Chef Software has reviewed the following security advisory and does not believe that this represents a critical security risk to our users. OpenSSL Security Advisory The next planned release of all affected products will include an updated OpenSSL version; we will not have an exploit-specific release. If new information causes us to re-evaluate our position […]
Read MoreAuthor: Joseph Smith
Security Vulnerability Releases of Chef Server
Hello, Today we are releasing new versions of Enterprise Chef Server and Open Source Chef Server to address a PostgreSQL configuration vulnerability error. The defect allows any local user on the system hosting the Chef Server’s PostgreSQL components full access to databases. We advise all Chef Server users to update to this latest release which […]
Read MoreEnterprise Chef 11.1.2 and Private Chef 1.4.8: Security Release
The following item is new for Enterprise Chef 11.1.2 and 1.4.8 and is a change from previous versions. opscode-webui Don’t log or email the Rails session or environment from the exception handler. Doing so can cause user-submitted form values like passwords to be logged and emailed to administrators of the Enterprise Chef server when exceptions […]
Read MoreChef Version Updates
Hello! Recently, Chef became aware of a security vulnerability in the version of libyaml we were using. We were nearing release for several of our products, and took the opportunity to do a sweep of some others. The following releases are all live at this time, and while we are unaware of any scenarios by […]
Read MoreEnterprise Chef 11.1.1 Release
The following items are new for Enterprise Chef 11.1.1 and/or are changes from previous versions. Provisional IPV6 Support Support for running the Enterprise Chef server in an IPV6 infrastructure and with IPV6 clients. Lua / Redis-based API Routing We’ve heavily reworked the routing mechanisms used by the API proxy to allow for more dynamic and […]
Read MoreManagement Console 1.1.1 Release
Management Console 1.1.1 has been released. Changes and Improvements Update URL on data bag item deletes. Redirect properly on data bag item deletes. Truncate cookbook names that are too long for run list editor. Fixed loading of additional roles in run list editor. Fixed tooltips for disabled sidebar actions. Added no cookbooks error to constraint […]
Read MorePrivate Chef 1.4.7 Release
This security release includes fixes for the following: libyaml 0.1.5 [CVE-2013-6393] – ml_parser_scan_tag_uri function in scanner.c performs incorrect cast OpenSSL 1.0.1f [CVE-2013-4353] – allows remote TLS servers to cause a denial of service Nginx 1.4.4 [CVE-2013-2070] – when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service [CVE-2013-4547] […]
Read MorePush Jobs Server 1.1.0 and Push Jobs Client 1.0.1 released
New versions of the Push Jobs Server and the Push Jobs client have been released. Push Jobs Server 1.1.0 Changes Add X-Chef-Version HTTP header information for compatibility with EC 11.1.0 Change internal handling of principal endpoint responses for compatibility with EC 11.1.0 Push Jobs Server 1.1.0 Bug Fixes Fix a bug that prevented Pushy from […]
Read MoreReporting 1.1.0 Released
Reporting 1.1.0 has been released. Changes and Improvements Support installation on ‘tier’ topology Don’t run knife tests by default when running opscode-reporting-ctl test Set db_pool_size/http_pool_size to 25 to avoid exhaustion of postgres backends under standard 2 FE configuration Bug Fixes Frontend could not install opscode-reporting service in ha mode Run refresh_matviews on backend nodes and […]
Read MoreChef Server 11.0.11 Release
Chef Server 11.0.11 is now available for download at: http://www.opscode.com/chef/install/ [CHANGELOG] [CHANGESET] This is a security release that includes a fix for: LibYAML [CVE-2013-6393]
Read More