Puppet response to recent Log4j vulnerabilities FAQ

CVE-2021-44228 is a remote code execution (RCE) vulnerability in the Log4j logging library, a third-party component used in Continuous Delivery for Puppet Enterprise and used by a component in Puppet Comply. Malicious actors who can cause a malicious string to be logged can exploit this vulnerability. Details are here.

Read the blog post Find and mitigate Log4j vulnerabilities with Puppet Enterprise to learn to manage and orchestrate scanning your filesystem for vulnerable JAR files by using Google's Log4jscanner with a Puppet module.

Puppet Enterprise 2021.4.0 and 2019.8.9 are now available

As a Support customer, you can download Puppet Enterprise 2021.4.0 using the following links. You can download PE 2019.8.9, our latest long term release, from the previous releases page.

• Download the latest primary server and agent packages
• Learn more about 2021.4.0
• Learn more about 2019.8.9
• Free resources and webinars focused on upgrading to 2019.8
• Download earlier versions from the previous releases page