Chef 0.7.16 Release

Welcome to Chef 0.7.16, the “Bryan McLellan is looking out for you” release! 0.7.16 contains only two bug fixes, and both involve chef inappropriately setting file permissions in some cases. Bryan is this releases MVP, for making sure that we got the bug-fix release out the door.

The first is CHEF-686, which was discovered and patched by Matthew Kent. This bug was centered around our not setting a proper umask when we daemonized, leading to the creation of world-writable files on some systems.

The second is CHEF-812, discovered and patched by Bryan McLellan. In this case, we were helpfully keeping backups of files changed by Chef – but we were not persisting the original files permissions.

Thanks to Bryan, Matthew, and Tollef Fog Heen for being on top of things.

Release notes are below the fold:

Release Notes – Chef – Version 0.7.16


  • CHEF-686 – chef-{server,client,indexer} creating world writable files and directories
  • CHEF-812 – file backup permissions less secure than file
Adam Jacob

Adam Jacob is the CTO and co-founder of Chef.