On Thu, Apr 16, 2015 at 12:28 AM, Jo Rhett <jrh...@netconsonance.com> wrote:
> I really thought you would upgrade Ruby to handle the exploits-in-the-wild > security vulnerability in Ruby before release. > https://www.ruby-lang.org/en/news/2015/04/13/ruby-2-1-6-released/ > > In particular, isn’t Puppet vulnerable to this problem? > https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ > Only if you're using a 3rd party CA , which 99.9% of users do not do and using wildcards. It's queued up for a fix, but scored like a 2.8 on CVSS for us, and that was being as conservative as possible on it. > > On Apr 15, 2015, at 11:40 AM, Eric Sorenson <eric.soren...@puppetlabs.com> > wrote: > > I'm super excited to announce the availability of Puppet 4. It's the first > major version of Puppet in almost 2 years, and there are a ton of great > changes and improvements. Stephanie Stouck wrote a post that summarizes the > release: > > https://puppetlabs.com/blog/say-hello-open-source-puppet-4 > > Read the release notes and install/upgrade guides carefully, especially if > you haven't been tracking the Release Candidates: > > http://docs.puppetlabs.com/puppet/4.0/reference/index.html > > Also of note is that the repositories have changed in order to keep > incompatible changes from auto-updating onto your systems. Read more about > "Puppet Collections", our name for these Linux-distribution-like groups of > packages, in Mike Stahnke's blog post: > > https://puppetlabs.com/blog/welcome-puppet-collections > > Please give it a try! If you file bugs, please make sure to flag them with > an "Affects Version" of "PUP 4.0.0". > You can see the bugs currently open against the release here: > https://tickets.puppetlabs.com/issues/?filter=14021 > > Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 > puppet platform // coffee // techno // bicycles > > > Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 > puppet platform // coffee // techno // bicycles > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/196E9F51-5EDF-4057-9479-9D1256F94003%40puppetlabs.com > <https://groups.google.com/d/msgid/puppet-users/196E9F51-5EDF-4057-9479-9D1256F94003%40puppetlabs.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- > Jo Rhett > +1 (415) 999-1798 > Skype: jorhett > Net Consonance : net philanthropy to improve open source and > internet projects. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/27F18A3D-876E-4902-BCDD-4BED31ACED10%40netconsonance.com > <https://groups.google.com/d/msgid/puppet-users/27F18A3D-876E-4902-BCDD-4BED31ACED10%40netconsonance.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMto7LLE1%3DQEY1SB4MnbGNuWpfCbgoJrNWaC00PjdwcGHcTvyw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
