Puppet Core v8.17.0 is Now Available!

[Puppet Product Updates]

Puppet Core v8.17.0 is Now Available!

We’re excited to announce the release of Puppet Core v8.17.0! This update delivers important security enhancements and dependency upgrades to help keep your infrastructure protected and up to date.

This release focuses primarily on strengthening core Puppet components by addressing multiple security vulnerabilities and streamlining internal dependencies.

Security Updates

Updated curl (8.18.0)

We’ve upgraded curl to 8.18.0 to address the following CVEs:

• CVE-2025-11563
• CVE-2025-10966
• CVE-2025-13034
• CVE-2025-14017
• CVE-2025-14524
• CVE-2025-14819
• CVE-2025-15079
• CVE-2025-15224

Updated Ruby (3.2.10)

Ruby has been updated to 3.2.10 to remediate:

• CVE-2025-61594
• CVE-2025-58767

Updated OpenSSL (3.0.19)

OpenSSL has been upgraded to 3.0.19 to address:

• CVE-2025-15467
• CVE-2025-68160
• CVE-2025-69418
• CVE-2025-69419
• CVE-2025-69420
• CVE-2025-69421
• CVE-2026-22795
• CVE-2026-22796

Deprecations and Removals

• Ruby API Removed from Leatherman: The Ruby API has been removed from leatherman as part of ongoing efforts to streamline and modernize internal components.
• Brotli and zstd Removed in Agent curl Builds: Support for brotli and zstd has been removed from agent curl builds.

Upgrade Today

Puppet Core v8.17.0 is a security-focused release designed to keep your infrastructure protected with the latest dependency updates. We strongly recommend upgrading to take advantage of these improvements.

For further details, please refer to the v8.17.0 release notes.

The Puppet Core Team

This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.