Good day,

A security vulnerability has been discovered in Ruby on Rails, specifically
in all versions of ActiveRecord. It is assigned CVE-2012-5664. The
vulnerability exposes ActiveRecord to arbitrary SQL Injection.

CVE details on the vulnerability can be found here:
Additional detailed information can be found in the following post:

Puppet Labs has generated security hotfixes patching the vulnerability for
the latest in the 1.x series and 2.x series of Puppet Enterprise. These can
be downloaded from the Puppet Labs security page:
http://puppetlabs.com/security/cve/cve-2012-5664/. These security fixes
will also be included in the forthcoming patch releases of Puppet
Enterprise, versions 1.2.6 (security only) and 2.7.1 (security and bug fix).

If you have any questions or comments, please get in touch with Puppet Labs
Support. We always want your feedback!

Moses Mendoza
Puppet Labs

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
postedJan 4, '13 at 12:06a
activeJan 4, '13 at 12:06a

1 user in discussion

Moses Mendoza: 1 post



site design / logo © 2022 Grokbase