Puppet Support

Search

Welcome to Puppet Support

Puppet response to recent Log4j vulnerabilities FAQ

CVE-2021-44228 is a remote code execution (RCE) vulnerability in the Log4j logging library, a third-party component used in Continuous Delivery for Puppet Enterprise and used by a component in Puppet Comply. Malicious actors who can cause a malicious string to be logged can exploit this vulnerability. Details are here.

Read the blog post Find and mitigate Log4j vulnerabilities with Puppet Enterprise to learn to manage and orchestrate scanning your filesystem for vulnerable JAR files by using Google's Log4jscanner with a Puppet module.

Puppet Enterprise 2021.4.0 and 2019.8.9 are now available

As a Support customer, you can download Puppet Enterprise 2021.4.0 using the following links. You can download PE 2019.8.9, our latest long term release, from the previous releases page.

Categories

Browse our knowledge content

Most popular articles