Automate version 4.13.361 Released!

Chef Release Announcements
1

We are delighted to announce the availability of version 4.13.361 of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current Version Upgrade To
Any version before 20220329091442 20220329091442
20220329091442 3.0.x
3.0.49 4.x

See the Chef Automate 4.x upgrade documentation for more information.

Improvements

  • Support for deprecated ciphers on configuration. Check document Configuration Overview
  • Update the wal_sender_timeout and wal_receiver_timeout in HA postgres from 60 to 60000 seconds

Compliance Profile Updates

  • We updated the Chef compliance profiles to version 1.0.0/20251027061057. This includes the new and improved profiles for:

CIS SUSE Linux 15 v2.0.0 Audits
CIS Red Hat Enterprise Linux 10 v1.0.0
CIS Windows Server 2022 v4.0.0

Bug Fixes

  • The issue where Projects selection drop-down would disappear in specific scenarios, has been resolved.

Security

Security Updates

(examples: dependency updates, CVE fixes)

  • Update go-viper to fix the following CVEs

CWE-117

  • Update nginx to 1.28.0 to resolve the following CVEs

CVE-2024-24989
CVE-2024-24990
CVE-2024-7347
CVE-2024-32760
CVE-2024-35161
CVE-2025-23419

  • Update tar-fs from version to 3.1.1 addresses the following CVE:

CVE-2025-59343

  • Update from cross-spawn 7.0.3 to 7.0.6 fixes:

CVE-2024-21538

  • Update OpenSearch to the Tuxcare OpenSearch 1.3.20.tuxcare.1.0.2 address the following CVEs:

CVE-2025-25193
CVE-2024-47554
CVE-2021-28170
CVE-2025-48924
CVE-2024-38820
CVE-2025-48913
CVE-2024-38819
CVE-2024-38828
CVE-2024-38820
CVE-2025-22233

  • Update Postgres 13.22 resolves the following CVEs:

CVE-2025-8714
CVE-2025-8715
CVE-2025-8713

  • Update OpenJDK to 17.0.16+8 addresses the following CVEs:

CVE-2025-30749
CVE-2025-30754
CVE-2025-50059
CVE-2025-50106

  • Update Angular 19.2.15 addresses the following CVE:

CVE-2025-59052

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.1243/20241227194506
  • Chef Habitat Builder version: 10717/20250805204117
  • Chef Infra Server version: 15.10.83
  • Chef InSpec version: 5.22.95/20250805133317

Service Versions

This release uses:

  • Postgres: 13.22.tuxcare.1.0.1
  • OpenSearch: 1.3.20.tuxcare.1.0.2
  • Nginx: 1.28.0
  • Haproxy: 2.8.15

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

Supported framework versions

This release is built on the following framework versions:

  • GoLang: 1.24.4
  • OpenJDK: 17.0.16+8
  • Angular: 19.2.15

View the package manifest for the latest release.

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!