The following information has been provided by the puppet announce mailing list.
Dear Puppet Enterprise Users,
Puppet Enterprise 2016.4.7 and 2017.2.3 are now available.
These are security and bugfix releases of Puppet Enterprise. All users of Puppet Enterprise 2016.4.x and 2017.2.x are encouraged to upgrade when possible to Puppet Enterprise 2016.4.7 and 2017.2.3, respectively.
These releases include fixes to address security vulnerabilities in Java and nginx, as well as a number of other bugfixes and improvements.
For information on the bug fixes in these releases, see https://docs.puppet.com/pe/
2016.4/release_notes.html and https://docs.puppet.com/pe/ 2017.2/release_notes.html.
As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is required to upgrade your master, puppetdb, and console servers first.
As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Support.