Release Announcement: Continuous Delivery 5.14.0 and 4.39.0

[Puppet Product Updates]

Continuous Delivery versions 5.14.0 and 4.39.0 are available!

Important reminder: Continuous Delivery 4.x reaches its end‑of‑life on February 5, 2026. Upgrade to CD 5.x to ensure continued support, security updates, and feature enhancements. For full details and information about migrating to CD version 5.x, see End-of-life announcement: Continuous Delivery version 4.x.

Highlights in CD 5.14.0
In addition to important fixes and security updates, version 5.14.0 provides Puppet Enterprise (PE) and PE Advanced customers with improvements across usability, security, and platform reliability.

Enhancements

• Improved in‑app error messaging to more clearly communicate CORS and other browser‑level errors, making configuration issues easier to diagnose.

• Strengthened password validation for users creating or updating accounts. Passwords must now be at least 12 characters and include uppercase, lowercase, numeric, and special characters.

• Updated puppet‑dev‑tools image to include PDK 3.6.1, which requires compatibility with Puppet 8 and Ruby 3.x. Continued support for Puppet 7 and Ruby 2.7 via: gcr.io/platform-services-297419/puppet-dev-tools:puppet7 (includes PDK 3.4.1).
  
  

Fixes

• Impact Analysis:

• Fixed issue where resource changes were incorrectly reported for certain data types.
• Impact Analysis now correctly validates oversized titles and returns clear error messaging.
• Corrected pipeline status links sent to version‑control providers.
• Azure DevOps Server integration fix for truncated host URLs that previously broke repository links.

Security updates
This release includes fixes for the following vulnerabilities: CVE‑2026‑21452, CVE‑2025‑68161, CVE‑2024‑49761, CVE‑2025‑68973, CVE‑2025‑6020, and CVE‑2025‑13465

Learn more:
5.14.0 release notes.

CD 4.39.0

Enhancements

Updated puppet‑dev‑tools image to include PDK 3.6.1, aligning CD pipelines with Puppet 8 and Ruby 3.x requirements. Continued Puppet 7 support available via the puppet7 image (PDK 3.4.1).

Fixes

Impact Analysis:

• Fixed issue where resource changes were incorrectly reported for certain data types.
• Impact Analysis now correctly validates oversized titles and returns clear error messaging.

Security updates
This version includes fixes for the following vulnerabilities: CVE‑2026‑21452, CVE‑2025‑68161, CVE‑2025‑68973, CVE‑2025‑6020, and CVE‑2025‑13465.

Learn more:
4.39.0 release notes.

This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.