Puppet Agent 1.7.1 is available (with a critical security fix). This is a security release of Puppet Agent that addresses a critical vulnerability in PXP Agent as well as several other vulnerabilities.
Please see our security page <https://docs.puppet.com/security/index.html> and these security notices regarding the vulnerabilities fixed in this release: - Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability <https://puppet.com/security/cve/pxp-agent-oct-2016> - Unprivileged Access to Environment Catalogs <https://puppet.com/security/cve/cve-2016-5714> Puppet Agent 1.7.1 also contains updated versions of OpenSSL and Curl to address vulnerabilities recently announced by those projects. This is the second release of the puppet-agent with .deb and .rpm packages signed with our new GPG signing key. Please see our recent announcement <https://puppet.com/blog/updated-puppet-gpg-signing-key> for more information about the new GPG signing key. Full release notes are available here: https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html To install or upgrade puppet-agent, follow the getting started directions: http://docs.puppetlabs.com/puppet/latest/reference/index.html -- Geoff Nichols Puppet Ecosystem - Agent and Platform Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADjnYBy%3D4OiSo9ORRDW67SU5y72JTGW0zHQrF6jnfyB4ZXzEUA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
