On August 6, the OpenSSL project announced several security vulnerabilities in OpenSSL. Puppet Enterprise 2.x and 3.x contained vulnerable versions of OpenSSL. Puppet Enterprise 2.8.8 and 3.3.2 contain updated versions of OpenSSL that have patched the vulnerabilities.
For more information about the OpenSSL vulnerabilities, refer to the OpenSSL security announcement.
- Resolved in Puppet Enterprise 2.8.8, 3.3.2