Posted June 18, 2015
Assessed Risk Level: Medium
In February, the Apache ActiveMQ project announced several security vulnerabilities in ActiveMQ.
Puppet Enterprise versions prior to 3.8.1 contained a vulnerable version of ActiveMQ. Puppet Enterprise 3.8.1 contains an updated version of ActiveMQ.
For more information about the ActiveMQ vulnerabilities fixed in this release, refer to the Active MQ security announcements for CVE-2014-3600, CVE-2014-3612, and CVE-2014-8110.
Affected Software Versions: