Puppet Core 8.15.0

Released September 2025. This version of Puppet Core includes improved error messages, improvements to help prevent security vulnerabilities, and removes support for macOS 11 and 12 agents.

Enhancements

Improved error messages when binary data is found in the catalog

Puppet now reports when binary data is found in the catalog, indicating the manifest file and line number that caused the problem in an error message. If the issue is due to the file function, use the binary_file function instead. PUP-12092

Security

Removed libxslt, replaced nokogiri with libxml-ruby

Removed libxslt to address CVE-2025-7424 and CVE-2025-7425. On macOS, nokogiri was replaced with libxml-ruby to remove the libxslt dependency. If you require the nokogiri gem on macOS, install it separately. PA-7634, PA-7650

Patched the resolv gem

The resolv gem shipped with Puppet agent was patched to address CVE-2025-24294. Although the vulnerability was patched, the Ruby and resolv gem version numbers did not change. PA-7722

Evaluated CVEs

The Puppet team has determined that libxml2 v2.14.5 in Puppet Core 8.15.0 is not affected by CVE-2025-7425.

Resolved issues

SLES 15 glibc not found error fixed

Puppet Core 8.14.0 included a version of Ruby compiled against a glibc version available only on SLES 15 systems using service pack 6 and later. This caused glibc not found errors on systems running SLES 15 with earlier service packs. This was fixed by compiling Ruby against an older version of glibc. PA-7730

Deprecations and removals

Support was removed for macOS 11 and 12 agents

Support was removed for the following EOL OS versions. The following are no longer available as Puppet Core agents:

• macOS 11 Big Sur (x86_64)

• macOS 12 Monterey (x86_64 and ARM)

PA-6712