stoller (6):
      cb607d9 Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654,
2274, 2275)
      611b12d Separate tests for same CVEs into separate files
      f6e1987 We can ( and should ) use grep instead of grep -E
      672af80 add quotes around paths for windows interop
      28d80f0 remove tests that do not run on 3.1+
      b87b719 run curl against the master on the master

Moses Mendoza (1):
      6c3dd98 Update PUPPETVERSION for 3.1.1

Nick Lewis (3):
      940594b (#19393) Safely load YAML from the network
      7da9559 Always read request body when using Rack
      8f82131 Fix order-dependent test failure in network/authorization_spec

Patrick Carlisle (3):
      eef6d38 (#19391) (CVE-2013-1652) Disallow use_node compiler
parameter for remote requests
      f877cf5 (#19392) (CVE-2013-1653) Validate instances passed to indirector
      eb71909 (#19392) Don't validate key for certificate_status

Pieter van de Bruggen (1):
      f6dbe99 Updating module tool acceptance tests with new expectations.