FAQ
Good day,

A security vulnerability has been discovered in Ruby on Rails, specifically
in all versions of ActiveRecord. It is assigned CVE-2012-5664. The
vulnerability exposes ActiveRecord to arbitrary SQL Injection.

CVE details on the vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5664
Additional detailed information can be found in the following post:
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

Puppet Labs has generated security hotfixes patching the vulnerability for
the latest in the 1.x series and 2.x series of Puppet Enterprise. These can
be downloaded from the Puppet Labs security page:
http://puppetlabs.com/security/cve/cve-2012-5664/. These security fixes
will also be included in the forthcoming patch releases of Puppet
Enterprise, versions 1.2.6 (security only) and 2.7.1 (security and bug fix).

If you have any questions or comments, please get in touch with Puppet Labs
Support. We always want your feedback!

Regards,
Moses Mendoza
Puppet Labs

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJan 4, '13 at 12:06a
activeJan 4, '13 at 12:06a
posts1
users1
websitepuppetlabs.com

1 user in discussion

Moses Mendoza: 1 post

People

Translate

site design / logo © 2022 Grokbase