The Puppet Core team is at it again keeping on top of industry vulnerabilities! This release updates or removes dependencies to resolve nearly 20 reported CVEs (details in the release notes).

Security Updates in 8.17

• Curl updated to 8.18 [addresses 8 CVEs]
• Ruby updated to version 3.2.10 [addresses 2 CVEs]
• OpenSSL updated to version 3.0.19 [addresses 8 CVEs]

Deprecations and removals

• The Ruby API has been removed from leatherman as part of ongoing efforts to streamline and modernize internal components.
• Brotli and zstd have been removed from agent curl builds. No impact to Puppet or PXP agents.

👉 Check out the full official Release notes for 8.17