We're pleased to announce that Puppet Server 2.1.1 and 1.1.1 are both now available!
Both of these releases are backwards compatible bug fix and security releases in their respective Semantic Versioning <http://semver.org/> major versions. This email is a combined announcement for 2.1.1 and 1.1.1. Puppet Server 2.1.1 This release updates the included JRuby from 1.7.20 to 1.7.20.1 and its embedded Rubygems from 2.4.6 to 2.4.8 to address CVE-2015-4020. CVE-2015-4020 is related to wildcard matching of hostnames in the Rubygems client and is also closely related to CVE-2015-3900. More information on CVE-2015-3900 is available at http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html. This release also includes some changes needed for forward compatibility with "Native Facter" (Facter 3) which will be included in a forthcoming puppet-agent release. In addition, the following bugs have been resolved in Puppet Server 2.1.1: - SERVER-297 - Consolidate environment variable handling behaviors - SERVER-646 - /certificate_status(es) implementation is too strict about Content-Type - SERVER-692 - Use hard-coded defaults for master-*-dir settings not specified in puppetserver.conf - SERVER-723 - Error responses to some CA requests mangle Content-Type - SERVER-759 - Legacy routes service breaks usage of CA-disabled service See the complete release notes for details about these changes: https://docs.puppetlabs.com/puppetserver/2.1/release_notes.html For a list of all changes in this release, check out the JIRA page: https://tickets.puppetlabs.com/browse/SERVER/fixforversion/13612 Puppet Server 1.1.1 This release updates the included JRuby from 1.7.20 to 1.7.20.1 and its embedded Rubygems from 2.4.6 to 2.4.8 to address CVE-2015-4020. CVE-2015-4020 is related to wildcard matching of hostnames in the Rubygems client and is also closely related to CVE-2015-3900. More information on CVE-2015-3900 is available at http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html. In addition, the following issues have been resolved in Puppet Server 1.1.1: - SERVER-646 - /certificate_status(es) implementation is too strict about Content-Type - SERVER-721 - Consolidate environment variable handling behaviors - SERVER-723 - Error responses to some CA requests mangle Content-Type See the complete release notes for details about these changes: https://docs.puppetlabs.com/puppetserver/1.1/release_notes.html For a list of all changes in this release, check out the JIRA page: https://tickets.puppetlabs.com/browse/SERVER/fixforversion/13613 EOF -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/d849bf57-4cad-43f6-a7d3-d7828bc34779%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
