Supermarket 2.3.2 Security Release

Supermarket 2.3.2* is now available. This release contains bug fixes, minor enhancements, and security updates. Supermarket version 2.3.2 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository. Upgrading to this version can be as simple as a chef-client run on your hosts—if you’ve left […]

Read More

Chef Management Console 1.20.0 Release

Manage 1.20.0 is now available from the Chef downloads site. This release fixes the bug discovered in the previous 1.19.0 release. It is now possible to set the “`org_creation_enabled“` setting in manage.rb to turn off org creation from within Manage. For full details, see the Chef docs here. While the primary driver of this release […]

Read More

Chef Management Console 1.19.0 Release

Update 2: The Manage 1.20.0 release, which fixes the “`org_creation_enabled“` bug, is now available. Full details here: http://chefio.wpengine.com/2015/08/07/chef-management-console-1-20-0-release/ Update: There is a bug in this release where the “`org_creation_enabled“` setting will not be applied properly when Manage is reconfigured. We are sorry we missed this in our testing and are working to remedy it with […]

Read More

Chef Management Console 1.18.0 Release

Manage 1.18.0 is now available from the Chef download site. With this release Manage will now respect the “`strict_search_result_acls“` setting if it is set on the Chef server. When this setting is enabled the Chef server search functionality does ACL permission checking before returning results. This means Manage no longer has to do this checking […]

Read More

Chef Management Console 1.12.0 Release

Manage 1.12.0 is now available from the Chef download site. This release changes the Manage session store from using cookies to using redis. This change addresses sessions not being invalidated immediately on a user’s password reset. Upon upgrading to Manage 1.12.0 all currently logged in users will have their sessions reset and they will need […]

Read More

Hosted Chef oc-id Partial Failure

On Thursday, March 26th Hosted Chef experienced a degradation in service where logging into oc-id, Hosted Chef’s identify service, periodically failed. This failure meant that it was difficult to login into Supermarket, Hosted Chef’s profile page, and oc-id itself, since each of these systems rely on oc-id for their authentication tokens. During this degradation all […]

Read More

Security Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6

Available for immediate download are Chef Server 12.0.1 and Enterprise Chef Server 11.2.6. This release addresses CVE-2014-8144, a CSRF vulnerability found in doorkeeper, a gem used by the oc-id service that ships with the Chef Server. This release updates oc-id to the latest version, 0.4.4, which contains the patched doorkeeper gem. Open Source Chef Server 11 […]

Read More

Chef Server 11.1.4 Release

Hello Chefs, We are happy to announce that the 11.1.4 release of the open source Chef Server is now available. This is primarily a bug fix release. This release includes a bump in OpenSSL from 1.0.1h to 1.0.1i, as we announced in a previous post. Other notable changes include:

Read More