Ruby on Rails Project June 2015 Security Fixes
Posted August 6, 2015
Assessed Risk Level: Medium
On June 16th, the Ruby on Rails project announced several security vulnerabilities in Rails and Rack.
Puppet Enterprise versions prior to 3.8.2 contained vulnerable versions of Rails and Rack. Puppet Enterprise 3.8.2 contains updated Rack and Rails that have patched the vulnerabilities.
For more information about the vulnerabilities, please refer to the Ruby on Rails security announcement .
Affected Software Versions:
- Puppet Enterprise 3.x
- Puppet Enterprise 3.8.2