Rails February 2016 Security Fixes

  • Posted May 4, 2016

  • Assessed Risk Level: Low

On February 29, 2016 Rails announced several vulnerabilities.

Puppet Enterprise 3.8.x prior to 3.8.5 ships with a vulnerable version of rails. Default configurations of Puppet Enterprise are not affected by these vulnerabilities. Puppet Enterprise 3.8.5 contains updated packages

For more information about these vulnerabilities, please refer to the Rails security announcement (http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/).

Status:

Affected Software Versions:

  • Puppet Enterprise 3.8.x prior to 3.8.5

Resolved in:

  • Puppet Enterprise 3.8.5
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.