Supermarket 2.3.2 Security Release

Supermarket 2.3.2* is now available. This release contains bug fixes, minor enhancements, and security updates.

Supermarket version 2.3.2 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository. Upgrading to this version can be as simple as a chef-client run on your hosts—if you’ve left the version of Supermarket at the default :latest—or updating your wrapper cookbook’s attributes to [‘supermarket_omnibus’][‘package_version’] = ‘2.3.2’.

The community Supermarket has already been updated.

Security Fixes:

  • Upgrade Nokogiri to address a CVE
  • Upgrade Rails to address CVEs

Bug Fixes:

  • Prevent test suite from calling out to 3rd party services.
  • Fix omission of PostgreSQL extension requirement in migrations.
  • Fix people and titles disappearing from dashboard on small displays.
  • Pin Berkshelf version embedded in omnibus package to prevent net-ssh conflicts.


  • Increase changelog content included in email notifications.
  • Increase number of companies contributing displayed on a page.

* Version 2.3.1 was not released because of a problem with conflicting versions of net-ssh discovered during packaging.


Mark Mzyk

Mark is an engineering manager at Chef, having accepted the position after having been a long time software engineer at Chef. In his time at Chef he's contributed code to almost every single Chef product. Now code dominates his life less, but he gets the joy of helping others create code that has a positive impact.