Mark Mzyk

Mark is an engineering manager at Chef, having accepted the position after having been a long time software engineer at Chef. In his time at Chef he's contributed code to almost every single Chef product. Now code dominates his life less, but he gets the joy of helping others create code that has a positive impact.

Changes to How Chef Products Handle Licenses

We want to make you aware of two changes that will affect Chef products going forward: All Chef products will be making their license file and the license files of all included software easier to find.

Read more
Posted in:

Chef Management Console 2.1.2 Security Release

Manage 2.1.2 is now available from the Chef downloads site. Manage 2.1.2 is a security release to address a number of Rails CVEs. It is recommended that all users of the Chef Management Console upgrade. The full change log is availble here: https://manage.chef.

Read more

Supermarket 2.3.2 Security Release

Supermarket 2.3.2* is now available. This release contains bug fixes, minor enhancements, and security updates. Supermarket version 2.3.2 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository.

Read more

Chef Management Console 1.20.0 Release

Manage 1.20.0 is now available from the Chef downloads site. This release fixes the bug discovered in the previous 1.19.0 release. It is now possible to set the “`org_creation_enabled“` setting in manage.rb to turn off org creation from within Manage. For full details, see the Chef docs here.

Read more

Chef Management Console 1.19.0 Release

Update 2: The Manage 1.20.0 release, which fixes the “`org_creation_enabled“` bug, is now available. Full details here: Update: There is a bug in this release where the “`org_creation_enabled“` setting will not be applied properly when Manage is reconfigured.

Read more

Chef Management Console 1.18.0 Release

Manage 1.18.0 is now available from the Chef download site. With this release Manage will now respect the “`strict_search_result_acls“` setting if it is set on the Chef server. When this setting is enabled the Chef server search functionality does ACL permission checking before returning results.

Read more

Chef Management Console 1.12.0 Release

Manage 1.12.0 is now available from the Chef download site. This release changes the Manage session store from using cookies to using redis. This change addresses sessions not being invalidated immediately on a user’s password reset. Upon upgrading to Manage 1.12.

Read more

Hosted Chef oc-id Partial Failure

On Thursday, March 26th Hosted Chef experienced a degradation in service where logging into oc-id, Hosted Chef’s identify service, periodically failed. This failure meant that it was difficult to login into Supermarket, Hosted Chef’s profile page, and oc-id itself, since each of these systems rely on oc-id for their authentication tokens.

Read more

Security Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6

Available for immediate download are Chef Server 12.0.1 and Enterprise Chef Server 11.2.6. This release addresses CVE-2014-8144, a CSRF vulnerability found in doorkeeper, a gem used by the oc-id service that ships with the Chef Server. This release updates oc-id to the latest version, 0.4.4, which contains the patched doorkeeper gem.

Read more

Chef Server 11.1.4 Release

Hello Chefs, We are happy to announce that the 11.1.4 release of the open source Chef Server is now available. This is primarily a bug fix release. This release includes a bump in OpenSSL from 1.0.1h to 1.0.1i, as we announced in a previous post.

Read more