Latest Stories

Today we joined our friends at Docker for their user conference – DockerCon 2014. There’s a ton going on at the show today and tomorrow, including Docker announcing its first production-ready version, Docker 1.0. Of course, your friendly Chefs are out in force at the show, so please stop by our booth for a chat.

Justin Fenton

Ohai Chefs, Today we are releasing Chef Client 11.12.8 & 10.32.2-2 which include an updated version of OpenSSL that patches CVE-2014-0224. All installs of Chef Client should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

On Thursday June 5th at approximately 14:00 UTC, the CHEF engineering team was made aware of OpenSSL CVE-2014-0224. A bug in the OpenSSL framework could permit a MITM attack under certain circumstances using a carefully constructed request. Due to the nature of this vulnerabilty, we recommend that you upgrade your installations immediately.

Ian Garrison

Open Source Chef Server 11.1.1 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Open Source Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Enterprise Chef Server 11.1.6 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Enterprise Chef Server 1.4.11 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

The Chef Community delivers yet again. John Ewart, a system architect, software developer, and lecturer based in California, recently published, “Managing Windows Servers with Chef” which can be purchased here.

Lucas Welch

Our good friends at Adobe have been awesome about providing technical insight into their use of Chef in the past. Yesterday, their lead security strategist Peleus Uhley, continued this trend with a very informative blog detailing Chef-automated security testing in Adobe’s private cloud infrastructure.

Lucas Welch

Our friends at Riot Games have been awesome enough to tell their story at a number of Chef events, and even took us to school in a “Riot Rumble” here at Chef HQ last year. So it’s especially delightful to see Riot profiled in the Harvard Business Review.

Lucas Welch