PE 2023.8.7

Released December 2025

Puppet Enterprise^® (PE and PE Advanced) lifecycle update—Puppet is transitioning its Puppet Enterprise® software support offerings from the “Long Term Support” and “Short Term Support” model to the "Latest" and "Latest - 1" model.

Starting August 6, 2026, Puppet Enterprise^® will adopt a new software support model using the following nomenclature of “Latest” and “Latest - 1” that will accelerate product innovation and simplify the product lifecycle management.

What’s changing?

Under the new model:

“Latest” series: Receives full software support and maintenance (new features, fixes, security updates) for 12 months from the date of the latest major version release.
“Latest - 1” series: Receives limited software support and maintenance (security updates, defect fixes, and minor changes only) for an additional 12 months after being superseded by the “Latest” version of the Puppet Enterprise^® software.

The new model will replace the previous Long-Term Support (“LTS”) model, which offered up to twenty-four (24) months of limited software support and maintenance with limited feature delivery.

Impact on current release streams:

PE 2023.8.z series (LTS): This is the final series supported under the LTS support model. Maintenance releases will continue until August 2026, when the series reaches end of life (“EOL”). This timing coincides with the launch of the new software and support lifecycle model. Customers should begin planning upgrades to remain supported.
PE 2025.y series (Current “latest”): This series will continue receiving the latest updates until August 2026, when the next major PE version is released. At that point, 2025.y will transition to “Latest -1” and receive security updates, defect fixes, and minor changes only until its EOL in August 2027.

This change is designed to:

Deliver continuous access to new features
Improve security through more frequent updates and patches
Provide a predictable, simplified support timeline

Further documentation and upgrade guidance will be provided ahead of the August 2026 transition.

Puppet^® Continuous Delivery and Puppet Comply^® (also known as Puppet Security Compliance Management (“SCM”)) lifecycle updates:

For important information about the product lifecycle changes for Puppet^® Continuous Delivery and Puppet Comply^® /SCM, see:

Puppet Enterprise (PE) 2023 is our current PE LTS release stream. The previous LTS, PE 2021.7, is in overlap support until 28th February, 2025.

To access the End-of-Life (EOL) date and other maintenance information for PE 2023.8, see PE 2023.8 End-of-Life (EOL).
For important information about upgrading to 2023, see Upgrading Puppet Enterprise.
If you're on the LTS stream (2021.7), you'll find release notes and other information for that series in the 2021.7 documentation.
Customers on 2019.8.z are encouraged to upgrade to either 2021.7 or 2023.

To access the release notes for the Puppet^® platform, including Puppet agent, Puppet Server, Facter, and PuppetDB, see Platform release notes.

Platform support

Agent platforms added

This release adds support for the Puppet agent on the following operating system platforms:

Red Hat Enterprise Linux (RHEL) 10 ARM

Primary platforms added

Red Hat Enterprise Linux (RHEL) 10

Resolved issues

Backing up PE no longer fails when a file changes while reading it

In prior versions of PE, when creating a backup the process would fail if a file changed during backup. This issue has been fixed in PE 2023.8.7.

Security fixes

Addressed the following CVEs:

The following CVE was fixed in PE:

CVE-2025-12183
CVE-2025-9230
CVE-2025-9232
CVE-2025-9086
CVE-2025-10148
CVE-2025-61594
CVE-2025-54314

The following CVE was fixed in PE’s rubygem-REXML:

CVE-2025-58767 (affected version: REXML 3.3.x.)

The following CVEs were fixed in the agent:

CVE-2025-61770
CVE-2025-61771
CVE-2025-61772

The following CVEs were fixed in the PE Bolt server:

The following CVE was identified in 2023.x and 2025.x but does not affect PE:

CVE-2025-4949