Overview

NGINX January 2016 Security Fixes

  • Posted May 4, 2016

  • Assessed Risk Level: Low

On January 29, 2016 NGINX several vulnerabilities.

Puppet Enterprise 2015.3.x and 2016.1.x ship with a vulnerable version of NGINX. Default configurations of Puppet Enterprise are not affected by this vulnerability. Puppet Enterprise 2016.1.2 includes updates to address the security announcement.

For more information about these vulnerabilities, please refer to the NGINX security announcement (http://nginx.org/en/CHANGES-1.8).

Status:

Affected Software Versions:

  • Puppet Enterprise 2015.3.x
  • Puppet Enterprise 2016.1.x prior to 2016.1.2

Resolved in:

  • Puppet Enterprise 2016.1.2