The latest update of Puppet Core is now out with release 8.14.0! One of the big advantages of Puppet Core is the approach to hardening releases to reduce customer risk. This release enhances the platform with AI-powered search in the documentation and further secures Puppet Core's hardened binaries through critical component updates and CVE patches.
Smarter Docs with AI-Powered Search
You can now ask questions directly from the Puppet Core documentation main page, thanks to a new AI-powered search tool. This enhancement helps you find answers faster, with responses that combine content from the current product documentation and the Perforce knowledge base.
Security Fixes
Key dependencies have been updated to address multiple CVEs and improve overall hardening:
- net-imap upgraded to v0.3.9: Addresses CVE-2025-43857
- curl upgraded to v8.14.1: Addresses CVE-2025-5025, CVE-2025-4947, and CVE-2025-5399
- libxml2 upgraded to v2.14.5: Addresses CVE-2025-6021, CVE-2025-49794, CVE-2025-49795, CVE-2025-49796, and CVE-2025-6170
Bug Fixes
- Fixed recursive scanning from root directory: A gemspec issue that caused Ruby to scan the entire lib directory when loading the Puppet gem from root has been resolved. This fix applies to both the puppet and facter gems.
To get the official release notes from the Product team, check out the Puppet Core docs: