Puppet Core 8.16.0 Release Announcement
10 views
Skip to first unread message
Puppet Product Updates
Nov 19, 2025, 8:49:11 AM (7 days ago) Nov 19
to Internal - Puppet Product Updates, Puppet Announce
We’re excited to announce the release of Puppet Core 8.16.0, available as of 18th November 2025. This update focuses on strengthening the security and reliability of Puppet Core by addressing several upstream vulnerabilities through updated components
and patched libraries.
Delivering secure-hardened Puppet Core binaries remains a top priority for us, and this release delivers important fixes that help ensure Puppet Core users stay protected and up to date.
Security Enhancements
Updated Thor Gem
The Thor gem has been updated to version 1.4.0 to resolve CVE-2025-54314.
The Thor gem has been updated to version 1.4.0 to resolve CVE-2025-54314.
Updated curl
Curl has been upgraded to version 8.16.0, addressing CVE-2025-9086 and CVE-2025-10148.
Curl has been upgraded to version 8.16.0, addressing CVE-2025-9086 and CVE-2025-10148.
Updated REXML Gem
The REXML gem is now updated to version 3.4.2, fixing CVE-2025-58767.
The REXML gem is now updated to version 3.4.2, fixing CVE-2025-58767.
Updated OpenSSL
OpenSSL has been updated to version 3.0.18 to address CVE-2025-9230 and CVE-2025-9232.
OpenSSL has been updated to version 3.0.18 to address CVE-2025-9230 and CVE-2025-9232.
Patched URI Gem
The URI gem included with the Puppet agent has been patched to resolve CVE-2025-61594.
The URI gem included with the Puppet agent has been patched to resolve CVE-2025-61594.
Thanks,
The Puppet Core Team.
This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.
Reply all
Reply to author
Forward
0 new messages