Stomp Gem June 2016 Security Fixes

  • Posted August 9, 2016

  • Assessed Risk Level: Low

On June 23, 2016 Stomp gem announced a vulnerability.

Previous versions of Puppet Enterprise shipped with a vulnerable version of the stomp gem. Puppet Enterprise 2016.2.1 includes an updated version.

For more information on this vulnerability, refer to the Stomp gem release notes (https://github.com/stompgem/stomp/blob/dev/CHANGELOG.md#141-20160623).


Affected Software Versions:

  • Puppet Agent prior to 1.5.3
  • Puppet Enterprise prior to 2016.2.1

Resolved in:

  • Puppet Agent 1.5.3
  • Puppet Enterprise 2016.2.1