DEV Community

Cover image for Puppet Continuous Delivery (CD) 5.14.0 and 4.39.0 now available!
puppet profile image Jason St-Cyr
Jason St-Cyr for puppet

Posted on

Puppet Continuous Delivery (CD) 5.14.0 and 4.39.0 now available!

#puppet

👀 Important reminder: Continuous Delivery 4.x reaches its end‑of‑life on February 5, 2026. Upgrade to CD 5.x to ensure continued support, security updates, and feature enhancements. For full details and information about migrating to CD version 5.x, see End-of-life announcement: Continuous Delivery version 4.x.

Highlights in CD 5.14.0

In addition to important fixes and security updates, version 5.14.0 provides Puppet Enterprise (PE) and PE Advanced customers with improvements across usability, security, and platform reliability.

Enhancements

  • Improved in‑app error messaging to more clearly communicate CORS and other browser‑level errors, making configuration issues easier to diagnose.
  • Strengthened password validation for users creating or updating accounts. Passwords must now be at least 12 characters and include uppercase, lowercase, numeric, and special characters.
  • Updated puppet‑dev‑tools image to include PDK 3.6.1, which requires compatibility with Puppet 8 and Ruby 3.x. Continued support for Puppet 7 and Ruby 2.7 via: gcr.io/platform-services-297419/puppet-dev-tools:puppet7 (includes PDK 3.4.1).

Fixes

  • Impact Analysis:
    • Fixed issue where resource changes were incorrectly reported for certain data types.
    • Impact Analysis now correctly validates oversized titles and returns clear error messaging.
  • Corrected pipeline status links sent to version‑control providers.
  • Azure DevOps Server integration fix for truncated host URLs that previously broke repository links.

Security updates

This release includes fixes for the following vulnerabilities: CVE‑2026‑21452, CVE‑2025‑68161, CVE‑2024‑49761, CVE‑2025‑68973, CVE‑2025‑6020, and CVE‑2025‑13465

🔗 Get the full details on everything in the 5.14.0 release notes

CD 4.39.0

Enhancements

  • Updated puppet‑dev‑tools image to include PDK 3.6.1, aligning CD pipelines with Puppet 8 and Ruby 3.x requirements. Continued Puppet 7 support available via the puppet7 image (PDK 3.4.1).

Fixes

  • Impact Analysis:
    • Fixed issue where resource changes were incorrectly reported for certain data types.
    • Impact Analysis now correctly validates oversized titles and returns clear error messaging.

Security updates

This version includes fixes for the following vulnerabilities: CVE‑2026‑21452, CVE‑2025‑68161, CVE‑2025‑68973, CVE‑2025‑6020, and CVE‑2025‑13465.

🔗 Full detail in the 4.39.0 release notes.

Top comments (0)