This repository has been archived by the owner on Mar 6, 2018. It is now read-only.
Releases: chef-boneyard/omnibus-chef-server
Releases · chef-boneyard/omnibus-chef-server
Chef Server 11.1.4 Release
Primarily a bug fix and security hardening release.
Full details here: http://www.getchef.com/blog/2014/08/14/chef-server-11-1-4-release/
Full Changelog here: https://github.com/opscode/omnibus-chef-server/blob/master/CHANGELOG.md#1114-2014-08-14
Chef Server 11.1.3 Security Release
This is a security release to address a Postgres Configuration error.
Full details here: http://www.getchef.com/blog/2014/06/26/chef-server-11-1-3-security-release/
Chef Server 11.1.0
Chef Server 11.1.0
Highlights:
IPv6 Support
chef-server-ctl upgrade command
Proxy/Firewall support
Depsolver change to use Gecode
Many bug fixes
Full changelog here:
https://github.com/opscode/omnibus-chef-server/blob/master/CHANGELOG.md
Heatbleed + libcurl + libyaml security fixes
A security fix release. The star issue fixed was the Heatbleed OpenSSL bug. Full details below.
curl 7.36.0
- [CVE-2014-0138] - libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP
- [CVE-2014-0139] - libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses when built to use OpenSSL
- [CVE-2014-1263] - When asked to do a TLS connection (HTTPS, FTPS, IMAPS, etc) to a URL specified with an IP address instead of a name, libcurl built to use Darwinssl would wrongly not verify the server's name in the certificate
- [CVE-2014-2522] - When asked to do a TLS connection (HTTPS, FTPS, IMAPS, etc) to a URL specified with an IP address instead of a name, libcurl built to use Winssl would wrongly not verify the server's name in the certificate
libyaml 0.1.6
- [CVE-2014-2525] - Heap-based buffer overflow allows context-dependent attackers to execute arbitrary code
openssl 1.0.1g
- [CVE-2014-0160] - heartbeat extension allows remote attackers to obtain sensitive information from process memory
11.0.11
libyaml 0.1.5
Bug Fixes
- [CVE-2013-6393] - ml_parser_scan_tag_uri function in scanner.c performs incorrect cast
11.0.10
chef-server-webui 11.0.10
Bug Fixes
- [CHEF-4644][CVE-2013-4389] Possible DoS Vulnerability in Action Mailer.
- [CHEF-3951] Fix databag form url to allow new item creation.
- [CHEF-4004] Use select_tag, not select, to generate non-object form.
- [CHEF-4040] Select current node environment when editing a node.
- [CHEF-4280] Misaligned login form.
chef-solr
Bug Fixes
- [CHEF-4792] - Disable insecure JMX settings leading to potential remote code
execution.
Nginx 1.4.4
Bug Fixes
- [CHEF-4808][CVE-2013-4547] - Security restriction bypass flaw due to
whitespace parsing.
Ruby 1.9.3-p484
Bug Fixes
- [CHEF-4807][CVE-2013-4164] - Heap Overflow in Floating Point Parsing.
11.0.10-rc.1
chef-server-webui 11.0.10
Bug Fixes
- [CHEF-4644][CVE-2013-4389] Possible DoS Vulnerability in Action Mailer.
- [CHEF-3951] Fix databag form url to allow new item creation.
- [CHEF-4004] Use select_tag, not select, to generate non-object form.
- [CHEF-4040] Select current node environment when editing a node.
- [CHEF-4280] Misaligned login form.
chef-solr
Bug Fixes
- [CHEF-4792] - Disable insecure JMX settings leading to potential remote code
execution.
Nginx 1.4.4
Bug Fixes
- [CHEF-4808][CVE-2013-4547] - Security restriction bypass flaw due to
whitespace parsing.
Ruby 1.9.3-p484
Bug Fixes
- [CHEF-4807][CVE-2013-4164] - Heap Overflow in Floating Point Parsing.