On June 23, 2016 Stomp gem announced a vulnerability.
Previous versions of Puppet Enterprise shipped with a vulnerable version of the stomp gem. Puppet Enterprise 2016.2.1 includes an updated version.
For more information on this vulnerability, refer to the Stomp gem release notes (https://github.com/stompgem/stomp/blob/dev/CHANGELOG.md#141-20160623).
Affected Software Versions: