The next release in the Puppet 6 series, Puppet 6.25.1, is now available!
The release contains enhancements and vulnerability fixes, including: - Faster iterative functions, including reduce and merge. - CVE-2021-27023 <https://puppet.com/security/cve/CVE-2021-27023> - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 <https://nvd.nist.gov/vuln/detail/CVE-2018-1000007>. - CVE-2021-27025 <https://puppet.com/security/cve/CVE-2021-27025> - A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first `pluginsync`. - Note that if you upgrade agents to Puppet 6.25.1, you must first upgrade PuppetDB to 6.19.1, otherwise catalog storage does not work. For the full list of changes, check out the release notes: https://puppet.com/docs/puppet/6/release_notes_osp.html <https://puppet.com/docs/puppet/latest/release_notes_osp.html> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFH7jMURsqjGAiY5Rx51SSuJLbvw35hQ%3Do-%3Dyts9RT1j6e_emQ%40mail.gmail.com.
