Puppet Platform 6.25.1 is now available

Skip to first unread message

Puppet Product Updates

Nov 9, 2021, 5:47:22 PM11/9/21
to puppet-...@googlegroups.com, Puppet Developers, Puppet Users, puppet-secur...@googlegroups.com

The next release in the Puppet 6 series, Puppet 6.25.1, is now available!


The release contains enhancements and vulnerability fixes, including:

  • Faster iterative functions, including reduce and merge.

  • CVE-2021-27023 - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

  • CVE-2021-27025 - A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first `pluginsync`.

    • Note that if you upgrade agents to Puppet 6.25.1, you must first upgrade PuppetDB to 6.19.1, otherwise catalog storage does not work.

For the full list of changes, check out the release notes: https://puppet.com/docs/puppet/6/release_notes_osp.html
Reply all
Reply to author
0 new messages