The latest patch release for the current Long Term Support (LTS) version of Puppet Enterprise, 2019.8.9, is now available!
This is a backward-compatible release that contains enhancements and bug fixes, including:
TLS v1.3 is enabled by default. PE is now compatible with TLSv1.2 and TLSv1.3 by default for both FIPS and non-FIPS installations. To update your protocol or ciphers, review the Configuring security settings docs. For a list of compatible ciphers, see the Ciphers reference.
Agent support for:
Ubuntu 18.04 aarch64
Debian 11 (Bullseye) amd64
Red Hat Enterprise Linux 8 FIPS x86_64
AlmaLinux x86_64 for Enterprise Linux 8
Rocky Linux x86_64 for Enterprise Linux 8
Primary PE server support added for:
Rocky Linux 8
And so much more! Check out the full list of changes below.
For the full list of changes, check out the release notes: https://puppet.com/docs/pe/2019.8/release_notes_pe_index.html
Resolved in this release:
CVE-2021-27023: A flaw was discovered in Puppet agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007.
CVE-2021-27025: A flaw was discovered in Puppet agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first ‘pluginsync’.
CVE-2021-27026: A flaw was discovered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged.
Important note: If you are using Continuous Delivery for PE, upgrade to CD4PE 4.8.2 prior to upgrading to Puppet Enterprise 2019.8.9. We resolved a PuppetDB issue causing the generation of new fact charts on the Nodes page to fail.
Download PE 2019.8.9 here: https://puppet.com/misc/pe-files/previous-releases/
As a current Puppet Enterprise user, you can update to this new version as part of your annual subscription. When updating, you must update infrastructure components first and then update agents. For detailed instructions, see the documentation.