Stomp Gem June 2016 Security Fixes
Posted August 9, 2016
Assessed Risk Level: Low
On June 23, 2016 Stomp gem announced a vulnerability.
Previous versions of Puppet Enterprise shipped with a vulnerable version of the stomp gem. Puppet Enterprise 2016.2.1 includes an updated version.
For more information on this vulnerability, refer to the Stomp gem release notes (https://github.com/stompgem/stomp/blob/dev/CHANGELOG.md#141-20160623).
Affected Software Versions:
- Puppet Agent prior to 1.5.3
- Puppet Enterprise prior to 2016.2.1
- Puppet Agent 1.5.3
- Puppet Enterprise 2016.2.1