Java January 2018 Security Fixes

  • Posted January 31, 2018

  • Assessed Risk Level: High

In January, 2018 Oracle announced several vulnerabilities for Java. Puppet Enterprise prior to 2016.4.10 and 2017.3.3 shipped with a vulnerable version of Java. Puppet Enterprise 2016.4.10 and 2017.3.3 include updates to Java to address these vulnerabilities.

For more information about this vulnerability, refer to the Oracle’s security announcement (http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA)


Affected software versions:

  • Puppet Enterprise versions prior to 2016.4.10
  • Puppet Enterprise versions prior to 2017.3.3

Resolved in:

  • Puppet Enterprise 2016.4.10
  • Puppet Enterprise 2017.3.3