On March 10, 2016 ActiveMQ announced several vulnerabilities.
Puppet Enterprise 3.8.x prior to 3.8.5, Puppet Enterprise 2015.3.x and Puppet Enterprise 2016.1.x prior to 2016.1.2 ship with a vulnerable version of ActiveMQ. Default configurations of Puppet Enterprise are not affected by these vulnerabilities. Puppet Enterprise 3.8.5 and 2016.1.2 include an updated ActiveMQ that has addressed these vulnerabilities.
For more information about these vulnerabilities, please refer to the ActiveMQ security announcements (http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt and http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt ).
Affected Software Versions: