The next release in the Puppet 7 series, Puppet 7.12.1, is now available!
The release contains vulnerability fixes, including:
CVE-2021-27023 - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.
CVE-2021-27025 - A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first `pluginsync`.
Note that if you upgrade agents to Puppet 7.12.1, you must first upgrade PuppetDB to 7.7.1, otherwise catalog storage does not work.
For the full list of changes, check out the release notes: https://puppet.com/docs/puppet/latest/release_notes_osp.html