If you like patching vulnerabilities, the new Puppet Core 8.16.0 release is right up your alley! This update is all about strengthening your infrastructure’s security, with several important library upgrades and vulnerability patches.
What’s Included?
Here are the new versions of dependencies that have been released to address vulnerabilities:
- Thor gem 1.4.0: Addresses CVE-2025-54314
- Curl 8.16.0: Addresses CVE-2025-0986, CVE-2025-10148
- REXML gem 3.4.2: Addresses CVE-2025-58767
- OpenSSL 3.0.18: Addresses CVE-2025-9230, CVE-2025-9232
- Patched URI gem in the Puppet agent: Addresses CVE-2025-61594
Why Upgrade?
Security is a moving target, and keeping your configuration management tools patched is essential for protecting your systems. This release ensures Puppet Core users are protected against the latest disclosed vulnerabilities in widely used libraries.
Release Notes
Review the full release notes for details on all changes and CVE references: https://help.puppet.com/core/current/Content/PuppetCore/PuppetReleaseNotes/release_notes_puppet_x-8-16-0.htm
Top comments (0)