Puppet Comply 2.16.0Node Count + Updated AssessorCEM for Windows 1.5.0Compliance Enforcement ModulesCD4PE 4.26.0Continuous Delivery for Puppet EnterprisePuppet Comply 2.15.0Scalability + Benchmark UpdatesCD4PE 4.25.0Continuous Delivery for Puppet EnterprisePuppet Comply 2.14.0RBAC, Node Count + MoreCEM for Windows 1.4.0Compliance Enforcement ModulesPuppet Enterprise 2023.1 & 2021.7.3Puppet Comply 2.13.0Puppet Enterprise 2023.0Puppet Enterprise 2021.7.2 (LTS)Puppet 7.0.0CD4PE 4.11.0Continuous Delivery for Puppet EnterprisePuppet Report Viewer 3.1Puppet Enterprise 2021.6Puppet Enterprise 2021.5Puppet Enterprise 2021.4Puppet Enterprise 2021.3Puppet Enterprise 2021.2Puppet Enterprise 2021.1Puppet Enterprise 2019.8.11 (LTS)Puppet Enterprise 2019.8.10 (LTS)Puppet Enterprise 2019.8.9 (LTS)Puppet Enterprise 2019.8.8 (LTS)Puppet Enterprise 2019.8.7 (LTS)Puppet Enterprise 2019.8.6 (LTS)Puppet Enterprise 2019.8.5 (LTS)Puppet Enterprise 2019.8.4 (LTS)Puppet Enterprise 2019.8.3 (LTS)Puppet Enterprise 2019.8.2 (LTS)Puppet Enterprise 2019.8.1 (LTS)Puppet Enterprise 2019.8 (LTS)Puppet Enterprise 2019.7Puppet Enterprise 2019.6Puppet Enterprise 2019.5Puppet Enterprise 2019.4Puppet Enterprise 2019.3Puppet Enterprise 2019.2Puppet Enterprise 2019.1 (STS)Puppet Enterprise 2019.0 (STS)Puppet Enterprise 2018.1.8 (LTS)Puppet Enterprise 2018.1.5 (LTS)Puppet Enterprise 2018.1.0 (LTS)Puppet Enterprise 2017.3 (STS)Puppet Enterprise 2017.2 (STS)Puppet Enterprise 2017.1 (STS)RELEASE NOTES DEMO COMPLY + CEMSept. 21, 2023Large enterprises continue to receive attention from the Comply engineering team. To give IT teams an even broader degree of decision-making power over their infrastructure compliance, Comply 2.16.0 features dramatic increases to supported node count, continuing a trend from recent Comply releases.Comply 2.16.0 also integrates the latest CIS-CAT Pro® Assessor from The Center for Internet Security (CIS), with updates to Ubuntu Linux and Debian Linux benchmarks.New in this release:Scalability improvements for enterprise-grade compliance management.Node count increased to 75,000.Updated support for CIS Benchmarks.Included the CIS-CAT Pro Assessor v4.33.0.Resolved several reported issues.RELEASE NOTES DEMO COMPLY + CEMAug. 22, 2023Staying aligned with the most up-to-date benchmarks from the Center for Internet Security (CIS) is the best way to ensure that you’re benefitting from the latest security recommendations.Puppet’s Compliance Enforcement Modules (CEM) simplify the task of keeping your Puppet Enterprise-managed nodes in continuous compliance with recent benchmark releases for popular versions of Microsoft Windows and Linux.New in this release:Added enforcement for the Center for Internet Security (CIS) Benchmark v2.0.0 for the following Windows operating systems:Microsoft Windows 10 EnterpriseMicrosoft Windows Server 2019Microsoft Windows Server 2016Enhanced upgrade documentation to ensure a smooth transition to version 1.5.0. RELEASE NOTES DEMO CD4PEAug. 2023A series of UI updates in Continuous Delivery for Puppet Enterprise 4.26.0 make it easier to find what you need to test and deliver your Puppet code faster and with greater accuracy. In addition, a security fix addresses a CVE related to the Okio client when handling a GZIP archive to improve the usability and reliability of CD4PE.New in this release:Refreshed the “Control Repos” and “Modules” pages.Modernized the UI for easier, more intuitive navigation.Large object data store is now using PostgreSQL.Security fixes:Upgraded okio-jvn to version 3.4.0 to address CVE-2023-3635.RELEASE NOTES DEMO COMPLYAug. 10, 2023Compliance scalability continues to be a challenge for enterprise organizations, which means it's a major focus for the Comply engineering team. Following the notable increases to supported node count in 2.14.0, Comply 2.15.0 has also now dramatically improved export functionality to allow users to export raw data results for up to 50,000 nodes.Leaning into our valued partnership with the Center for Internet Security (CIS), Comply 2.15.0 also integrates the CIS-CAT Pro® Assessor v4.32.0 with updates to MacOS benchmarks.New in this release:Scalability improvements for enterprise-grade compliance management.Raw data export support increased to 50,000 nodes.Updated support for CIS Benchmarks.Included the CIS-CAT Pro Assessor v4.32.0 (July 2023) with benchmark coverage for Apple macOS 11 v3.1.0 and 12 v2.1.0.Resolved several reported issues.Issues resolved in this release:Fixed an issue where inventory sync made paging requests without ordering, leading to ingest retrieving fewer hosts than expected. Also improved database efficiency and accuracy.Fixed an issue where filters in the 'Compliance over time' chart could display missing days.Fixed an issue where discrepancies appeared between active exceptions counts on the Comply dashboard and the exceptions page.RELEASE NOTES DEMO CD4PEWhen it comes to code delivery, usability is key to saving time and reducing headaches. A new series of UX updates – including message updates and a refresh of some of the most user-facing pages in CD4PE – make it easier than ever for teams to work together to integrate and deliver great Puppet code. Additionally, a slew of issue fixes and security updates make sure you can keep working in CD4PE with confidence.New in this release:Refreshed the “Create Account” and “Forgot Password” pages in CD4PE.Modernized the UI for easier, more intuitive navigation.Issues resolved in this release:CD4PE default pipeline impact analysis fails with a non-actionable error message: Updated the error message to make it more descriptive and useful when a pipeline with no deployment stage fails the impact analysis stage. GetJobInstanceV1 returns control repo display name for GitLab: Fixed an issue where links to a GitLab source control repository from the Job details screen wouldn't work if the control repo/module name did not match the GitLab repo name. Security fixes:Upgraded gin-gonic to version 1.9.1 to address CVE-2023-29401.Upgraded guava to version 32.0.0-android to address CVE-2023-2976.The refreshed "Create user account" page in CD4PE 4.25.0.RELEASE NOTES DEMO PUPPET COMPLYOne of the most frequently requested features for Puppet Comply has been to support different user roles. Comply 2.14.0 adds role-based access control, enabling you to designate three roles based on access need. We also increased node support in this release so you can confidently stretch your compliant infrastructure even further.We also updated integration with the latest CIS-CAT Pro Assessor and numerous benchmarks, and resolved a few vulnerabilities in this release.Identity and access managementRBAC integration with three default roles: Admin, operator, and viewerSupport for importing from LDAPScalability improvements for enterprise-grade compliance managementNode count increased to 50,000Updated support for numerous CIS BenchmarksIncluded the CIS-CAT Pro Assessor v4.30.0Addressed multiple CVEsResolved an issue when scanning a node in the Darwin family (Mac OS X/macOS)RELEASE NOTES DEMO COMPLY + CEMWith CEM for Windows, you can bring your Puppet Enterprise-managed nodes into compliance with the CIS Benchmark for Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows 10. The expanded support in CEM for Windows 1.4, coupled with the existing broad coverage in CEM for Linux, allows you to enforce CIS Benchmark compliance across your Windows and Linux infrastructure. Added enforcement for the Center for Internet Security (CIS) Microsoft Windows Server 2022 Benchmark v2.0.0cem_windows no longer supports the use of legacy configuration as of this update. cem_windows is no longer compatible with configurations that were used before v1.1.0. Please update any legacy configuration to the current standard of configuring cem_windows PE 2023.1 RELEASE NOTESPE 2021.7.3 RELEASE NOTESThese patch releases include fixes and performance upgrades for existing features.These releases represent the latest updates in the Puppet Enterprise (PE) 2023 and 2021 streams, following the releases of PE 2023.0 and PE 2021.7.2 LTS in January 2023. These new, backward-compatible releases contain fixes and performance upgrades for existing features and functionality.For a detailed list of enhancements and fixes in PE 2023.1, see the PE 2023.1 release notes.For a detailed list of enhancements and fixes in PE 2021.7.3, see the PE 2021.7.3 release notes.For security and vulnerability announcements, see CVE Content.Performance enhancements in these releases: Improved performance when querying PuppetDBImproved performance for several functions in the Puppet languageMore reliable warnings when updating Puppet ServerDeprecation of Pure JavaScript Open Notation (PSON) for serializing data in Puppet 7Resolved issues in these releases: Tasks page is available following a software updateEnabling the lockless code deploy feature no longer causes performance issues in PuppetDB catalog compilationPerformance issue with Puppet agent runtimes is resolvedCertificates and keys can be backed up and restored by specifying the certs scopeUpdates implemented to help users enter valid URLsTimeouts can be specified for SAML authenticationUser-defined temporary directory is honored during PE restore operationsIssue that caused an unexpected increase in CPU usage is resolvedAdditional issues resolved in PE 2023.1, related to new features in 2023.0:Scheduled task jobs run successfully without a defined timeoutTimeout and concurrency values for scheduled tasks can be viewed and edited in the consoleWhen tasks are rerun in the console, timeout and concurrency attributes are preservedAccess rights for remote users can be revoked and reinstated from the consoleSecurity fixes in both releases:CVE-2023-1894CVE-2023-26048RELEASE NOTESEffective compliance requires good visibility. Comply’s dashboard has received significant enhancements in 2.13.0, bringing new clarity to your compliance standing. Compliance statistics are reported on servers that live on-prem or in the cloud. Search and subset node views based on server attributes, such as name or operating system, and drill down to key focus areas to quickly identify areas where action is needed.As always, we called upon our unique partnership with the Center for Internet Security (CIS) to power Comply with the latest CIS-CAT Pro Assessor (v4.28.0), and we’ve incorporated the latest benchmarks and standards so your compliance has the most up-to-date expert standards built in.We even had time to fix a couple of nagging little bugs from prior releases, address a few CVEs, and boost performance.Redesigned dashboard with new graphs, node count and exceptions, and accessible action steps Improved performance and scalabilityIncluded the CIS-CAT Pro Assessor v4.28.0Updated benchmark supportResolved multiple vulnerabilitiesRELEASE NOTES Puppet 2023.0 is the latest release following 2021.7, now using updated versioning. It’s a backward-compatible release that contains enhancements and resolved issues from our previous major release.Here are the highlights of Puppet Enterprise 2023.0:NIST compliance: Puppet 2023.0 ensures that sensitive information is cleared when a session times out. You can customize the timeout to specify a default value and issue a confirmation message. In this way, you reduce compliance risk for InfoSecOps and administrators. This feature is designed for compliance with National Institute of Standards and Technology (NIST) guidelines. Authenticate users in multiple Lightweight Directory Access Protocol (LDAP) domains: Use a prioritized list of LDAP servers to get credentials. In this way, you reduce compliance risk and increase operational efficiency for administrators. Streamlined user interface for tasks and plans: Increase observability, throughput, fault tolerance, and operational efficiency with new job and task queue status, task concurrency fine-tuning, default job timeouts, and the capability to stop stalled jobs. View and edit task parameters, targets, and other details. The new functionality is designed to benefit users, operators, and managers. Scalability performance improvements to deploy and manage more nodes: Increase operational efficiency and accelerate time to value with new orchestrator task concurrency defaults and improvements. Reporting, database performance, and agent certificate regeneration improvements are provided as well to benefit all users. Component Updates Java 17DeprecationsRemoved primary server platforms:CentOS 8Removed agent platforms:CentOS 8 Debian 9 Fedora 32 Fedora 34 Ubuntu 16.04Removed patch management platforms:Debian 9 Fedora 34READ RELEASE NOTES Multiple resolved issuesSecurity fixes: CVE-2022-41946 CVE-2022-41404 READ RELEASE NOTESInclusion of Facter 4Inclusion of Ruby 2.7Definition of locations for storing sensitive dataRemoval of harmful terminology from the Puppet platform Removal of several Win32 gems to consolidate Windows functionalitiesEnvironment and Fact cachingIterable data type supplants Enumerable data typeRemoval of legacy codeAdded Postgres 11+ requirementPuppetDB migration to new HTTP clientREAD RELEASE NOTESNew and revamped filters support more advanced queriesTarget specific sets of infrastructure data with compound filtersREAD ANNOUNCEMENTNew tracked metrics for Puppet Server, PuppetDB, and Orchestrator Performance and workload metrics allow for better troubleshooting of performance issuesReplaced default dashboards to visualize new metricsLockless code deploy, stable since version 2021.2, is now no longer an experimental feature, preventing code deploys from blocking catalog compilationPE orchestrator plans and code deployments can now be run concurrently without interruptionPrimary server support: FIPS-compliant RHEL 8, SLES 15, Ubuntu 20.04; Client support: macOS 12 (x86); TLS 1.3 support addedOptimized disk utilization for HA deployments Amazon Linux 2 support for primary server deploymentPatch management available for Amazon Linux 2 managed nodes Modify Role-Based Access Control (RBAC) parameters via API Sequential patching option allows for systems in a patch group to reboot one at a time rather than simultaneously PuppetDB best-practices-based maintenance tasks are enabled by default Code manager now supports authentication to custom servers Puppet metrics collector module is now included in PE, which collects Puppet metrics by default and gives insight into infrastructure performance PE_databases module is now included in PE and provides tuning, maintenance, and backups for PE PostgresSQL Export data in shareable format from task runs to CSV Platform support for Puppet agent additions: macOS, Red Hat Enterprise Linux 8 ppc64le, Ubuntu 20.04. aarch64, Fedora 34 Resolved critical CVE-2021-27021 Setup single sign-on (SSO) and multi-factor authentication (MFA) with SAML 2.0 support Added password complexity requirements for additional application security Orchestrate pre and post patching steps including: health checks, pre and post command hooks and server reboots, all with a patching Plan, Save custom defaults for the Value Report to tailor reporting needs Query performance updates to PuppetDB Puppet 2021.1 ships with Puppet 7 Lockless code deploy, stable since version 2019.8.6, is now no longer an experimental feature, preventing code deploys from blocking catalog compilation PE orchestrator plans and code deployments can now be run concurrently without interruption Primary server support: FIPS-compliant RHEL 8, SLES 15, Ubuntu 20.04; Client support: macOS 12 (x86); TLS 1.3 support added Patch management available for Amazon Linux 2 managed nodes Optimized disk utilization for HA deployments Sequential patching option allows for systems in a patch group to reboot one at a time rather than simultaneously PE support script enhancements PuppetDB maintenance module installed by default Code Manager deployment performance improvements Update Certificate Revocation List (CRL) via API Export results of task jobs to CSV Customize values used to derive value report results Configurable Certificate Revocation List (CRL) auto-refresh interval New patching plan that includes pre- and post-patching health checks to reduce manual steps during the patching process. Performance improvements to PuppetDB. Updates the PostgreSQL version to address security vulnerabilities Harmful terminology deprecations and removals Plans in PE improvements including scheduling plans and sensitive parameter support Patching improvements including the ability to re-run tasks or jobs on failed nodes and know the patch status per node after patching task Activity Service improvements that report on all activities done in the console Installer upgrade improvements Notification of CA certificates when they are close to expiring from the PE Console PE Value Report builds on the value API in PE 2019.8.1 and gathers real-time data and calculates time reclaimed per automation type. This version was never released. Value reporting API reports details about automated changes that PE makes to nodes, and provides an estimate of time freed by each type of change based on intelligent defaults or values you provide. Console navigation and workflow improvements including new sections and renamed pages Select plan parameters that are boolean or enum types from a drop down menu in the Value field. Updates to metrics endpoints are now controlled by trapperkeeper-authorization and configured in the Puppet Serverauth.conf file. Integrate existing Puppet code into plans Patch systems with Puppet, allowing organizations to consolidate tooling Use less hardware with PE performance improvements Seamlessly scale up and bring more nodes under management Onboard new team members to a streamlined, modern product UI Improvements to plan functionality in Puppet Enterprise (parameters exposed in PE console) Improved PE architecture with horizontally scaled PuppetDB on compilers Improved speed and reliability for provisioning a PE replica Upgrade all compilers with a single command This version was never released Resolved a high-severity vulnerability CVE-2020-7943 Puppet Enterprise console enhancements Inventory page revamp (each installation type has a button that links to its own page, more help icons and definitions) Plans event view in the Job details page now displays an output message for each plan run Two new API endpoints for Code Manager provide greater flexibility in deploying modules Custom PQL queries in the console for running Puppet and tasks New Run drop down menu so you can run Puppet or a task for the nodes listed on the current page Ability to select code environment for tasks and plans (other than “production”) Support for managing network devices with Puppet Enterprise Support for running plans from console and CLI Agent installation from the console (via Inventory option) Schedule recurring tasks via Puppet Enterprise console Add nodes without agents to Puppet Enterprise (new Inventory option on the console) Agentless tasks via SSH (Linux) (2019.0.0) Agentless tasks via WinRM (Windows) (2019.0.1) Express installation (2019.0.2) Continuous Delivery for Puppet Enterprise console installation (module via console) Schedule tasks in Puppet Enterprise console Role-based access to tasks Puppet Discovery (retired) Hiera overrides in the console (set parameters on node groups without declaring the class) Ad-hoc tasks (run tasks from the console, on the command line, or by the orchestrator API) AWS OpsWorks for Puppet Enterprise (offers cloud-focused workflows and managed service capabilities for running Puppet Enterprise on AWS) Orchestrator in the console (create node lists, either static or using Puppet Query Language, on which to run Puppet) Packages inventory in the console Hiera 5 Improved performance True environment- and module-level data Try the Latest VersionGet a free trial of Puppet Enterprise with no time limit. Automate 10 nodes for free, forever.🙋 START MY FREE TRIAL