Chef Blogs

Security Vulnerability Releases of Chef Server

Joseph Smith | Posted on | release | Releases

Hello,

Today we are releasing new versions of Enterprise Chef Server and Open Source Chef Server to address a PostgreSQL configuration vulnerability error.

The defect allows any local user on the system hosting the Chef Server’s PostgreSQL components full access to databases.

We advise all Chef Server users to update to this latest release which corrects the error.

This error was discovered and reported by our friends at Gitlab.

Affected versions:

All versions of Enterprise Chef Server 11 are affected. If this impacts you, go here.

All versions of Enterprise Chef Server 1.4 are affected. If this impacts you, go here.

All versions of Open Source Chef Server 11 are affected. If this impacts you, go here.

Please contact us with any questions or concerns.

Joseph Smith