On August 11, 2016, PostgreSQL announced several vulnerabilities
Previous versions of Puppet Enterprise shipped with a vulnerable version of PostgreSQL. Puppet Enterprise 2016.4.0 ships with an updated version of PostgreSQL. Default configurations of Puppet Enterprise are not vulnerable to these issues.
For more information about these vulnerabilities, please refer to the PostgreSQL security announcement (https://www.postgresql.org/docs/current/static/release-9-4-9.html)
Affected Software Versions: