Ohai Chefs! I’m happy to announce that Chef Server 12.3.0 is now available for download on the Chef Server Downloads Page and via our Apt/RPM repositories. Here are some highlights from this release: Node API change to include Policy support. ElasticSearch and external Solr support. Object updates can now be posted directly to the search […]
Read MoreAuthor: Marc Paradise
Chef Server 12.2.0 Release Announcement
Ohai Chefs! I’m happy to announce that Chef Server 12.2.0 is now live on Hosted Chef, and is also available for download on the Chef Downloads Page and via our Apt/RPM repositories. Here are some of this release’s highlights: External PostgreSQL: we now support using a PostgreSQL server other than the one shipped with Chef […]
Read MoreOpen Source Chef Server 11.1.7 Security Release
Ohai Chefs! Today we have released Chef Server 11.1.7, which contains the following security updates: OpenSSL 1.0.1m PostgreSQL 9.2.10 nginx 1.8.0 Please note that this update applies only to the Open Source Chef Server 11 product. Enterprise Chef 11 and Chef Server 12 have previously received these updates. You can download this release from the […]
Read MoreChef Server 12.1.0-rc.1 Now Available
Ohai Chefs! I’m pleased to announce that Chef Server 12.1.0-rc.1 is now available for download. Here are some of this release’s highlights: * Significant performance improvements. * Policyfiles and cookbook artifacts are complete and are enabled by default. * Server API Versioning: API `0` is now deprecated, and current API version level is `1`. * […]
Read MoreSecurity Release: Chef Server 12.0.8 and Enterprise Chef 11.3.1
Ohai Chefs! Chef Server 12.0.8 and Enterprise Chef 11.3.1 are available for immediate download. This release addresses the following vulnerabilities: CVE-2013-2028 CVE-2013-4547 CVE-2014-0088 CVE-2014-0133 CVE-2014-3556 CVE-2014-3616 This corresponds to chef-server issue 142, “Update Embedded Openresty NGINX”. Additional Changes Chef Server 12.0.8 has been further updated as follows: The Chef Server 12.0.8 release is the first […]
Read MoreChef Server 12.0.5 Released
Today we have released Chef Server 12.0.5. This release includes further updates to provide API support for key rotation, policy file updates, and LDAP-related fixes to user update. You can find installers on our downloads site. ## Updating Users This release fixes Issue 66. Previously, users in LDAP-enabled installations would be unable to log in […]
Read MoreSecurity Update: Hosted Chef
Later today, we will be rolling out an update to Hosted Chef that may impact your future use of data bag items in cookbooks. This change will remove the Chef Client’s default permissions to ‘create’, ‘update’ and ‘delete’ data bags in newly-created organizations. This means that if you create an organization today and proceed to […]
Read MoreSecurity Release: Chef Server and Analytics (POODLE and OpenSSL Vulnerabilites)
Today we are announcing security releases of all supported versions of Chef Server, Enterprise Chef, and Chef Analytics. These releases address two separate issues: * POODLE SSLv3 attack, which allows allow a remote attacker to extract plaintext of targeted data within an SSL connection * CVE-2014-3513 and CVE-2014-3567, which expose a potential DoS attack vector. […]
Read MoreSecurity Response: SSL POODLE attack and mitigation
_Update: 2014-10-17: We have released an update of Chef Server products and Analytics to address the POODLE attack as well as other recently announced vulnerabilites._ A new attack on SSL 3.0 has been announced. This attack is fully detailed in this document. ## Affected Products See section Remediation below for a mitigation that can be applied […]
Read More