Puppet 8.6.0

Released April 2024.

GitHub Releases

More details about what has changed in this release are available on GitHub. Visit the following links for more information:

Facter

Puppet

Puppet Agent

Puppet Runtime

Enhancements

Option to disable catalog messages

Added a boolean Puppet setting to disable "notice" level messages specifying which server the agent requests a catalog from and which server actually handles the request. Catalog messages are enabled by default. PUP-12023

package: pacman provider: Add purgeable feature

Added an option to the pacman provider to purge config files. This feature was contributed by community member bastelfreak.

Update core modules

Updated all core modules. In particular, this update includes:

  • Removal of concurrent-ruby as a dependency
  • Support for Amazon Linux

Resolved issues

Non-literal class parameter types need to be deprecated.

Previously, non-literal class parameters caused errors due to the different default values of the strict setting. puppet parser validate also returned non-zero exit codes. Now the issue is a language deprecation, so a warning is generated and puppet parser validate returns 0. All language deprecation warnings can be disabled by setting disable_warnings=deprecations in the main section of puppet.conf. PUP-12026

Package provider "pip" not fully functional with network urls on Ubuntu 22.04.

Puppet's pip package provider now supports installing python modules via network URLs, e.g. source => 'git+https://github.com/<org>/<repo>.git'. Fix contributed by community member smokris. PUP-12027

Provider dnfmodule prompts user to trust gpg key when performing module list.

Added assumeyes option to dnf module list. Fix contributed by community member loopiv.

Puppet resource returns zero if it fails to make changes

Added new --fail command line flag for Puppet resource.

Remove Accept-Encoding header on redirect

Previously, Puppet copied all request headers in an HTTP redirect, including Accept-Encoding. In some cases when HTTP compression was enabled, the response failed to decompress, then failed to parse and triggered a vague error. This change strips the Accept-Encoding headers on redirect, allowing Ruby's built-in Net::HTTP to both compress and decompress the traffic.

Accept UnaryMinusExpression as class parameter type

Previously, class parameters of the form Integer[-1] $param failed compilation, because the value -1 was lexed as a UnaryMinusExpression containing a LiteralInteger. And since the LiteralEvaluator didn't implement theliteral_UnaryMinusExpression method, the visitor called literal_XXX for each ancestor class, until reaching literal_Object, which always raises.

This adds the literal_UnaryMinusExpression method and returns -1 times the expression it wraps.

If strict is off, the issue is ignored. If strict is warning, a warning is reported, but compilation continues. If strict is error, compilation fails.

Security

Upgrade OpenSSL

Upgraded openssl to version 3.0.13 to address the following CVEs: CVE-2023-5678; CVE-2023-6129; CVE-2023-6237; CVE-2024-0727. PA-6131

Vulnerabilities in curl

Backported patches for CVE-2024-2004 and CVE-2024-2398 in curl 7.88.1. PA-6291

New Digicert code-signing cert

Windows MSI are now signed with a new certificate, valid until March 2027. The Issuing CA is "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1".