Rails January 2016 Security Fixes
Posted February 3, 2016
Assessed Risk Level: Medium
On January 25, 2016, the Ruby on Rails project announced several security vulnerabilities in Rails.
Puppet Enterprise versions prior to 3.8.4 contained vulnerable versions of Rails. Puppet Enterprise 3.8.4 contains an updated version of Rails that has patched the vulnerabilities.
For more information about the vulnerabilities, please refer to the Ruby on Rails security announcement.
Affected Software Versions:
- Puppet Enterprise 3.x
- Puppet Enterprise 3.8.4