We want to make you aware of two changes that will affect Chef products going forward: All Chef products will be making their license file and the license files of all included software easier to find. For proprietary Chef products, you will be required to explicitly accept the Chef Master License and Services Agreement (Chef […]
Read MoreAuthor: Mark Mzyk
Mark is an engineering manager at Chef, having accepted the position after having been a long time software engineer at Chef. In his time at Chef he's contributed code to almost every single Chef product. Now code dominates his life less, but he gets the joy of helping others create code that has a positive impact.
Chef Management Console 2.1.2 Security Release
Manage 2.1.2 is now available from the Chef downloads site. Manage 2.1.2 is a security release to address a number of Rails CVEs. It is recommended that all users of the Chef Management Console upgrade. The full change log is availble here: https://manage.chef.io/changelog
Read MoreSupermarket 2.3.2 Security Release
Supermarket 2.3.2* is now available. This release contains bug fixes, minor enhancements, and security updates. Supermarket version 2.3.2 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository. Upgrading to this version can be as simple as a chef-client run on your hosts—if you’ve left […]
Read MoreChef Management Console 1.20.0 Release
Manage 1.20.0 is now available from the Chef downloads site. This release fixes the bug discovered in the previous 1.19.0 release. It is now possible to set the “`org_creation_enabled“` setting in manage.rb to turn off org creation from within Manage. For full details, see the Chef docs here. While the primary driver of this release […]
Read MoreChef Management Console 1.19.0 Release
Update 2: The Manage 1.20.0 release, which fixes the “`org_creation_enabled“` bug, is now available. Full details here: https://blog.chef.io/2015/08/07/chef-management-console-1-20-0-release/ Update: There is a bug in this release where the “`org_creation_enabled“` setting will not be applied properly when Manage is reconfigured. We are sorry we missed this in our testing and are working to remedy it with […]
Read MoreChef Management Console 1.18.0 Release
Manage 1.18.0 is now available from the Chef download site. With this release Manage will now respect the “`strict_search_result_acls“` setting if it is set on the Chef server. When this setting is enabled the Chef server search functionality does ACL permission checking before returning results. This means Manage no longer has to do this checking […]
Read MoreChef Management Console 1.12.0 Release
Manage 1.12.0 is now available from the Chef download site. This release changes the Manage session store from using cookies to using redis. This change addresses sessions not being invalidated immediately on a user’s password reset. Upon upgrading to Manage 1.12.0 all currently logged in users will have their sessions reset and they will need […]
Read MoreHosted Chef oc-id Partial Failure
On Thursday, March 26th Hosted Chef experienced a degradation in service where logging into oc-id, Hosted Chef’s identify service, periodically failed. This failure meant that it was difficult to login into Supermarket, Hosted Chef’s profile page, and oc-id itself, since each of these systems rely on oc-id for their authentication tokens. During this degradation all […]
Read MoreSecurity Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6
Available for immediate download are Chef Server 12.0.1 and Enterprise Chef Server 11.2.6. This release addresses CVE-2014-8144, a CSRF vulnerability found in doorkeeper, a gem used by the oc-id service that ships with the Chef Server. This release updates oc-id to the latest version, 0.4.4, which contains the patched doorkeeper gem. Open Source Chef Server 11 […]
Read MoreChef Server 11.1.4 Release
Hello Chefs, We are happy to announce that the 11.1.4 release of the open source Chef Server is now available. This is primarily a bug fix release. This release includes a bump in OpenSSL from 1.0.1h to 1.0.1i, as we announced in a previous post. Other notable changes include:
Read More