Overview

NGINX August 2019 Security Fixes

  • Posted November 6, 2019

  • Assessed Risk Level: High

On August 13, 2019, NGINX published security updates addressing several HTTP/2 vulnerabilities. Previous releases of Puppet Enterprise contain a vulnerable version of nginx. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of nginx that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the NGINX security announcement.

Status:

Affected software versions:

  • Puppet Enterprise versions prior to 2019.1.3
  • Puppet Enterprise versions prior to 2018.1.11

Resolved in:

  • Puppet Enterprise 2019.1.3
  • Puppet Enterprise 2018.1.11