Automate version 4.10.1 Released!

We are delighted to announce the availability of version 4.10.1 of Chef Automate.

Announcement

We are delighted to announce that our continuous effort to improve the installation and deployment experience of Automate HA has enabled the following features:

• Ability to generate deployment config in an interactive way
• Perform verification checks before deployment
• Control Automate HA cluster from a single central bastion system

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

See the Chef Automate 4.x upgrade documentation for more information.

Improvements

• The ability to patch Chef Server FQDN and Root-CA in Automate HA from Bastion. (#8099)
• The habitat package versions of the services running on front-end nodes can be monitored using the chef-automate service-versions command from the bastion host in Automate HA. (#8113)
• The habitat services data reporting to Automate can be managed using the chef-automate applications command from the bastion host in Automate HA. (#8114)
• The internal root certificates of the Automate nodes can be managed using the chef-automate internal-ca command from the bastion host in Automate HA. (#8115)
• Improve external-os-s3-bucket-access-check verification check to add index delete permission to the s3 bucket. (#8119)
• The config generator is improved to bring in bug fixes and more abilities. (#8122)
• The update and deployment process in Automate HA validates the configuration with the option to skip validation in case of failure. (#8123)
• The config verify command is now improved to enhance the checks. (#8138, #8139, #8140, #8144, #8149)
• More configurations available in the standalone Chef Server are also available to be patched from the Bastion host in Automate HA. Please refer to the Chef Infra Configuration In Chef Automate document. (#8152, #8160)

Compliance Profile Updates

• Compliance profiles are updated to version 1.0.0/20230831114438, which includes the new and improved profiles for:

CIS Oracle Solaris 11.4 v1.0.0

Bug Fixes

• Fixing issue to show Compliance Trend graph for more than 24 hours. (#8106)
• The patched token will now be used instead of regenerating a new token during update/add/delete nodes from the Automate HA cluster. (#8118)
• Stop cleaning up of a2 workspace by running the cleanup command from Bastion in the Automate HA cluster. (#8154)

Security

Security Improvements

(examples: new security configurations)

• Improve Automate API responses to be more actionable and more restrictive to safeguard against Server Side Security Request Forgery.

Security Updates

(examples: dependency updates, CVE fixes)
Updated OpenJDK version to v11.0.20+8 which fixes the following CVEs:

• CVE-2023-22036
• CVE-2023-22006
• CVE-2023-22041
• CVE-2023-22045
• CVE-2023-22049
• CVE-2023-21968
• CVE-2023-21967
• CVE-2023-21939
• CVE-2023-21938
• CVE-2023-21954
• CVE-2023-21937
• CVE-2023-21930
• CVE-2023-25193

Chef Packaged Product Versions

This release uses:

• Chef Habitat version: 1.6.521/20220603154827
• Chef Habitat Builder version: 9497/20221221224518
• Chef Infra Server version: 15.4.0/20230105061154
• Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

• Postgres: 13.5
• OpenSearch: 1.3.7
• Nginx: 1.21.3
• Haproxy: 2.2.29
• Dex: 2.27.0

Supported External Chef Products

This release supports the following external chef products:

• Chef Infra Server version: 14.0.58+
• Chef Inspec version: 4.3.2+
• Chef Infra Client: 17.0.242+
• Chef Habitat: 0.81+

Supported Framework Versions

This release is built on the following framework versions:

• GoLang: 1.19.3
• OpenJDK: 11.0.20+8
• Angular: 11.2.6

View the package manifest for the latest release.

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!