Chef and OpenSSL Security Advisory 1 March 2016

On March 1, 2016, the OpenSSL team released a new high severity security advisory. Simultaneously, the OpenSSL team also made available new versions of the OpenSSL code containing fixes for the vulnerabilities described in this advisory. After reviewing the vulnerabilities described in this security advisory, the team at Chef has determined that Chef products are not at […]

Read More

ChefDK 0.9 Released

We’re pleased to announce the release of ChefDK 0.9 today, which you can obtain via our downloads page. This release is primarily to upgrade the embedded version of Chef Client to 12.5, which is being released today. You can read about the new features in Chef Client 12.5 in a companion blog post. In addition […]

Read More

Chef Analytics 1.1.5 Release

We are pleased to announce the immediate availability of Chef Analytics 1.1.5. This is a bugfix release for 1.1.4, which prevented some customers from cleanly upgrading from previous versions of Analytics. This version also includes a scheduled task (cron job) that will purge Analytics data older than three months by default on an ongoing basis. […]

Read More

Busting GHOSTs with Chef

We nearly escaped the first month of the new year without another major security vulnerability, but just a few days ago, security researchers found another serious bug, which they named GHOST. This time it’s in the gethostbyname() function inside glibc, the GNU C library, so the name is apt. Once again, we can use Chef […]

Read More

Detecting & Repairing Shellshock with Chef

The Bourne Shell – fifth film in the trilogy. Jason Bourne tries to patch servers against obscure bug. No fights or car chases. Avoid. — Charles Arthur (@charlesarthur) September 27, 2014 To nobody’s delight and amusement, this has been the year of critical, remotely-exploitable security vulnerabilities. First we had the Heartbleed bug in OpenSSL, and […]

Read More