Author:

Marc Paradise

Marc has over 19 years of experience in software design, development and delivery, and has been with Chef since 2011. Other interests include writing, distributed computing, hardware hacking, container technology, and a myriad of other accumulated pastimes. Marc only talks about himself in the third person when writing biographical blurbs.


Chef Server 12.3.0 Release Announcement

Ohai Chefs! I’m happy to announce that Chef Server 12.3.0 is now available for download on the Chef Server Downloads Page and via our Apt/RPM repositories. Here are some highlights from this release: Node API change to include Policy support. ElasticSearch and external Solr support.

Read more

Chef Server 12.2.0 Release Announcement

Ohai Chefs! I’m happy to announce that Chef Server 12.2.0 is now live on Hosted Chef, and is also available for download on the Chef Downloads Page and via our Apt/RPM repositories.

Read more

Open Source Chef Server 11.1.7 Security Release

Ohai Chefs! Today we have released Chef Server 11.1.7, which contains the following security updates: OpenSSL 1.0.1m PostgreSQL 9.2.10 nginx 1.8.0 Please note that this update applies only to the Open Source Chef Server 11 product. Enterprise Chef 11 and Chef Server 12 have previously received these updates.

Read more

Chef Server 12.1.0-rc.1 Now Available

Ohai Chefs! I’m pleased to announce that Chef Server 12.1.0-rc.1 is now available for download. Here are some of this release’s highlights: * Significant performance improvements. * Policyfiles and cookbook artifacts are complete and are enabled by default. * Server API Versioning: API `0` is now deprecated, and current API version level is `1`.

Read more

Security Release: Chef Server 12.0.8 and Enterprise Chef 11.3.1

Ohai Chefs! Chef Server 12.0.8 and Enterprise Chef 11.3.1 are available for immediate download. This release addresses the following vulnerabilities: CVE-2013-2028 CVE-2013-4547 CVE-2014-0088 CVE-2014-0133 CVE-2014-3556 CVE-2014-3616 This corresponds to chef-server issue 142, “Update Embedded Openresty NGINX”. Additional Changes Chef Server 12.0.8 has been further updated as follows: The Chef Server 12.0.

Read more

Chef Server 12.0.5 Released

Today we have released Chef Server 12.0.5. This release includes further updates to provide API support for key rotation, policy file updates, and LDAP-related fixes to user update. You can find installers on our downloads site. ## Updating Users This release fixes Issue 66.

Read more

Security Update: Hosted Chef

Later today, we will be rolling out an update to Hosted Chef that may impact your future use of data bag items in cookbooks. This change will remove the Chef Client’s default permissions to ‘create’, ‘update’ and ‘delete’ data bags in newly-created organizations.

Read more
Posted in:

Security Release: Chef Server and Analytics (POODLE and OpenSSL Vulnerabilites)

Today we are announcing security releases of all supported versions of Chef Server, Enterprise Chef, and Chef Analytics. These releases address two separate issues: * POODLE SSLv3 attack, which allows allow a remote attacker to extract plaintext of targeted data within an SSL connection * CVE-2014-3513 and CVE-2014-3567, which expose a potential DoS attack vector.

Read more

Security Response: SSL POODLE attack and mitigation

_Update: 2014-10-17: We have released an update of Chef Server products and Analytics to address the POODLE attack as well as other recently announced vulnerabilites._ A new attack on SSL 3.0 has been announced. This attack is fully detailed in this document.

Read more