Docs Puppet Enterprise Release notes PE release notes

PE release notes

Sections

PE 2025.2.0

New features
Enhancements
Platform support
Resolved issues

PE 2025.1.0

New features
Platform support
Enhancements
Resolved issues

PE 2025.0.0

New features
Platform support
Resolved issues

ExpandCollapse

These are the enhancements and resolved issues in this version of Puppet Enterprise (PE).

For security and vulnerability announcements, see Security: Puppet's Vulnerability Submission Process.

PE 2025.2.0

Released March 2025

Important: PE 2025 is our new leading-edge PE release stream (also referred to as STS).

For important information about upgrading to 2025, see Upgrading Puppet Enterprise.
If you're on 2023.8 (LTS), you'll find release notes and other information for that series in the 2023.8 documentation.
Customers on 2021.7.z, which is EOL, are encouraged to upgrade to 2023.8.z.
To access End-of-Life (EOL) dates and maintenance information, see PE End-of-Life (EOL).

New features

Advanced Patching: Launch of Vulnerability Remediation feature

Starting in Puppet Enterprise™ (PE) 2025.2.0, the Advanced Patching service available with the Puppet Enterprise Advanced license includes vulnerability remediation capabilities on the PE console and API. When enabled, this feature allows you to use the PE console to display and remediate security vulnerabilities detected by your third-party security scanner. To access vulnerability remediation capabilities you must:

Purchase a PE Advanced license. For more information about the PE Advanced license, see  Getting a license.
Activate the Advanced Patching service in the PE console.
Deploy a vulnerability data transformer, see Integrate vulnerability data from a security scanner.

Advanced Patching: Support for dynamically updating patch groups

This feature includes several new endpoints:

GET /v1/patch-groups/{id}/nodes
This endpoint enables you to return an array of nodes that resolve to the patch group.
GET /v1/maintenance-windows/{id}
This endpoint enables you to fetch and display the details of a specific maintenance window using ID.
GET /v1/blackout-windows/{id}
This endpoint enables you to fetch and display the details of a specific blackout window using ID.

Advanced Patching: New optional rule key added to existing patch group endpoints

The create patch group endpoint has been modified to allow you to specify the rule field as an argument.
The listing endpoint for patch groups has been updated to optionally return the rules if you specify it in the group
The individual endpoint for patch groups has been updated to optionally return the rules if you specify it in the group.

Enhancements

Advanced Patching: maintenance and blackout windows details pages added to the PE console: This page enables you to view details about your maintenance and blackout windows.
Advanced Patching: Scheduled patch jobs details page added to the PE console: This page enables you to view details of a scheduled patch job. The content may vary based on the type of job, for example, system updates or vulnerabilities and/or the type of scheduling applied to the job.
Advanced Patching: Previously executed patch job details page added to the PE console: This page enables you to view the details of how a previous patching job executed.

Platform support

Agent platforms added

This release adds support for the Puppet agent on the following operating system platforms:

macOS 15 ARM
Fedora 41 x86_64
Microsoft Windows Server 2016 FIPS

Resolved issues

In the PE console, the run task review step masks sensitive parameters: In PE 2023.6-2023.8.2 and 2025.0.0-2025.1.0, the run task review step in the PE console did not mask sensitive parameters. This issue has been fixed in PE 2025.2.0.

It is now possible to set the LDAP ciphers and protocols in the RBAC LDAP APIs: In PE 2023.6.0-2023.8.2 and 2025.0.0-2025.1.0, it was not possible to set the LDAP ciphers and protocols in the RBAC LDAP APIs. In PE 2025.2.0, an addition has been made to allow custom sets of LDAP ciphers and protocols to be used for connecting your Puppet Enterprise RBAC to your LDAP server.

Console environment schema is less restrictive: In previous versions of Puppet Enterprise the Console’s schema for code environments was overly restrictive and in some cases, this resulted in tasks and plans not displaying. This has been fixed in 2025.2.0 and will be fixed in a subsequent LTS release.

Security fixes

Addressed the following CVEs:

CVE-2025-27610

PE 2025.1.0

Released February 2025

Important: PE 2025 is our new leading-edge PE release stream (also referred to as STS).

For important information about upgrading to 2025, see Upgrading Puppet Enterprise.
If you're on 2023.8 (LTS), you'll find release notes and other information for that series in the 2023.8 documentation.
Customers on 2021.7.z, which is EOL, are encouraged to upgrade to 2023.8.z.
To access End-of-Life (EOL) dates and maintenance information, see PE End-of-Life (EOL).

Note: To access the release notes for the Puppet® platform, including Puppet agent, Puppet Server, Facter, and PuppetDB, see Platform release notes.

New features

Standard patching: Delete maintenance and blackout windows in the PE console and the API: In PE 2025.1.0, users can now delete maintenance and blackout windows in the PE console and via the API which includes a new set of API endpoints.

Standard patching: View and copy the License ID in the PE console: In PE 2025.1.0 and PE 2023.8.2, users can view and copy the License ID in the PE console if it is present in their license.

Advanced Patching: Identify valid characters for patch group names with a tool tip: In PE 2025.1.0, a tool tip is added to the PE console to help users to identify what characters are valid for patch group names.

Additional option to rerun tasks on a set of nodes for which a previous execution was successful: In PE 2025.1.0, after running a task on a set of nodes, an additional option to run the task again on Succeeded nodes is available.
Advanced Patching: Patch group IDs added to maintenance and blackout windows payload: In 2025.1.0, in the PE console, users can view patch group IDs for maintenance and blackout window lists if permissions exist.

Platform support

Primary server platforms added

This release adds support for the primary server on the following operating system platforms:

Ubuntu 24.04 x86_64

Enhancements

PE console classifier performance improvement: In PE 2025.1.0 and PE 2023.8.2, the PE console classifier has been updated in order to improve performance when resolving nodes for a node group in the PE console.

Resolved issues

Standard patching: pe_patch fact no longer persists after nodes are removed from patch groups: Previously, nodes which were removed from patch groups reported the pe_patch fact after their removal. This issue has been fixed in PE 2025.1.0.

Advanced Patching: PE no longer reports the Advanced Patching enablement workflow as completed before it is fully enabled

In PE 2025.0, before the Advanced Patching enablement workflow completed, the system reported it as being ready for use despite it not being fully enabled. In PE 2025.1, this issue has been fixed.

Advanced Patching: Patch job creation schema fixed

In PE 2025.0.0, the patch job creation schema incorrectly used ‘yum_parameters’ rather than ‘yum_params’. This has been fixed in 2025.1.0.

Puppet code status command no longer fails to run

In PE 2021.7.8-2021.7.9, PE 2023.7.0-2023.8.1, and PE 2025.0.0, Puppet code status command failed to run. This issue is fixed in PE 2021.7.10, 2023.8.2 and 2025.1.0.

Advanced Patching: Recreating a patch group no longer prevents the node group from being created

In PE 2025.0.0, if a user created a patch group, deleted that patch group, and created a new patch group with the same name, this resulted in a classification issue, preventing the node group from being created. This was only an issue if the user deleted a patch group and created a new one less than 30 minutes apart. This issue has been fixed in 2025.1.0.

Advanced Patching: Deleted job no longer continues to run after deletion

In PE 2025.0.0, when a patch job with a recurring schedule or a run time in the future was deleted, the scheduled job was not cleaned up correctly, and continued to attempt to run on its schedule. The runs failed, so no patching occurred. This issue has been fixed in PE 2025.1.0.

Advanced Patching: After a successful patching run, the Overview page no longer continues to show groups as needing patching

In PE 2025.0.0, for up to 30 minutes after a successful patching run had occurred, the Overview page and patch group listing continued to incorrectly show the group as needing patching. This issue has been fixed in PE 2025.1.0.

Security fixes

Addressed the following CVEs:

CVE-2025-1094
CVE-2025-0306

PE 2025.0.0

Released December 2024

Important: PE 2025 is our new leading-edge PE release stream (also referred to as STS). For important information about upgrading to 2025, see Upgrading Puppet Enterprise.

If you're on the LTS stream (2023.8), you'll find release notes and other information for that series in the 2023.8 documentation.

Customers on 2019.8.z, which is EOL, are encouraged to upgrade to either 2021.7 or 2023.

Note: To access the release notes for the Puppet® platform, including Puppet agent, Puppet Server, Facter, and PuppetDB, see Platform release notes.

New features

Launch of Advanced Patching service

Starting in PE 2025.0.0, if you have the Puppet Enterprise Advanced license, you have access to advanced patching capabilities on the PE console and API. This feature allows users to:

Automate patching workflows to ensure a secure infrastructure.
Designate when operating systems are patched to ensure as little disruption as possible.
Group nodes to effectively patch updates.
Create patch groups.
Create and define schedules for patch jobs, maintenance windows and blackout windows.
Create permissions in RBAC (Role-based access control). This feature includes additional permissions to view, create and edit patching groups, patching maintenance windows, patching blackout windows, and patching jobs.
View patch management reports to monitor the patch status across IT infrastructure.

For more information about the Puppet Enterprise Advanced license, see Getting a license.

Platform support

Primary server platforms added

This release adds support for the primary server on the following operating system platforms:

Debian 12 (x86_64)

Resolved issues

The toggle_lockless_deploy plan configures the replica in disaster recovery architecture: In PE 2023.8.0 and PE 2021.7.9, the toggle_lockless_deploys plan did not properly switch over a replica in disaster recovery to have lockless deploys because doing so requires updating Hiera data. This is fixed in PE 2025.0.0 and users who have disaster recovery enabled and are toggling lockless deploys no longer need to update their pe.conf after running the plan.

The toggle_lockless_deploy plan runs some actions verbosely, and failures are no longer expected while polling for changes: In PE 2023.8.0 and PE 2021.7.9, the toggle_lockless_deploys plan ran some actions verbosely, and failures were expected while polling for changes. This has been resolved in PE 2025.0.0.

The toggle_lockless_deploy plan supports Ubuntu 18.04: In addition to Ubuntu 20.04 and 22.04, the toggle_lockless_deploys plan supports Ubuntu 18.04 in this release.

Was this page helpful?

We’re sorry to hear that!
Please tell us why so we can help. Enter your feedback and email. This form is sent to the Puppet docs team. We ask for your email as we might contact you regarding your feedback. If you need help with the product itself, visit Puppet Support or ask in Puppet Community on Slack. Feedback:

Email Address:

To learn about how Puppet uses your personal information, visit our privacy policy.

Please enter your feedback and contact email

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.