Security Release: Chef Server 12.0.8 and Enterprise Chef 11.3.1

Ohai Chefs!

Chef Server 12.0.8 and Enterprise Chef 11.3.1 are available for immediate download. This release addresses the following vulnerabilities:

This corresponds to chef-server issue 142, “Update Embedded Openresty NGINX”.

Additional Changes

Chef Server 12.0.8 has been further updated as follows:

  • The Chef Server 12.0.8 release is the first to enable Server API Versioning and sets the baseline API version at 0, while enabling versioned API behaviors for future releases. This is an internal update that has no outward effect on client or server beyond exposing a new endpoint as described in the RFC.
  • opscode-omnibus issue 744 – chef-server-ctl password command has been fixed

There have been no additional changes to Enterprise Chef 11.3.1.


To apply this security update, upgrade your existing Chef Server installation to the latest available version:

Marc Paradise

Marc has over 19 years of experience in software design, development and delivery, and has been with Chef since 2011. Other interests include writing, distributed computing, hardware hacking, container technology, and a myriad of other accumulated pastimes. Marc only talks about himself in the third person when writing biographical blurbs.