Overview

  • Posted May 4, 2016

  • Assessed Risk Level: Low

On February 29, 2016 Rails announced several vulnerabilities.

Puppet Enterprise 3.8.x prior to 3.8.5 ships with a vulnerable version of rails. Default configurations of Puppet Enterprise are not affected by these vulnerabilities. Puppet Enterprise 3.8.5 contains updated packages

For more information about these vulnerabilities, please refer to the Rails security announcement (http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/).

Status:

Affected Software Versions:

  • Puppet Enterprise 3.8.x prior to 3.8.5

Resolved in:

  • Puppet Enterprise 3.8.5