Automate version 4.5.177 Released!

Chef Release Announcements
1

We are delighted to announce the availability of version 4.5.177 of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current Version Upgrade To
Any version before 20220329091442 20220329091442
20220329091442 3.0.x
3.0.49 4.x

See the Chef Automate 4.x upgrade documentation for more information.

New Features

  • You can now get the status of all the nodes in Automate HA cluster using the chef-automate status summary command from Automate HA Bastion host. (#7776)
  • You can now run chef-automate start from the Bastion host of Automate HA. (#7808)
  • Automate deployed Chef Infra Server now supports S3 as cookbook storage. (#7796)
  • Adding Nginx API endpoint to expose Nginx metrics for Automate. (#7846)

Improvements

  • Ability to pass Sudo Password using environment variable while running CLI commands in Automate HA Bastion node. (#7774, #7799)
  • The chef-automate cert-rotate command now rotates checks for new certificates before applying them in the HA nodes (#7700, #7843)
  • The chef-automate info command is refactored and written in Golang (#7798)
  • You can now run iam commands from Automate HA bastion node. (#7695)
  • You can now run license commands from Automate HA bastion node. (#7768)
  • The deploy command with unique CN for every node will deploy OpenSearch nodes with an updated list of Domain Names. (#7771, #7815)
  • Automate HA deployment command won't show warning or error related to unused or unset terraform variables. (#7702)
  • The chef-automate backup restore shows all the errors properly when invoked from the Automate HA Bastion host. (#7734)
  • The chef-automate config patch can now reconfigure the OpenSearch backup location. (#7744)
  • Improved the migration document from Infra Server/Backend to Automate HA. (#7759, #7802, #7826)
  • Improved the migration document from Automate to Automate HA. (#7810, #7769, #7786)
  • Improved the migration document from A2HA to Automate HA. (#7790)
  • Improved the documentation for setting up a load balancer in Automate HA. (#7800)
  • Added missing configuration document for OpenSearch backup configuration. (#7813)
  • Modified the default_max_size config for maximum request size to 4MB for Automate shipped Chef Server. (#7783)
  • Added ssh_group_name in the Automate HA deployment configuration to pass the customized ssh user group. (#7819)

Bug Fixes

  • Fixed the bug to display Node Error log data for failed nodes in the client runs the report. (#7705)
  • Fixed the bug causing Automate to download zero-byte reports on the export of compliance and client-run reports for many nodes. (#7707, #7710)
  • Fixed the bug which changes the assigned project of an Automate token on toggling the status (#7720, #7825)
  • Fixed the bug to show the client-run report for scans older than a day for a node. (#7724)
  • Fixed the bug to apply the fqdn passed from the Automate HA Bastion host to the Automate HA frontend nodes during deployment and upgrade. (#7729)
  • Fixed the bug which abruptly stops gather-logs when invoked from Automate HA Bastion host. (#7732)
  • Fixed the bug to show proper error messages while testing data feed integration using S3. (#7736)
  • Fixed the bug to show the chef infra server name in the breadcrumb navigation bar of Infra Server nodes. (#7737)
  • Fixed the bug to list the correct nodes when searched using error suggestions through Client Run reports. (#7745)
  • Fixed the bug to display the trend graph of Compliance ingestions for ten days. (#7748)
  • Fixed the bug to allow multiple edits of notification service settings. (#7752)
  • Fixed the bug to show waived controls in the Compliance reports of a node. (#7753, #7841)
  • Fixed the bug to filter events correctly by the timeline in the event-feed dashboard. (#7756)
  • Fixed the bug to allow scrolling to the top using the floating scroll button in the Client Run tab. (#7791)
  • Fixed the bug to retain the FQDN of a node after updating in Automate HA. (#7834)
  • Fixed the bug causing errors while adding nodes in the Automate HA cluster deployed in AWS. (#7838)
  • Fixed the bug to stop updating the admin password on an update of frontend nodes of Automate HA cluster (#7851)

Compliance Profile Updates

Compliance profiles are updated to version 1.0.0/20230414090134, which includes the new and improved profiles for:

CIS Oracle MySQL Community Server 5.7 v2.0.0
CIS Azure Foundation v1.5.0
CIS IBM AIX 7.1 v2.0.0
CIS RHEL 8 v2.0.0

Maintenance

  • Updated Elixir version to 1.14.0 for notification service. (#7784)

Security

Security Updates

  • Updated node package minimist to version 1.2.7 which fixes CWE-1321
  • Updated node package karma to version 1.2.7 which fixes CVE-2022-2421
  • Updated node package jsprim to version 2.0.2 which fixes CVE-2021-3918
  • Updated node packages to fix CVE-2022-37601

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.521/20220603154827
  • Chef Habitat Builder version: 10078/20220929100217
  • Chef Infra Server version: 15.4.0/20230105061154
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.3.7
  • Nginx: 1.21.3
  • Haproxy: 2.2.18
  • Dex: 2.27.0

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

Supported Framework Versions

This release is built on the following framework versions:

  • GoLang: 1.15
  • OpenJDK: 11.0.17+8
  • Angular: 11.2.6

View the package manifest for the latest release.

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!