The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #19393

Unsafe YAML deserialization

Added by Josh Cooper about 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Nick Lewis% Done:


Target version:3.1.1
Affected Puppet version:2.7.0 Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:

Related issues

Related to Puppet - Feature #21427: Deprecate YAML for network data transmission Closed


#1 Updated by Josh Cooper about 3 years ago

  • Status changed from Accepted to Merged - Pending Release

Merged into 3.1.0 in 4725c40e
Merged into 2.7.20 in 6aedf445c
Not merged into 2.6.17, because it only affects ruby 1.9.3 users

#2 Updated by Josh Cooper about 3 years ago

  • Target version set to 3.1.1
  • Affected Puppet version set to 2.7.0

Note that this is only an issue when using ruby 1.9.3. So it’s entirely possible to be running 3.x with ruby 1.8.7, and to not be affected. However, I’m marking the affected/target versions based on the versions of puppet that “support” ruby19, and therefore, could be at risk.

#3 Updated by Matthaus Owens about 3 years ago

  • Status changed from Merged - Pending Release to Closed
  • Private changed from Yes to No

Released in Puppet 3.1.1, 2.7.21

Also available in: Atom PDF