Puppet Labs Security

Introduction

Puppet Labs takes the security of its products very seriously. We respond to security issues and concerns promptly and when necessary release new versions of the product to address vulnerabilities or security issues in our products.

Security Policy

Puppet Labs supports responsible disclosure of security vulnerabilities.

Puppet Labs is happy to fully disclose all details of a security vulnerability but in the interests of responsible disclosure we do ask security researchers and other stakeholders to allow us sufficient time to patch the vulnerability before publishing the details.

We believe in crediting security researchers based on the value of the contributions provided. Our security team reviews each disclosure and assigns a scored value based on the relevance of the disclosure. These scores are calculated quarterly and the top individuals are publicly credited on our website. Additional credit will be awarded to those that provide code fixes or additional information about how to fix the disclosure.

Security Reporting Process

If you have identified an issue then please send an email to the Security mailbox with the details. If you wish to contact us via phone to report a security issue please call 1-877-575-9775.

Subscribing to Security Announcements

All Puppet Labs security announcements are sent to the puppet-announce mailing list. If you wish to be informed as security updates are released, please subscribe to this list.

Security Disclosures