Automate version 4.12.40 Released!

We are delighted to announce the availability of version 4.12.40 of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current Version Upgrade To
Any version before 20220329091442 20220329091442
20220329091442 3.0.x
3.0.49 4.x

See the Chef Automate 4.x upgrade documentation for more information.

New Features

  • You now can rotate the passwords on OpenSearch in Automate (#8300).
  • Automate HA is supported on Red Hat Enterprise Linux 9 and Oracle Linux 9 operating systems (#8310).

Improvements

  • Certificate rotation can now be done in all the Automate HA nodes using a single command (#8261).
  • Automate HA with this release will not need downtime to add a new node to the cluster (#8275).
  • Automate HA pre-deployment verification check now has the check to verify if all the nodes have the same hab uid (#8290).
  • Automate can show the Node Attributes in correct precedence in the Infra Server View tab (#8319).
  • To better understand product usage integrated with Pendo using a wrapper library (#8299).

Bug Fixes

  • Fixed bug that was causing pre-deployment verification checks to fail in Automate HA for Kernel version 3.10 (#8288).
  • Fixed bug that was causing pre-deployment verification checks to fail in Automate HA for SSH access (#8296).
  • Automate can handle scenarios where Automate backup gateway service slowness to read backups causes failure while restoration (#8297).

Security

Security Improvements

(examples: new security configurations)

  • Added Angular built-in sanitization. (#8289)

Security Updates

(examples: dependency updates, CVE fixes)

  • Updated DoorKeeper in ocid to resolve:

CVE-2020-10187

Private Chef Supermarket users using this version of Automate must refresh their logins and re-authenticate Supermarket with Chef Identity

  • Updated Dex library to v2.35 to resolve:

CVE-2022-39222

  • Updated Minio to fix:

CVE-2023-28433
CVE-2023-28432
CVE-2023-28434

  • Updated moment.js to v2.29.4 to resolve:

CVE-2022-31129
CVE-2022-24785

  • Updated prismjs to v1.29.0 to resolve:

CVE-2022-23647

  • Updated rule to v2.7.2 to resolve:

CVE-2023-22467

  • Updated d3 to v7.8.5 to resolve:

CWE-400

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.521/20220603154827
  • Chef Habitat Builder version: 9497/20221221224518
  • Chef Infra Server version: 15.4.0/20230105061154
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.3.7
  • Nginx: 1.21.3
  • Haproxy: 2.2.29
  • Dex: 2.27.0

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

Supported Framework Versions

This release is built on the following framework versions:

  • GoLang: 1.19.3
  • OpenJDK: 11.0.20+8
  • Angular: 11.2.6

View the package manifest for the latest release.


As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!