Chef Server 12.3.0 Release Announcement

Ohai Chefs! I’m happy to announce that Chef Server 12.3.0 is now available for download on the [Chef Server Downloads Page](https://downloads.chef.io/chef-server/) and via our Apt/RPM repositories. Here are some highlights from this release: * Node API change to include Policy support. * ElasticSearch and external Solr support. * Object updates can now be posted directly […]

Read More

Security Release: Chef Server 12.0.8 and Enterprise Chef 11.3.1

Ohai Chefs! Chef Server 12.0.8 and Enterprise Chef 11.3.1 are available for immediate download. This release addresses the following vulnerabilities: CVE-2013-2028 CVE-2013-4547 CVE-2014-0088 CVE-2014-0133 CVE-2014-3556 CVE-2014-3616 This corresponds to chef-server issue 142, “Update Embedded Openresty NGINX”. Additional Changes Chef Server 12.0.8 has been further updated as follows: The Chef Server 12.0.8 release is the first […]

Read More

Chef Server 12.0.5 Released

Today we have released Chef Server 12.0.5. This release includes further updates to provide API support for key rotation, policy file updates, and LDAP-related fixes to user update. You can find installers on our [downloads site](https://downloads.chef.io/chef-server/). ## Updating Users This release fixes [Issue 66](https://github.com/chef/chef-server/issues/66). Previously, users in LDAP-enabled installations would be unable to log in […]

Read More

Security Release: Chef Server and Analytics (POODLE and OpenSSL Vulnerabilites)

Today we are announcing security releases of all supported versions of Chef Server, Enterprise Chef, and Chef Analytics. These releases address two separate issues: * [POODLE SSLv3 attack](https://www.openssl.org/~bodo/ssl-poodle.pdf), which allows allow a remote attacker to extract plaintext of targeted data within an SSL connection * [CVE-2014-3513 and CVE-2014-3567](https://www.openssl.org/news/secadv_20141015.txt), which expose a potential DoS attack vector. […]

Read More

Security Response: SSL POODLE attack and mitigation

_Update: 2014-10-17: We have [released an update](https://www.getchef.com/blog/2014/10/17/security-release-chef-server-and-analytics-poodle-and-openssl-vulnerabilites/) of Chef Server products and Analytics to address the POODLE attack as well as other recently announced vulnerabilites._ A new attack on SSL 3.0 has been announced. This attack is fully detailed in [this document]( https://www.openssl.org/~bodo/ssl-poodle.pdf). ## Affected Products See section Remediation below for a mitigation that can […]

Read More