The next release in the Puppet 6 series, Puppet 6.25.1, is now available!
The release contains enhancements and vulnerability fixes, including:
Faster iterative functions, including reduce and merge.
CVE-2021-27023 - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.
CVE-2021-27025 - A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first `pluginsync`.
Note that if you upgrade agents to Puppet 6.25.1, you must first upgrade PuppetDB to 6.19.1, otherwise catalog storage does not work.