Overview

Apache ActiveMQ February 2015 Security Fixes

  • Posted June 18, 2015

  • Assessed Risk Level: Medium

In February, the Apache ActiveMQ project announced several security vulnerabilities in ActiveMQ.

Puppet Enterprise versions prior to 3.8.1 contained a vulnerable version of ActiveMQ. Puppet Enterprise 3.8.1 contains an updated version of ActiveMQ.

For more information about the ActiveMQ vulnerabilities fixed in this release, refer to the Active MQ security announcements for CVE-2014-3600, CVE-2014-3612, and CVE-2014-8110.

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x

Resolved in:

  • Puppet Enterprise 3.8.1