This page lists the changes in Puppet 4.7 and its patch releases.
Puppet’s version numbers use the format X.Y.Z, where:
- X must increase for major backwards-incompatible changes
- Y can increase for backwards-compatible new functionality
- Z can increase for bug fixes
If you’re upgrading from Puppet 3.x
Read the Puppet 4.0 release notes, since they cover breaking changes since Puppet 3.8.
Note: This version of Puppet is included in the Long Term Support release Puppet Enterprise 2016.4, so while there may be newer versions of Puppet available (and sometimes referenced in these release notes), we will continue updating this version until Puppet Enterprise 2016.4 reaches end of life.
Released January 17, 2017.
In Puppet 4.8.0, the stacktrace property was removed from Puppet’s HTTP error response API. This was an unintentional backwards-incompatible change, and in Puppet 4.8.2, the stacktrace property was returned to the response object, but instead of containing the stack trace message, now contains a deprecation warning. Users consuming the stack trace property of the Puppet HTTP error response API should instead review the Puppet log for this information.
Puppet tag validation
Tags containing new lines caused problems in PuppetDB because they were silently accepted when compiling a catalog. Now an error will be raised when compiling.
Released September 22, 2016.
This release addresses a single bug fix.
Critical bug fix
/environment/:env route wasn’t properly anchored to the start of the path, so routes with other prefixes would also match. Because auth is performed separately based on the path, this allowed requests like
/status/environment/production to bypass auth checks and retrieve environment catalogs. This also meant that other valid requests ending in
/environment/:foo, such as for files, would be handled incorrectly.
/environment/:env regular expression is now properly anchored to the beginning of the path, so only explicit environment requests will match.