Joseph Smith

OpenSSL security advisory response: 6 Aug 2014

Chef Software has reviewed the following security advisory and does not believe that this represents a critical security risk to our users. OpenSSL Security Advisory The next planned release of all affected products will include an updated OpenSSL version; we will not have an exploit-specific release.

Read more

Security Vulnerability Releases of Chef Server

Hello, Today we are releasing new versions of Enterprise Chef Server and Open Source Chef Server to address a PostgreSQL configuration vulnerability error. The defect allows any local user on the system hosting the Chef Server’s PostgreSQL components full access to databases.

Read more

Enterprise Chef 11.1.2 and Private Chef 1.4.8: Security Release

The following item is new for Enterprise Chef 11.1.2 and 1.4.8 and is a change from previous versions. opscode-webui Don’t log or email the Rails session or environment from the exception handler.

Read more
Posted in:

Chef Version Updates

Hello! Recently, Chef became aware of a security vulnerability in the version of libyaml we were using. We were nearing release for several of our products, and took the opportunity to do a sweep of some others.

Read more

Enterprise Chef 11.1.1 Release

The following items are new for Enterprise Chef 11.1.1 and/or are changes from previous versions. Provisional IPV6 Support Support for running the Enterprise Chef server in an IPV6 infrastructure and with IPV6 clients.

Read more

Management Console 1.1.1 Release

Management Console 1.1.1 has been released. Changes and Improvements Update URL on data bag item deletes. Redirect properly on data bag item deletes. Truncate cookbook names that are too long for run list editor. Fixed loading of additional roles in run list editor. Fixed tooltips for disabled sidebar actions.

Read more

Private Chef 1.4.7 Release

This security release includes fixes for the following: libyaml 0.1.5 [CVE-2013-6393] – ml_parser_scan_tag_uri function in scanner.c performs incorrect cast OpenSSL 1.0.1f [CVE-2013-4353] – allows remote TLS servers to cause a denial of service Nginx 1.4.

Read more

Push Jobs Server 1.1.0 and Push Jobs Client 1.0.1 released

New versions of the Push Jobs Server and the Push Jobs client have been released. Push Jobs Server 1.1.0 Changes Add X-Chef-Version HTTP header information for compatibility with EC 11.1.0 Change internal handling of principal endpoint responses for compatibility with EC 11.1.0 Push Jobs Server 1.1.

Read more

Reporting 1.1.0 Released

Reporting 1.1.0 has been released.

Read more

Chef Server 11.0.11 Release

Chef Server 11.0.11 is now available for download at: http://www.opscode.

Read more