On July 19, 2016 OpenSSL announced several vulnerabilities.
Previous versions of Puppet Enterprise shipped with a vulnerable version of Java. Puppet Enterprise 2016.2.1 and Puppet Enterprise 3.8.6 ship with updated versions of java to address these vulnerabilities.
For more information refer to the Oracle Java security announcement (http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA).
Affected Software Versions: