Announce: Puppet Enterprise 2.8.6 is now available

[Ryan McKern]

Dear Puppet Enterprise Users,

Puppet Enterprise 2.8.6 is now available.

This is a security and bugfix release of Puppet Enterprise. All users of Puppet Enterprise 2.x are encouraged to upgrade when possible to Puppet Enterprise 2.8.6

Puppet Enterprise 2.8.6 includes fixes to address CVE-2014-0098, and CVE-2013-6438. For information on the bug fixes in this release, see http://docs.puppetlabs.com/pe/latest/appendix.html#release-notes

We want to emphasize that Puppet Enterprise does not need to be patched for Heartbleed.

No version of Puppet Enterprise has been shipped with a vulnerable version of OpenSSL, so Puppet Enterprise is not itself vulnerable to the security bug known as Heartbleed, and does not require a patch from Puppet Labs.

However, some of your Puppet Enterprise-managed nodes could be running operating systems that include OpenSSL versions 1.0.1 or 1.0.2, and both of these are vulnerable to the Heartbleed bug. Since tools included in Puppet Enterprise, such as PuppetDB and the Console, make use of SSL certificates we believe the safest, most secure method for assuring the security of your Puppet-managed infrastructure is to regenerate your certificate authority and all OpenSSL certificates.

We have outlined the remediation procedure to help make it an easy and fail-safe process. You'll find the details here: Remediation for Recovering from the Heartbleed Bug.

We're here to help. If you have any issues with remediating the Heartbleed vulnerability, one of your authorized Puppet Enterprise support users can always log into the customer support portal. We'll continue to update the email list with any new information as it comes out.

Additional Information

Heartbleed and Puppet-Supported Operating Systems

https://puppetlabs.com/blog/heartbleed-and-puppet-supported-operating-systems

Heartbleed Update: Regeneration Still the Safest Path

https://puppetlabs.com/blog/heartbleed-update-regeneration-still-safest-path

As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first.

As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support.

--

Ryan McKern
Release Engineer

Join us at PuppetConf 2014, September 22-24 in San Francisco

Register by May 30th to take advantage of the Early Adopter discount —save $349!

[Ryan McKern]

Apologies. In the process of preparing the 2.8.6 announcement, I mistakenly left out the link for "Remediation for Recovering from the Heartbleed Bug". That link is available here: http://docs.puppetlabs.com/trouble_remediate_heartbleed_overview.html

On Tue, Apr 15, 2014 at 10:40 AM, Mail Delivery Subsystem <mailer...@googlemail.com> wrote:

Hello ryan....@puppetlabs.com,

We're writing to let you know that the group you tried to contact (pe-users) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:

 * You might have spelled or formatted the group name incorrectly.
 * The owner of the group may have removed this group.
 * You may need to join the group before receiving permission to post.
 * This group may not be open to posting.

If you have questions related to this or any other Google Group, visit the Help Center at http://support.google.com/a/puppetlabs.com/bin/topic.py?topic=25838.

Thanks,

puppetlabs.com admins



----- Original message -----

X-Received: by 10.229.176.72 with SMTP id bd8mr4784015qcb.12.1397583613857;
        Tue, 15 Apr 2014 10:40:13 -0700 (PDT)
Return-Path: <ryan....@puppetlabs.com>
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [2607:f8b0:400d:c04::22b])
        by mx.google.com with ESMTPS id 108si8550201qgx.55.2014.04.15.10.40.13
        for <pe-u...@puppetlabs.com>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Tue, 15 Apr 2014 10:40:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of ryan....@puppetlabs.com designates 2607:f8b0:400d:c04::22b as permitted sender) client-ip=2607:f8b0:400d:c04::22b;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ryan....@puppetlabs.com designates 2607:f8b0:400d:c04::22b as permitted sender) smtp.mail=ryan....@puppetlabs.com;
       dkim=pass header.i=@puppetlabs.com
Received: by mail-qg0-f43.google.com with SMTP id f51so10191678qge.30
        for <pe-u...@puppetlabs.com>; Tue, 15 Apr 2014 10:40:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=puppetlabs.com; s=google;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=a18yI7PsTde/QMJ7V5QagqV5npJEHY9F0ZjaSlbjOiQ=;
        b=R3LhvauxVuht6AVvx9uH2Q/6anAz4rmOC86Vk59HbscfofsBLxt05uUY5BxALjp1gR
         AoiLiX60uKy894xR8T5D/bgvO8aysYi4pfcyGASm6PTea78O8JGSNrZIxv2U0dN2fW+q
         XV1Jgc2YKYjlYvglnel4u1RXWxoK/lSidALIw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=a18yI7PsTde/QMJ7V5QagqV5npJEHY9F0ZjaSlbjOiQ=;
        b=BjCls98hU4+s9l7UrybKycMKOP7IFRz8/Vv2sOFuKBBasgzd4k7tRPOkpTXW3a7q1o
         mnlDF4wGbckqxCjoSdSI65HsU0/3+4f925fv1NxDY/EtZoTZTKpC6SCTK2JW8PfaWUYO
         EzowLG/HbJnIW19znzvR9juCVb4uS23LIZtRwdHNDyZSp6fpm6MW31hr6gMxhisgu4qG
         GqnkQxuNql57hr8GsKU3FFeXEjpBjcNwh6FKGP3HpcBZSkfl58ZTekFJzPaLQKUMK9A9
         BWAvRP99OWTQhpsed1tbUR0osGULUYMitPoqlfOOTwV+IWBv7DUcPYieKl1gGJCGuOwg
         ROGg==
X-Gm-Message-State: ALoCoQnkveAhk59XaALZ8W9xVFEXdJcwmvszlDvZHDsEnsdHe40d8eNeCZe1YI2fMHQlhr24f3Tc
MIME-Version: 1.0
X-Received: by 10.224.156.212 with SMTP id y20mr4677930qaw.66.1397583613621;
 Tue, 15 Apr 2014 10:40:13 -0700 (PDT)
Received: by 10.224.60.14 with HTTP; Tue, 15 Apr 2014 10:40:13 -0700 (PDT)
Date: Tue, 15 Apr 2014 10:40:13 -0700
Message-ID: <CADj7mEfMh0beiyX8JrGRbVnCQ1HfJT=ZMfeBrN9p...@mail.gmail.com>
Subject: Announce: Puppet Enterprise 2.8.6 is now available
From: Ryan McKern <ryan....@puppetlabs.com>
To: puppet...@googlegroups.com, puppet-...@googlegroups.com,
        Puppet Enterprise Users <pe-u...@puppetlabs.com>
Content-Type: multipart/alternative; boundary=089e0158c658d5938c04f7184ae5

----- Message truncated -----