Overview

jackson-databind Security Fixes

  • Posted November 6, 2019

  • Assessed Risk Level: High

In August 2019, jackson-databind published security updates addressing several CVEs. Previous releases of Puppet Enterprise contain a vulnerable version of nginx. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of jackson-databind that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the Jackson 2.10 release announcement.

Status:

Affected software versions:

  • Puppet Enterprise versions prior to 2019.1.3
  • Puppet Enterprise versions prior to 2018.1.11

Resolved in:

  • Puppet Enterprise 2019.1.3
  • Puppet Enterprise 2018.1.11