Enterprise Chef 1.4.11 Release

Enterprise Chef Server 1.4.11 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection. As a result, the attacker could read or alter any traffic between […]

Read More

Chef Server Heartbleed (CVE-2014-0160) Releases

Ohai Chefs! Today we’re releasing patched versions of Open Source Chef Server and Enterprise Chef that address the OpenSSL security vulnerability CVE-2014-0160, also known as Heartbleed. We recommend that you upgrade your Chef Server install immediately. You will need to take the following steps to fully address the OpenSSL vulnerability: Upgrade to the Latest Version […]

Read More

Enterprise Chef 11.1.3 Release

Enterprise Chef 11.1.3 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0160, also known as the Heartbleed bug. All installs of Enterprise Chef should be upgraded immediately. The result of this bug is a trivial exploit that allows an attacker to read secrets from the memory of a compromised server. […]

Read More

Important Hosted Chef Security Notice

Dear Customers, On Wednesday morning we became aware of a misconfiguration of an exception handler for the Hosted Chef Management Console that caused username and password information for a small subset of our users to be leaked via email internally at Chef. We have fixed the issue that was at the source of the exposure, […]

Read More

Chef 0.9 EOL

As of June 11, 2012, we are officially ending support for the 0.9 series of Chef and we are encouraging all Chef 0.9 users to upgrade to Chef 0.10. Chef 0.10.0 was released on May 2, 2011. At the time, we planned to support Chef 0.9 for an additional three to six months. I’m very […]

Read More