Overview

Rails January 2016 Security Fixes

  • Posted February 3, 2016

  • Assessed Risk Level: Medium

On January 25, 2016, the Ruby on Rails project announced several security vulnerabilities in Rails.

Puppet Enterprise versions prior to 3.8.4 contained vulnerable versions of Rails. Puppet Enterprise 3.8.4 contains an updated version of Rails that has patched the vulnerabilities.

For more information about the vulnerabilities, please refer to the Ruby on Rails security announcement.

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x

Resolved in:

  • Puppet Enterprise 3.8.4