Puppet Enterprise 2025.7 Delivers Code Assist and RHEL 10 Primary Support (and new SCM!)

Reminder:

Starting August 2026, Puppet Enterprise will transition from the current STS/LTS model to the new ‘Latest’ and ‘Latest -1’ support model.

For full details, see the Puppet Enterprise Platform Support Lifecycle.

---

Highlights in PE 2025.7

Alongside critical security updates and important fixes, this release delivers more value to Puppet Enterprise Advanced with additional AI-assisted infrastructure automation capabilities and enhancements to the Advanced Patching feature, helping teams streamline operations, reduce risk, and accelerate compliance.

Infra Assistant

• Code assist for Puppet Enterprise Advanced: Accelerate development with natural language support for writing Puppet code, modules, tasks, and plans.
• Performance & setup improvements: Performance improvements provide faster, smoother interactions with Infra Assistant, and a simplified setup process means you can get started more easily.

Advanced Patching

• Edit patch groups directly from the PE console or via the API.
• Manage patch schedules and track patch runs from dedicated pages in the PE console.
• Set up alerts with the Observability Data Connector and receive notifications via email, PagerDuty, or Slack to stay informed about your Advanced Patching operations.

Bolt

• Added support for plan_context function which returns execution context for plans running in Puppet Enterprise or Bolt.

Platform Support

• Primary server support for Red Hat Enterprise Linux (RHEL) 10.
• Agent support for RHEL 10 ARM.

Security and Fixes

• Multiple CVEs addressed across PE, agent, and Bolt server, including the following high severity CVEs:
  • CVE-2025-12183
  • CVE-2025-9086
  • CVE-2025-9230
  • CVE-2025-61770
  • CVE-2025-61771
  • CVE-2025-61772
• Fixes to address issues with Puppet Edge Workflows, Advanced Patching, Infra-Assistant, and the PE backup process.

Learn more: For full details about new features, enhancements, and fixes, see the PE 2025.7 release notes.

---

Highlights in PE 2023.8.7

Platform Support:

• Primary server support for Red Hat Enterprise Linux (RHEL) 10.
• Agent support for Red Hat Enterprise Linux (RHEL) 10 ARM.

Resolved: Backup process no longer fails when files change during reading.

Security Fixes: Multiple CVEs addressed across PE, agent, and Bolt server for improved security.

Learn more: Full details are available in the PE 2023.8.7 release notes.

---

THERE'S MORE! Security Compliance Management 3.6.0 Now Available!

The new release of Security Compliance Management (SCM) brings updated CIS CAT assessor and thus, updated CIS benchmarks across many new and existing platforms. It also adds a host of new features bringing in more value for SCM users and improving the product's security posture.

Enhancements and Updates

• CIS CAT Pro assessor is now updated to the latest 4.57.1 version.
• The assessor update allows customers to monitor CIS benchmark compliance across new operating systems like Windows Server 2025, RHEL 10, and others.
• Customers will also be able to monitor compliance against updated benchmarks for operating systems like Oracle Linux 8, Ubuntu 22.04 LTS, and others.
• The installation for SCM is streamlined to allow ease of use for our customers. Older versions of assessor are automatically removed from the temporary installation folder and the installation does not rely on access to system's temporary directory.
• Security Compliance Management now also includes all benchmarks for the CIS-CAT Pro Assessor, even those not officially supported by SCM
• Many security enhancements addressing a few vulnerabilities.

Check out the SCM Release notes for all the benchmark additions, updates and vulnerabilities addresses.