Hey Everyone,
We're happy to announce the release of Chef 13.12.14! This release brings in a few bug fixes and some important security updates before Chef 13 goes end of life at the end of April.
Bugfixes
- The mount provider now properly adds blank lines between fstab entries on AIX
- Ohai now reports itself as Ohai well communicating with GCE metadata endpoints
- Property deprecations in custom resources no longer result in an error. Thanks for reporting this martinisoft
- mixlib-archive has been updated to prevent corruption of archives on Windows systems
Updated Components
- libxml2 2.9.7 -> 2.9.9
- ca-certs updated to 2019-01-22 for new roots
- nokogiri 1.8.5 -> 1.10.1
Security Updates
OpenSSL
OpenSSL has been updated to 1.0.2r in order to resolve CVE-2019-1559 and CVE-2018-5407
RubyGems
RubyGems has been updated to 2.7.9 in order to resolve the following CVEs:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command line utility:
$ mixlib-install download chef -v 13.12.14
Alternatively, you can install Chef using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 13.12.14
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 13.12.14
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:
provisioner:
product_name: chef
product_version: 13.12.14
Enjoy,
Tim