Skip to content
This repository has been archived by the owner on Mar 6, 2018. It is now read-only.

Releases: chef-boneyard/omnibus-chef-server

Chef Server 11.1.4 Release

14 Aug 19:46
Compare
Choose a tag to compare

Chef Server 11.1.3 Security Release

07 Jul 18:02
Compare
Choose a tag to compare

This is a security release to address a Postgres Configuration error.

Full details here: http://www.getchef.com/blog/2014/06/26/chef-server-11-1-3-security-release/

Chef Server 11.1.0

15 May 01:06
Compare
Choose a tag to compare

Chef Server 11.1.0
Highlights:

IPv6 Support
chef-server-ctl upgrade command
Proxy/Firewall support
Depsolver change to use Gecode
Many bug fixes

Full changelog here:

https://github.com/opscode/omnibus-chef-server/blob/master/CHANGELOG.md

Heatbleed + libcurl + libyaml security fixes

12 Apr 05:41
Compare
Choose a tag to compare

A security fix release. The star issue fixed was the Heatbleed OpenSSL bug. Full details below.

curl 7.36.0

  • [CVE-2014-0138] - libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP
  • [CVE-2014-0139] - libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses when built to use OpenSSL
  • [CVE-2014-1263] - When asked to do a TLS connection (HTTPS, FTPS, IMAPS, etc) to a URL specified with an IP address instead of a name, libcurl built to use Darwinssl would wrongly not verify the server's name in the certificate
  • [CVE-2014-2522] - When asked to do a TLS connection (HTTPS, FTPS, IMAPS, etc) to a URL specified with an IP address instead of a name, libcurl built to use Winssl would wrongly not verify the server's name in the certificate

libyaml 0.1.6

  • [CVE-2014-2525] - Heap-based buffer overflow allows context-dependent attackers to execute arbitrary code

openssl 1.0.1g

  • [CVE-2014-0160] - heartbeat extension allows remote attackers to obtain sensitive information from process memory

11.0.11

18 Feb 21:31
Compare
Choose a tag to compare

libyaml 0.1.5

Bug Fixes

  • [CVE-2013-6393] - ml_parser_scan_tag_uri function in scanner.c performs incorrect cast

11.0.10

04 Dec 03:56
Compare
Choose a tag to compare

chef-server-webui 11.0.10

Bug Fixes

  • [CHEF-4644][CVE-2013-4389] Possible DoS Vulnerability in Action Mailer.
  • [CHEF-3951] Fix databag form url to allow new item creation.
  • [CHEF-4004] Use select_tag, not select, to generate non-object form.
  • [CHEF-4040] Select current node environment when editing a node.
  • [CHEF-4280] Misaligned login form.

chef-solr

Bug Fixes

  • [CHEF-4792] - Disable insecure JMX settings leading to potential remote code
    execution.

Nginx 1.4.4

Bug Fixes

  • [CHEF-4808][CVE-2013-4547] - Security restriction bypass flaw due to
    whitespace parsing.

Ruby 1.9.3-p484

Bug Fixes

  • [CHEF-4807][CVE-2013-4164] - Heap Overflow in Floating Point Parsing.

11.0.10-rc.1

27 Nov 22:51
Compare
Choose a tag to compare
11.0.10-rc.1 Pre-release
Pre-release

chef-server-webui 11.0.10

Bug Fixes

  • [CHEF-4644][CVE-2013-4389] Possible DoS Vulnerability in Action Mailer.
  • [CHEF-3951] Fix databag form url to allow new item creation.
  • [CHEF-4004] Use select_tag, not select, to generate non-object form.
  • [CHEF-4040] Select current node environment when editing a node.
  • [CHEF-4280] Misaligned login form.

chef-solr

Bug Fixes

  • [CHEF-4792] - Disable insecure JMX settings leading to potential remote code
    execution.

Nginx 1.4.4

Bug Fixes

  • [CHEF-4808][CVE-2013-4547] - Security restriction bypass flaw due to
    whitespace parsing.

Ruby 1.9.3-p484

Bug Fixes

  • [CHEF-4807][CVE-2013-4164] - Heap Overflow in Floating Point Parsing.