Jetty June 2018 Security Fixes

  • Posted November 6, 2018

  • Assessed Risk Level: Moderate

In June 2018, the jetty project released fixes for several vulnerabilities announced that month. Puppet Enterprise 2018.1.5 and 2019.0.1 ship with an updated version of jetty that has addressed these vulnerabilities.

For more information about these vulnerabilities refer to jetty vulnerabilities table (https://www.eclipse.org/lists/jetty-announce/msg00123.html)

Status:

Affected software versions:

  • Puppet Enterprise versions prior to 2019.0.1
  • Puppet Enterprise versions prior to 2018.1.5

Resolved in:

  • Puppet Enterprise 2019.0.1
  • Puppet Enterprise 2018.1.5