Oracle Java April 2016 Security Fixes

  • Posted May 4, 2016

  • Assessed Risk Level: Medium

On April 19, 2016 Oracle announced several vulnerabilities in Java.

Puppet Enterprise 3.8.x, 2015.3.x and 2016.1.x ship with a vulnerable version of Java. Puppet Enterprise 3.8.5 and 2016.1.2 include updates to address the security announcement.

For more information about these vulnerabilities, please refer to the Oracle security announcement (http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixJAVA).


Affected Software Versions:

  • Puppet Enterprise 3.8.x prior to 3.8.5
  • Puppet Enterprise 2015.3.x
  • Puppet Enterprise 2016.1.x prior to 2016.1.2

Resolved in:

  • Puppet Enterprise 3.8.5
  • Puppet Enterprise 2016.1.2