Enterprise Chef 11.1.2 and Private Chef 1.4.8: Security Release

The following item is new for Enterprise Chef 11.1.2 and 1.4.8 and is a change from previous versions.

Don’t log or email the Rails session or environment from the exception handler. Doing so can cause user-submitted form values like passwords to be logged and emailed to administrators of the Enterprise Chef server when exceptions occur on the Management Console.

Posted in:

Joseph Smith