Puppet 3.2.4 is now available. 3.2.4 addresses two security vulnerabilties discovered in the 3.x series of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and CVE-2013-4761.
All users of Puppet 3.2.3 and earlier are strongly encouraged to upgrade to 3.2.4. For more information on these vulnerabilities, please visit http://puppetlabs.com/security/cve/cve-2013-4761 and http://puppetlabs.com/security/cve/cve-2013-4956 . Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-3.2.4.tar.gz<https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz> Windows package is available at https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi<https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi> RPMs are available at https://yum.puppetlabs.com/el or /fedora Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/puppet-3.2.4.dmg<https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg> Gems are available via rubygems at https://rubygems.org/downloads/puppet-3.2.4.gem<https://rubygems.org/downloads/puppet-2.7.22.gem> or by using `gem install puppet --version=3.2.4` Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 3.2.4: http://projects.puppetlabs.com/projects/puppet/ ## Changelog ## Andrew Parker (6): 98e3a38 (Maint) Use dirname instead of regexes 4b8d0a1 (Maint) Clean up specs e7e1be1 (#21971) Check for possible directory traversal 6547651 (#21971) Split import and autoloading code paths d689513 (#21971) Create system for safely dealing with path patterns 214d42e (Maint) Reinstate check for manifest dir John Duarte (1): c9473a6 (#21953) Add test to verify module permissions Josh Partlow (5): 3932e78 (#21971) Fix TypeLoader#import_all on Ruby 1.8.7 a0f8a32 (#21971) Fixes PathPattern's usage of Dir.glob for Windows 987c4d5 (#21971) Allow paths that contain .. as part of a name c0234fe (maint) Fix windows test for embedded '..' in path adff11c (maint) Fix module_utils regex tests for module file perms Matthaus Owens (4): 05d20ff (maint) Remove rspec requires from the Rakefile a754bc8 (packaging) Move systemd BuildRequires into conditional 019e443 (maint) Correct type in speeeeling of pl-fedora-18-i386 mock in ext/build_defaults.yaml f55814d (packaging) Update PUPPETVERSION for 3.2.4 Melissa Stone (1): ecb0f92 (Bug #21768) Update puppet for F19 Pieter van de Bruggen (4): fe7b9f0 (#14333) Ensure module permissions are sane. 01c69eb Fixing a missed test for minitar. f8a9eec Ensure that PMT uses the correct group membership. afc9859 Improving testing around PMT module install permissions. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
