Security Release: Chef Server 12.0.8 and Enterprise Chef 11.3.1

Ohai Chefs! Chef Server 12.0.8 and Enterprise Chef 11.3.1 are available for immediate download. This release addresses the following vulnerabilities: CVE-2013-2028 CVE-2013-4547 CVE-2014-0088 CVE-2014-0133 CVE-2014-3556 CVE-2014-3616 This corresponds to chef-server issue 142, “Update Embedded Openresty NGINX”. Additional Changes Chef Server 12.0.8 has been further updated as follows: The Chef Server 12.0.8 release is the first […]

Read More

Security Release: Chef Server and Analytics (POODLE and OpenSSL Vulnerabilites)

Today we are announcing security releases of all supported versions of Chef Server, Enterprise Chef, and Chef Analytics. These releases address two separate issues: * POODLE SSLv3 attack, which allows allow a remote attacker to extract plaintext of targeted data within an SSL connection * CVE-2014-3513 and CVE-2014-3567, which expose a potential DoS attack vector. […]

Read More