PE 2025.1

On this page:

Released February 2025

Puppet Enterprise (PE) 2025 is our new leading-edge PE release stream (also referred to as STS).

For important information about upgrading to 2025, see Upgrading Puppet Enterprise.

If you're on the LTS stream (2023.8), you'll find release notes and other information for that series in the 2023.8 documentation.

Customers on 2021.7.z, which is EOL, are encouraged to upgrade to 2023.8.z.

To access End-of-Life (EOL) dates and maintenance information, see PE End-of-Life (EOL).

To access the release notes for the Puppet^® platform, including Puppet agent, Puppet Server, Facter, and PuppetDB, see Platform release notes.

New features

Standard patching: Delete maintenance and blackout windows in the PE console and the API

In PE 2025.1.0, users can now delete maintenance and blackout windows in the PE console and via the API which includes a new set of API endpoints.

Standard patching: View and copy the License ID in the PE console

In PE 2025.1.0 and PE 2023.8.2, users can view and copy the License ID in the PE console if it is present in their license.

Advanced Patching: Identify valid characters for patch group names with a tool tip

In PE 2025.1.0, a tool tip is added to the PE console to help users to identify what characters are valid for patch group names.

Additional option to rerun tasks on a set of nodes for which a previous execution was successful

In PE 2025.1.0, after running a task on a set of nodes, an additional option to run the task again on Succeeded nodes is available.

Advanced Patching: Patch group IDs added to maintenance and blackout windows payload

In 2025.1.0, in the PE console, users can view patch group IDs for maintenance and blackout window lists if permissions exist.

Platform support

Agent platforms added

This release adds support for the primary server on the following operating system platforms:

Ubuntu 24.04 x86_64

Enhancement

PE console classifier performance improvement

In PE 2025.1.0 and PE 2023.8.2, the PE console classifier has been updated in order to improve performance when resolving nodes for a node group in the PE console.

Resolved issues

Puppet certificate automatic renewal now refreshes all infrastructure services

In 2023.8.0 and 2025.0.0, when the agent automatically renewed a certificate on a PE infrastructure node (primary, replica, compiler, or database), only some of the PE server services were signaled to take up the changed certificate causing infrastructure outages. This issue has been fixed in PE 2023.8.2 and PE 2025.1.0.

Standard patching: After nodes are removed from patch groups, pe_patch remains but is mainly populated with blanks

Previously, nodes which were removed from patch groups reported populated pe_patch fact after their removal. In PE 2025.1.0, pe_patch fact remains but is mainly populated with blanks.

Advanced Patching: PE no longer reports the Advanced Patching enablement workflow as completed before it is fully enabled

In PE 2025.0, before the Advanced Patching enablement workflow completed, the system reported it as being ready for use despite it not being fully enabled. In PE 2025.1, this issue has been fixed.

Advanced Patching: Patch job creation schema fixed

In PE 2025.0.0, the patch job creation schema incorrectly used ‘yum_parameters’ rather than ‘yum_params’. This has been fixed in 2025.1.0.

Puppet code status command no longer fails to run

In PE 2021.7.8-2021.7.9, PE 2023.7.0-2023.8.1, and PE 2025.0.0, Puppet code status command failed to run. This issue is fixed in PE 2021.7.10, 2023.8.2 and 2025.1.0.

Advanced Patching: Recreating a patch group no longer prevents the node group from being created

In PE 2025.0.0, if a user created a patch group, deleted that patch group, and created a new patch group with the same name, this resulted in a classification issue, preventing the node group from being created. This was only an issue if the user deleted a patch group and created a new one less than 30 minutes apart. This issue has been fixed in 2025.1.0.

Advanced Patching: Deleted job no longer continues to run after deletion

In PE 2025.0.0, when a patch job with a recurring schedule or a run time in the future was deleted, the scheduled job was not cleaned up correctly, and continued to attempt to run on its schedule. The runs failed, so no patching occurred. This issue has been fixed in PE 2025.1.0.

Advanced Patching: After a successful patching run, the Overview page no longer continues to show groups as needing patching

In PE 2025.0.0, for up to 30 minutes after a successful patching run had occurred, the Overview page and patch group listing continued to incorrectly show the group as needing patching. This issue has been fixed in PE 2025.1.0.

Clojure HTTP client timeout errors no longer omit critical request details

The Clojure HTTP client library, which Puppet Enterprise Java services uses, provides timeout settings to prevent long-running requests from stalling an entire service. Previously, the error message produced by these timeouts included no details as to which remote service was handling the request too slowly. This issue has been fixed in PE 2023.8.2 and 2025.1.0.

There is an increase in default logging of failed HTTP requests. If you prefer the previous behavior of less logging, you can add a logger in the appropriate service’s logback.xml for the com.puppetlabs.http.client.impl.JavaClient namespace:

<logger name="com.puppetlabs.http.client.impl.JavaClient" level="DEBUG"/>

Security fixes

Addressed the following CVEs:

CVE-2025-1094
CVE-2025-0306