Chef & Rails CVE-2014-3482

At 17:11 UTC, the Rails security team publicized CVE-2014-3482 and CVE-2014-3483. In short, this vulnerability is related to the PostgreSQL adapater in ActiveRecord. A bug in the SQL quoting code could allow an attacker to carefully craft a request and execute a SQL injection. Only applications which query against bitstring or range type columns were […]

Read More

Berkshelf Workflow

This article is cross-posted from [https://sethvargo.com/berkshelf-workflow/](https://sethvargo.com/berkshelf-workflow/). There are only two fundamental assumptions for working with Berkshelf: 1. Each cookbook is a uniquely packaged and versioned artifact 2. You have a centralized artifact store that exposes a dependency API and/or is indexable by the [Berkshelf API](https://github.com/berkshelf/berkshelf-api) Each cookbook is it own unit of infrastructure and should […]

Read More