Puppet 8.10.0

Released October 2024.

In this release, support is added for Debian 12 (Bookworm) amd64 on Puppet Server and PuppetDB. Several Puppet issues are addressed, and updates are implemented to help prevent security vulnerabilities.

GitHub releases

Additional details about release updates are available on GitHub. For more information, go to the following sites:

• Facter
• Puppet
• Puppet agent
• Puppet runtime

Security

Upgrade Curl in agent-runtime

Curl is upgraded to version 8.10.1 to address CVE-2024-8096.

PA-6962

Update libxml2

Puppet Agent's vendored libxml2 is upgraded to version 2.13.4 to address the following vulnerabilities: CVE-2024-25062, CVE-2024-34459, and CVE-2024-40896.

PA-6973

Update OpenSSL

OpenSSL is updated to address CVE-2024-6119.

PA-6959

Resolved issues

Fixed issue with splay limits and added logging.

An issue was corrected to ensure that any splay setting updates in the Puppet configuration file (puppet.conf) are applied to daemonized Puppet runs. Logging for splay has also now been added at the info.level.

PUP-12061

Increased default soft limit for the total number of facts.

The default value of the number_of_facts_soft_limit setting is increased from 2048 to 10240, to address an issue where warnings were displayed after installing Puppet Enterprise with default configuration.

PUP-12071

Set default service provider for Raspbian.

SystemD is now the default service provider for Raspbian. This resolves an issue where incorrect default providers were identified when running Puppet Agent on Raspberry Pi. Community member @jaevans reported this issue and submitted a fix.

PUP-11949

Contributors

The Puppet team appreciates all Puppet Community members who contributed content to the October 2024 releases.