Overview

Ruby on Rails Project June 2015 Security Fixes

  • Posted August 6, 2015

  • Assessed Risk Level: Medium

On June 16th, the Ruby on Rails project announced several security vulnerabilities in Rails and Rack.

Puppet Enterprise versions prior to 3.8.2 contained vulnerable versions of Rails and Rack. Puppet Enterprise 3.8.2 contains updated Rack and Rails that have patched the vulnerabilities.

For more information about the vulnerabilities, please refer to the Ruby on Rails security announcement .

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x

Resolved in:

  • Puppet Enterprise 3.8.2