Chef Server 12.1.0 RC3 Now Available

Ohai Chefs, We’re pleased to announce that Chef Server 12.1.0 RC3 is now available for download. RC3 is the follow-up to RC1, which we [announced](http://chefio.wpengine.com/2015/05/28/chef-server-12-1-0-rc-1-now-available/) on May 28th. ### What’s New Since RC1 * **Erlang 17:** We’ve upgraded the Erlang distribution that we ship with the Chef Server to Erlang 17.5 * **Solr Upgrade Fixes:** […]

Read More

Chef Server 12.0.6 Released

Today we’re pleased to announce that Chef Server 12.0.6 has been released. This update contains the latest OpenSSL 1.0.1m along with further bug fixes and API improvements. ### OpenSSL 1.0.1m While the Chef Server and other Chef products that ship with OpenSSL are not vulnerable to [CVE-2015-0291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291) (see our earlier [blog post](http://chefio.wpengine.com/2015/03/19/openssl-vulnerability-cve-2015-0291-and-chef/) by Charles Johnson), […]

Read More

Chef Server 12.0.2 Release

Ohai! Today we’ve released Chef Server 12.0.2, a small bugfix release that addresses a critical bug in the upgrade process from Enterprise Chef 11 that was causing upgrades to hang during long-running migrations. The latest packages can be downloaded from https://downloads.chef.io/chef-server. ### Release Notes: #### Bug Fixes: The following items are the set of bug […]

Read More

Security Releases: Chef Server and Premium Features (insecure file ownership)

Today we are announcing security releases of all supported versions of the Chef Server, Enterprise Chef, and Chef Software-built premium features. These releases address package ownership issues on Debian-based platforms that result in Omnibus-built packages installing with contents owned by UID and GID 999 or 1001. This vulnerability allows a non-root attacker to modify or […]

Read More

Announcing Chef Server 12 Release Candidate

Today we’re pleased to announce the public availability of the first Chef Server 12 Release Candidate. This release brings the differentiating features of Enterprise Chef, namely multi-tenancy and role-based access control, into Open Source Chef. ## What’s New Chef Server 12 brings a host of improvements that will be welcomed by existing Open Source and […]

Read More

Chef Server 11.1.1 Release

Open Source Chef Server 11.1.1 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Open Source Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection. As a result, the attacker could read or alter any […]

Read More

Enterprise Chef Server 11.1.6 Release

Enterprise Chef Server 11.1.6 is a security release that includes an updated version of OpenSSL that patches [CVE-2014-0224](https://www.openssl.org/news/secadv_20140605.txt). All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection. As a result, the attacker could read or alter any traffic between […]

Read More

Enterprise Chef 1.4.11 Release

Enterprise Chef Server 1.4.11 is a security release that includes an updated version of OpenSSL that patches [CVE-2014-0224](https://www.openssl.org/news/secadv_20140605.txt). All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection. As a result, the attacker could read or alter any traffic between […]

Read More