This is a maintenance and security release of Puppet Dashboard. It includes contributions from Erik Dalén, Matthaus Litteken, and Aaron Patterson.
Security content includes a patch to address CVE-2012-2695, SQL Injection Vulnerability in Ruby on Rails. This release is available for download at: https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.9.tar.gz Debian packages are available at https://apt.puppetlabs.com RPM packages are available at https://yum.puppetlabs.com See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.2.9: http://projects.puppetlabs.com/projects/dashboard Documentation is available at: http://docs.puppetlabs.com/dashboard/index.html 1.2.9 Security Fixes === Patch to Address SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record, in ALL versions. This vulnerability has been assigned the CVE identifier CVE-2012-2695. Patch content from Aaron Patterson. Additional information available here: https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/l4L0TEVAz1k CVE Link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695 1.2.9 Bug Fixes === *Fix the node:classes rake task Wrong variable name was used so it always exited with NameError 1.2.9 Changelog === Erik Dalén (1) d114b09 Fix the node:classes rake task Matthaus Litteken (1) 8fed1f8 Update contributors in readme Aaron Patterson (1) 1c7437 Patch activerecord for CVE-2012-2695 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
