Security and vulnerability announcements

This page contains information about security fixes from both Puppet and third-party software vendors used in Puppet products. For information about our security policies and instructions on how to report findings, refer to the vulnerability submission process.

Internal security announcements

Third-party security announcements

  • Ruby March 2020 Security Fixes
    Resolved in:
    Puppet Agent 5.5.20
    Puppet Agent 6.15.0
    Puppet Enterprise 2018.1.15
    Puppet Enterprise 2019.7.0
    Bolt 2.5.0
  • Rack January 2020 Security Fixes
    Resolved in:
    Puppet Enterprise 2019.3.0
    Puppet Enterprise 2019.1.4
    Puppet Enterprise 2018.1.11
    • OpenSSL December 2019 Security Fixes
      Resolved in:
    • Puppet Agent 5.5.18
    • Puppet Agent 6.4.5
    • Puppet Agent 6.12.0
    • Puppet Enterprise 2018.1.12
    • Puppet Enterprise 2019.1.4
    • Puppet Enterprise 2019.3.0
    • PE Client Tools 18.1.13
    • PE Client Tools 19.1.6
    • PE Client Tools 19.3.0
    • Bolt 1.45.0
    • PDK 1.15.0
    • Ruby October 2019 Security Fixes
      Resolved in:
      Puppet Enterprise 2019.1.3
      Puppet Enterprise 2018.1.11
      Puppet Agent 5.5.17
      Puppet Agent 6.4.4
      Bolt 1.32.0
      PDK 1.14.0.0
    • curl May 2019 Security Fixes
      Resolved in:
      Puppet Agent 5.5.16
      Puppet Agent 6.0.10
      Puppet Agent 6.4.3
      Puppet Enterprise 2019.1.1
      Puppet Enterprise 2019.0.4
      Puppet Enterprise 2018.1.9
    • Rubygems March 2019 Security Fixes
      Resolved in:
      Puppet Agent 5.5.14
      Puppet Agent 6.0.9
      Puppet Agent 6.4.2
      PDK 1.10.0.0
      Puppet Enterprise 2019.0.3
      Puppet Enterprise 2018.1.8
    • Ruby April 2018 Security Fixes
      Resolved in:
      Puppet Agent 1.10.12
      Puppet Agent 5.3.6
      Puppet Agent 5.5.1
      PDK 1.5.0
      Puppet Enterprise 2016.4.11
      Puppet Enterprise 2017.3.6
      Puppet Enterprise 2018.1.0
    • Curl March 2018 Security Fixes
      Resolved in:
      Puppet Agent 1.10.12
      Puppet Agent 5.3.6
      Puppet Enterprise 2016.4.11
      Puppet Enterprise 2017.3.6
      Puppet Enterprise 2018.1.0
    Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.