Automate version 4.9.9 Released!

We are delighted to announce the availability of version 4.9.9 of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current Version Upgrade To
Any version before 20220329091442 20220329091442
20220329091442 3.0.x
3.0.49 4.x

See the Chef Automate 4.x upgrade documentation for more information.

New Features

  • Automate HA eases setting up the cluster by introducing the chef-automate verify command, which checks the configurations across the nodes in the cluster before deployment. The same command can be used and verify the cluster configurations after deployment for easy troubleshooting. This will make the deployment and maintenance of Automate HA cluster much easy and transparent. Refer to the detailed documentation here:
  • The users in the Chef Server running in Automate can be authorized to log in to Private Supermarket. Refer
    Supermarket Integration to get more details. (#7909)
  • Automate HA eases the creation of the initial configuration file by introducing a user-driven configuration generator. #7923


  • The rotated certificates are now preserved for the addition/deletion/upgrade of nodes after rotating the certificates for individual nodes in Automate HA cluster. (#7945)
  • The status of all the services on all the nodes of an Automate HA cluster can be monitored from Bastion using the chef-automate status command. (#7950)
  • An individual service running on frontend nodes of Automate HA cluster can be restarted from Bastion using the chef-automate restart-services command. (#7958)
  • The services in a given or all frontend nodes can be stopped from the Bastion host using the chef-automate stop command. (#7966)
  • The versions of all the running services for a given or all nodes in Automate HA cluster can be monitored from the Bastion host using the chef-automate version command. (#7970)
  • The data related to chef-client runs and chef-server actions in Automate can be managed from the Bastion host using the chef-automate infrastructure command (#7944)
  • The es-sidecar service now honors the setting at the global backup configuration. (#7976)
  • Ability to connect to external OpenSearch cluster using proxy SSL server. (#7984)
  • The lag of PG follower nodes concerning the leader node in a PG cluster is now shown in the chef-automate status command. (#8054)
  • The gather log command now captures logs from different locations in the PG cluster. (#8058)
  • The AWS deployment of Automate HA now allows you to choose the private subnet. (#8062)
  • Improved documentation for all the configuration for frontend and backend nodes of Automate HA. Refer this section: Configuration (#8048)
  • The benchmark performance numbers are available for reference in Automate document. Refer (#8051)

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20230414090134, which includes the new and improved profiles for:

CIS Oracle MySQL Community Server 5.7 v2.0.0 (Audit)
CIS IBM AIX 7.1 v2.1.0 (Audits)
CIS RHEL 8 v2.0.0 (Audits)
CIS Ubuntu 22.04 v1.0.0
CIS Suse Linux Enterprise 12v3.1.0
STIG Windows 11 v1r2

  • This version also fixes bugs for the following profiles:

CIS CentOS Linux 7 Benchmark v3.1.2 : UMASK wrong check issue(Control 5.5.5)
CIS CentOS Linux 8 Benchmark v2.0.0 : handled false positive for sudo access controls
CIS RHEL 8 Benchmark v2.0.0 : handled false positive for sudo access controls
CIS RHEL 7 Benchmark v3.1.1 : handled false positive for sudo access controls
CIS Windows 2019 v1.3.0 Bug fix for controls in 19 series
CIS CentOS Linux 7 Benchmark v3.1.2 control 5.1.4

Bug Fixes

  • Fix the issue that stops syncing the configuration from bootstrap nodes when a new node is added to an Automate HA cluster. (#7949)
  • Fix to display the correct status on running chef-automate status summary from Bastion host when Automate services are stopped in frontend nodes. (#7968)
  • Chef Automate can now be provisioned using AMI images that use IMDSv2. (#7982)
  • Update the dex bundle to fix frequent disconnection with the Postgres database. (#8007)
  • Automate HA Bastion host honors the IAM role attached and should not ask for AWS credentials from users. (#8057)
  • Fix to remove nodes without impacting the other nodes in the AWS environment deployed Automate HA cluster. (#8070)

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.521/20220603154827
  • Chef Habitat Builder version: 9497/20221221224518
  • Chef Infra Server version: 15.4.0/20230105061154
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.3.7
  • Nginx: 1.21.3
  • Haproxy: 2.2.29
  • Dex: 2.27.0

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

Supported Framework Versions

This release is built on the following framework versions:

  • GoLang: 1.19.3
  • OpenJDK: 11.0.17+8
  • Angular: 11.2.6

View the package manifest for the latest release.

As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!