On January 29, 2016 NGINX several vulnerabilities.
Puppet Enterprise 2015.3.x and 2016.1.x ship with a vulnerable version of NGINX. Default configurations of Puppet Enterprise are not affected by this vulnerability. Puppet Enterprise 2016.1.2 includes updates to address the security announcement.
For more information about these vulnerabilities, please refer to the NGINX security announcement (http://nginx.org/en/CHANGES-1.8).
Affected Software Versions: