Ask Your Question

'pe-bundler' missing in Puppet Enterprise 2016.4.6??

asked 2017-08-08 02:18:01 -0600

Paul Tung gravatar image

Hi there,

The 'pe-bundler' was existed in previous version 2016.4.5 but missing in 2016.4.6, is that normal?

And where the reason I could find?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-08-08 18:26:57 -0600

csharpsteen gravatar image

The pe-bundler package was historically included in order to support the web-based installer which was launched via bundle exec. Recently, this installer component was re-built to remove the bundler dependency which also led to the pe-bundler package being removed as well. One additional factor that led to this remove was an unresolved security vulnerability in Bundler:

PE never used Bundler in a way that exposed this vulnerability, but the presence of the package was tripping vulnerability scans conducted as part of security audits in some environments.

edit flag offensive delete link more


Thanks a lot for your answer, I got it! But I am curious did Puppetlabs has any official announcement for this?

Paul Tung gravatar imagePaul Tung ( 2017-08-09 06:02:01 -0600 )edit

My guess would be that there wasn't an entry in the release notes as the pe-bundler package was considered an implementation detail of the web-based installer and there was no net change in the behavior of the installer.

csharpsteen gravatar imagecsharpsteen ( 2017-08-09 14:54:52 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-08-08 02:18:01 -0600

Seen: 239 times

Last updated: Aug 08 '17