Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-4364

Bump puppet-runtime's Ruby to 2.7.6 and apply patch to Ruby 2.5.9

    XMLWordPrintable

Details

    • Phoenix
    • 2
    • Phoenix 2022-04-13, Phoenix 2022-04-27
    • Security Fix
    • Hide
      For puppet-agent 7.x, we have bumped Ruby to 2.7.6, that contains the fix for CVE-2022-28739.
      For puppet-agent 6.x, Ruby 2.5.9 is EOL and didn't get an official fix, but we were able to apply the patch, Ruby SHA that was applied to 2.5.9 is 1cc5567b46249e6b4bd2dd3cfdd348ab885f59e3.
      Show
      For puppet-agent 7.x, we have bumped Ruby to 2.7.6, that contains the fix for CVE-2022-28739. For puppet-agent 6.x, Ruby 2.5.9 is EOL and didn't get an official fix, but we were able to apply the patch, Ruby SHA that was applied to 2.5.9 is 1cc5567b46249e6b4bd2dd3cfdd348ab885f59e3.
    • Needs Assessment

    Description

      A new vulnerability, CVE-2022-28739, was just announced that affects Ruby 2.7.5. We need to jump to the latest version 2.7.6.

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              christopher.thorn Christopher Thorn
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support