NGINX January 2016 Security Fixes
Posted May 4, 2016
Assessed Risk Level: Low
On January 29, 2016 NGINX several vulnerabilities.
Puppet Enterprise 2015.3.x and 2016.1.x ship with a vulnerable version of NGINX. Default configurations of Puppet Enterprise are not affected by this vulnerability. Puppet Enterprise 2016.1.2 includes updates to address the security announcement.
For more information about these vulnerabilities, please refer to the NGINX security announcement (http://nginx.org/en/CHANGES-1.8).
Affected Software Versions:
- Puppet Enterprise 2015.3.x
- Puppet Enterprise 2016.1.x prior to 2016.1.2
- Puppet Enterprise 2016.1.2