Automate version 4.12.144 Released!

Chef Release Announcements
1

We are delighted to announce the availability of version 4.12.144 of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current Version Upgrade To
Any version before 20220329091442 20220329091442
20220329091442 3.0.x
3.0.49 4.x

See the Chef Automate 4.x upgrade documentation for more information.

Improvements

  • Password in backend nodes of Automate HA can be rotated from the Bastion system.
  • Removed ambiguity on the restriction of special characters in external database passwords (#8308).
  • Added a note in the Security Best Practices section so that users don't inadvertently update cache control headers in the configuration (#8446).
  • Remove database locking issue while restarting front end nodes and adding new nodes (#8419, #8444, #8469, #8475, #8462, #8481, #8432).
  • Use an external /hab volume instead of /tmp to solve cross device linking issues (#8435, #8436, #8416).
  • Modified license to ensure that product functionalities are available according to existing EULA and terms of use (#8477, #8438).
  • Updated Chef Automate Incident Creation app and Chef Automate Integration App to support ServiceNow Utah and Vancouver versions.

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20240704055643, which includes the new and improved profiles for:
  • CIS AIX 7.2 v1.1.0
  • CIS Microsoft Windows Server 2012 R2 v3.0.0
  • CIS MariaDB 10.6 v1.0.0
  • CIS MacOS 13 Ventura v2.0.0
  • CIS Microsoft Windows 11 Enterprise v3.0.0
  • STIG Oracle Linux 8 v1.8.0
  • CIS RHEL 8 v3.0.0
  • CIS RHEL 7 v4.0.0
  • This version improves the following profiles:
  • CIS RHEL 7 v3.1.1 - code optimisation
  • CIS CentOS Linux 7 v3.1.2 Benchmark Level 1 - Server controls were incorrect improved the password regex check
  • This version also fixes the following issues:
  • CIS PostgresSQL v1.0.0 - removed default values from configuration.

Bug Fixes

  • Fixed a bug to solve the scrolling issue in compliance reports (#8392)
  • Searching in Infrastructure report UI is now case insensitive (#8395)
  • Fixed a bug to improve the ease of filtering of nodes while doing wildcard search (#8417)
  • Fixed a bug to show filtered data in the event feed report after modifying the event feed date (#8442)
  • Fixed a bug to find the log file in Automate (#8414)

Security

Security Improvements

(examples: new security configurations)

Security Updates

(examples: dependency updates, CVE fixes)

  • Prototype pollution vulnerability has been solved to prevent exploitation during Javascript runtime: CVE-2022-46175, CVE-2022-24999 (#8365, #8337)
  • Updated ansi-regex package version to fix CVE-2021-3807 (#8365, #8336)
  • HA proxy package in Automate HA has been upgraded to solve CVE-2023-25725 (#8380)
  • Updated NATS server to solve CVE-2022-24450, CVE-2020-26892 (#8423, #8394)
  • Solved a vulnerability in SAML connector to process SAML Signature validation: CVE-2020-27847
  • Nullified shell escape sequence injection vulnerability in Rack components by solving CVE-2022-30123 (#8385)
  • Updated Nginx version to solve CVE-2022-41741 (#8426)
  • Updated OpenJDK to solve CVE-2023-22067, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-22081 and CVE-2023-22025 (#8384)
  • Updated Postgres database to solve CVE-2023-2454 and CVE-2023-39417 (#8434, #8412)
  • Removed dependency from polyfill.io JS package to solve CVE-2024-38526 (#8470)

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.521/20220603154827
  • Chef Habitat Builder version: 9497/20221221224518
  • Chef Infra Server version: 15.4.0/20230105061154
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.14
  • OpenSearch: 1.3.14
  • Nginx: 1.25.4
  • Haproxy: 2.2.29
  • Dex: 2.27.0

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

Supported framework versions

This release is built on the following framework versions:

  • GoLang: 1.19.3
  • OpenJDK: 11.0.22+7
  • Angular: 11.2.6

View the package manifest for the latest release.

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!