We're pleased to announce that Puppet Server 2.1.1 and 1.1.1 are both now available!
Both of these releases are backwards compatible bug fix and security releases in their respective Semantic Versioning <http://semver.org/> major versions. This email is a combined announcement for 2.1.1 and 1.1.1. Puppet Server 2.1.1 This release updates the included JRuby from 1.7.20 to 1.7.20.1 and its embedded Rubygems from 2.4.6 to 2.4.8 to address CVE-2015-4020. CVE-2015-4020 is related to wildcard matching of hostnames in the Rubygems client and is also closely related to CVE-2015-3900. More information on CVE-2015-3900 is available at http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html. This release also includes some changes needed for forward compatibility with "Native Facter" (Facter 3) which will be included in a forthcoming puppet-agent release. In addition, the following bugs have been resolved in Puppet Server 2.1.1: - SERVER-297 - Consolidate environment variable handling behaviors - SERVER-646 - /certificate_status(es) implementation is too strict about Content-Type - SERVER-692 - Use hard-coded defaults for master-*-dir settings not specified in puppetserver.conf - SERVER-723 - Error responses to some CA requests mangle Content-Type - SERVER-759 - Legacy routes service breaks usage of CA-disabled service See the complete release notes for details about these changes: https://docs.puppetlabs.com/puppetserver/2.1/release_notes.html For a list of all changes in this release, check out the JIRA page: https://tickets.puppetlabs.com/browse/SERVER/fixforversion/13612 Puppet Server 1.1.1 This release updates the included JRuby from 1.7.20 to 1.7.20.1 and its embedded Rubygems from 2.4.6 to 2.4.8 to address CVE-2015-4020. CVE-2015-4020 is related to wildcard matching of hostnames in the Rubygems client and is also closely related to CVE-2015-3900. More information on CVE-2015-3900 is available at http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html. In addition, the following issues have been resolved in Puppet Server 1.1.1: - SERVER-646 - /certificate_status(es) implementation is too strict about Content-Type - SERVER-721 - Consolidate environment variable handling behaviors - SERVER-723 - Error responses to some CA requests mangle Content-Type See the complete release notes for details about these changes: https://docs.puppetlabs.com/puppetserver/1.1/release_notes.html For a list of all changes in this release, check out the JIRA page: https://tickets.puppetlabs.com/browse/SERVER/fixforversion/13613 EOF -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/d849bf57-4cad-43f6-a7d3-d7828bc34779%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
