FasterXML Jackson Databind Security Fixes

  • Posted January 29, 2019

  • Assessed Risk Level: High

On November 28, 2018, FasterXML published a security update addressing several vulnerabilities including CVE-2018-7489. Puppet Enterprise 2019.0.2 and 2018.1.7 ship with an updated version of jackson-databind and PuppetDB excludes jackson-databind entirely.

For more information about the vulnerabilities, refer to the Faster XML security announcement.

Status:

Affected software versions:

  • Puppet Enterprise prior to 2019.0.2
  • Puppet Enterprise prior to 2018.1.7

Resolved in:

  • Puppet Enterprise 2019.0.2
  • Puppet Enterprise 2018.1.7
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.