PE 2023.8.4

Released June 2025

Puppet Enterprise (PE) 2023 is our current PE LTS release stream. The previous LTS, PE 2021.7, is in overlap support until 28th February, 2025.

To access the End-of-Life (EOL) date and other maintenance information for PE 2023.8, see PE 2023.8 End-of-Life (EOL).
For important information about upgrading to 2023, see Upgrading Puppet Enterprise.
If you're on the LTS stream (2021.7), you'll find release notes and other information for that series in the 2021.7 documentation.
Customers on 2019.8.z are encouraged to upgrade to either 2021.7 or 2023.

To access the release notes for the Puppet^® platform, including Puppet agent, Puppet Server, Facter, and PuppetDB, see Platform release notes.

Platform support

Agent platforms added

This release adds support for the Puppet agent on the following operating system platforms:

macOS 15 x86_64

Resolved issues

Puppet CA API requests no longer occurring with empty query parameters

In previous versions of Puppet Enterprise, a question mark was appended in requests to the Puppet CA even when there were no query params present. While harmless, this could cause log analysis confusion. This has been fixed in 2025.4.0 and 2023.8.4.

Re-enabled Host Action Collector load issue fixed

In PE 2023.8.0-2023.8.3 and 2025.0.0-2025.3.0, for customers with large numbers of nodes, when the Host Action Collector is offline for a period of time and unable to process events and then enabled, a large number of events are processed and associated replicas may be unable to keep up with the load.

In PE 2025.4.0 and 2023.8.4, this issue has been addressed with the following fixes:

Locking was added to ensure that delete operations are successful when removing data from the database.
An index was added to help improve performance of certain lookups.
An internal routine was modified to be time-boxed rather than restricted to a specific number of interactions.
Some output was lowered to a debug level of output to help reduce log noise.

Lockless plans no longer fail to generate version folders

In PE 2023.8.0-2023.8.3 and 2025.0.0-2025.3.0, lockless plans failed to generate version folders. This issue has been fixed in PE 2025.4.0 and 2023.8.4.

In PE 2023.8.4 and 2025.4.0, code deployment no longer fails from AzureDevOps with an Unable to exchange encryption keys error when using SSH

In PE-2021.7.9, 2023.8.0-2023.8.3 and 2025.0.0-2025.3.0, deploying code via r10k or Code Manager from Azure DevOps (ADO) with a rsa-sha2 key fails with an Unable to exchange encryption key error. This issue has been fixed in 2023.8.4 and 2025.4.0.

Security fixes

Addressed the following CVEs:

CVE-2025-48734
CVE-2025-5459
CVE-2025-49007
CVE-2025-46727
CVE-2025-43857
CVE-2024-11053
CVE-2024-39684
CVE-2024-38517