Here are all the things going out in Puppet Server 6.17.0 (most of these shipped in Puppet Server 7.4.0 and are now being released in our LTS stream): The time to retrieve a list of pending CSRs from the certificate_statuses endpoint no longer slows proportionally to the number of CSRs and signed certificates. Attempting to revoke an already revoked certificate is now a no-op and will not add a new entry to the CRL. The v4 catalog endpoint now supports arbitrary fact termini. Bolt task file endpoints now respect the special scripts directory within a project. AST compilation now has more robust environment support. The CA subcommand of the puppetserver cli tool now has a "purge" action to clean duplicate CRL entries. The CA subcommand of the puppetserver cli tool's "generate" action has a "–force" flag to allow generation even when safety checks have failed. TLS v1.3 is now enabled by default. Dependency bumps improve behavior on FIPS, resolve warnings in Java 9+, and update Jetty to v9.4.43. Of those, I would put three call outs (all previously released in 7.x): TLS v1.3 is enabled by default The CA no longer produces duplicate CRL entries when revoking already revoked certificates. The CA command line tool can purge duplicates from existing CRLs. |