Stomp June 2016 Security Fixes

  • Posted August 9, 2016

  • Assessed Risk Level: Low

On June 23, 2016 Stomp gem announced a vulnerability.

Previous versions of Puppet Enterprise shipped with a vulnerable version of the stomp gem. Puppet Enterprise 2016.2.1 includes an updated version.

For more information on this vulnerability, refer to the Stomp gem release notes (


Affected Software Versions:

  • Puppet Agent prior to 1.5.3
  • Puppet Enterprise prior to 2016.2.1

Resolved in:

  • Puppet Agent 1.5.3
  • Puppet Enterprise 2016.2.1
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.