Automate version 4.12.69 Released!

chef-ci · March 6, 2024, 4:16pm

We are delighted to announce the availability of version 4.12.69 of Chef Automate.

Improvements

Fixed a bug that was causing the failure of the Automate config patch while patching the backup path. (#8341)

Fixed a security issue that allows Chef tags to accept HTML text, URL, all special characters, and weak cipher. (#8355)

Updated OpenSearch to 1.3.14 to fix the following CVE issues:
- CVE-2023-45807
- CVE-2023-31141
- CVE-2023-25806
- CVE-2023-23933
- CVE-2023-23613
- CVE-2023-23612
Updated NodeJS to 14.21.3 to fix the following CVEs:
- CVE-2023-23918
- CVE-2023-23919
- CVE-2023-23920
- CVE-2023-23936
- CVE-2023-24807
Updated marked to version 4.0.10 to fix the following CVEs:
- CVE-2022-21681
- CVE-2022-21680
Updated expressJS version to 4.18.2 to fix the following CVEs:
- CVE-2022-24999
Update ansi-regex to 5.0.1 which fixes the following CVEs:
- CVE-2021-3807
Update rack to 2.2.6.4 which fixes the following CVEs:
- CVE-2022-30123
Update yaml.v2 to 2.4.0 which fixes the following CVEs:
- CVE-2022-3064

This release uses:

This release uses:

This release supports the following external Chef products:

This release is built on the following framework versions:

View the package manifest for the latest release.

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!

Topic	Replies	Views
Automate version 4.0.91 Released! Chef Release Announcements	601	June 9, 2022
Automate version 4.0.54 Released! Chef Release Announcements	500	May 25, 2022
Automate version 4.11.0 Released! Chef Release Announcements	708	October 31, 2023
Automate version 4.2.22 Released! Chef Release Announcements	643	July 5, 2022
Automate version 4.12.40 Released! Chef Release Announcements	820	December 13, 2023